BG suite multierror support

[orangecms]

Signed-off-by: Daniel Maslowski info@orangecms.org

[ChriMarMe]

I like the idea of multierror.

[ChriMarMe]

I like the alignemet before the change more :)

[orangecms]

this comes from the Go formatter, which my IDE ran automatically... 😅

[orangecms]

I realized that this happened due to the comments. So, I just removed them. :)

[orangecms]

So I checked because I noticed that go-multierror was already in the dependencies...
https://www.libhunt.com/compare-multierr-vs-go-multierror

Which led me to this: Apparently, Go 1.20 added native multi error support.
https://www.reddit.com/r/golang/comments/z870te/multiple_error_wrapping_is_coming_in_go_120/

Anyway, I think introducing the Uber package is fine here, and we can rework things nicely again later.

[orangecms]

And the CI error basically says that we should upgrade to Go 1.19 at least (I would go straight to 1.21).

# go.uber.org/multierr
/go/pkg/mod/go.uber.org/multierr@v1.11.0/error.go:209:20: undefined: atomic.Bool
note: module requires Go 1.19

Exited with code exit status 2

Huh, we do have 1.19 though... no idea what's wrong here... sigh

Edit/addendum: sooooo... since this uses atomics and Go doesn't offer them on all architectures we use, I'll see about using github.com/hashicorp/go-multierror here instead; hope that has everything necessary 😬

[ChriMarMe]

❤️

[ChriMarMe]

1. Why remove the dependency?
2. Why not in a seperate commit?

[orangecms]

The dependency removal is the actual feature here; this before vs after should clarify it:

before

bg-suite exec-tests -f ~/firmware/MSI/Cyborg\ 15\ A12VE/E15K1IMS.30B/E15K1IMS.30B
For more information about the documents and chapters, run: bg-suite -m

All tests
_________
00 - FIT meets BootGuard requirements        : FAIL                 (couldn't find any BIOS Startup Module Entry in FIT)
01 - SACM meets sane BootGuard requirements  : DEPENDENCY_FAILED    (FIT meets BootGuard requirements failed)
02 - Key Manifest meets sane BootGuard requirements: DEPENDENCY_FAILED    (FIT meets BootGuard requirements failed)
03 - Boot Policy Manifest meets sane BootGuard requirements: DEPENDENCY_FAILED    (FIT meets BootGuard requirements failed)
04 - Verifies BPM and IBBs match firmware image: DEPENDENCY_FAILED    (FIT meets BootGuard requirements failed)
05 - [RUNTIME] Validates Intel ME specific configuration against KM/BPM in firmware image: DEPENDENCY_FAILED    (FIT meets BootGuard requirements failed)
06 - [RUNTIME] Verifies Intel ME Boot Guard configuration is sane and safe: FAIL                 (couldn't read HFSTS6: couldn't read HFSTS6 from PCI config space: couldn't find Intel ME device for runtime checks)
07 - [RUNTIME] BtG/TXT registers are sane    : FAIL                 (txt regs aren't valid: couldn't fetch TXT regs: open /dev/mem: permission denied)

after

bg-suite exec-tests -f "/home/dama/firmware/MSI/Cyborg 15 A12VE/E15K1IMS.30B/E15K1IMS.30B"
For more information about the documents and chapters, run: bg-suite -m

All tests
_________
00 - FIT meets BootGuard requirements        : FAIL                 (couldn't find any BIOS Startup Module Entry in FIT)
01 - SACM meets sane BootGuard requirements  : PASS
02 - Key Manifest meets sane BootGuard requirements: PASS
03 - Boot Policy Manifest meets sane BootGuard requirements: FAIL                 (
 multiple errors:
 bpm hasn't sane security properties: no BootGuard Boot Policy Manifest found
)
04 - Verifies BPM and IBBs match firmware image: PASS
05 - [RUNTIME] Validates Intel ME specific configuration against KM/BPM in firmware image: DEPENDENCY_FAILED    (FIT meets BootGuard requirements failed)
06 - [RUNTIME] Verifies Intel ME Boot Guard configuration is sane and safe: FAIL                 (couldn't read HFSTS6: couldn't read HFSTS6 from PCI config space: couldn't find Intel ME device for runtime checks)
07 - [RUNTIME] BtG/TXT registers are sane    : FAIL                 (
 txt regs aren't valid:
 couldn't fetch TXT regs: open /dev/mem: permission denied
)

[orangecms]

grammar fixed:

bg-suite exec-tests -f "/home/dama/firmware/MSI/Cyborg 15 A12VE/E15K1IMS.30B/E15K1IMS.30B"
For more information about the documents and chapters, run: bg-suite -m

All tests
_________
00 - FIT meets BootGuard requirements        : FAIL                 (couldn't find any BIOS Startup Module Entry in FIT)
01 - SACM meets sane BootGuard requirements  : PASS
02 - Key Manifest meets sane BootGuard requirements: PASS
03 - Boot Policy Manifest meets sane BootGuard requirements: FAIL                 (
 Errors occurred:
 Boot Policy Manifest doesn't have sane security properties: no BootGuard Boot Policy Manifest found
)
04 - Verifies BPM and IBBs match firmware image: PASS
05 - [RUNTIME] Validates Intel ME specific configuration against KM/BPM in firmware image: DEPENDENCY_FAILED    (FIT meets BootGuard requirements failed)
06 - [RUNTIME] Verifies Intel ME Boot Guard configuration is sane and safe: FAIL                 (couldn't read HFSTS6: couldn't read HFSTS6 from PCI config space: couldn't find Intel ME device for runtime checks)
07 - [RUNTIME] BtG/TXT registers are sane    : FAIL                 (
 txt regs aren't valid:
 couldn't fetch TXT regs: open /dev/mem: permission denied
)