diff options
| author | Harald Hoyer <harald@redhat.com> | 2016-02-03 17:39:24 +0100 |
|---|---|---|
| committer | Harald Hoyer <harald@redhat.com> | 2016-02-11 17:48:09 +0100 |
| commit | 92ed3bb49e460b11aa86c828083e36373ae039dd (patch) | |
| tree | ad3c240d26363c5bfdeb6d5809607b515b55fd18 /src/boot/efi/measure.h | |
| parent | 462c0cc526358b53bbf9177583c3273d866fac1b (diff) | |
sd-boot: put hashed kernel command line in a PCR of the TPM
The UEFI BIOS already hashes the contents of the loaded image, so the
initrd and the command line of the binary are recorded.
Because manually added LoadOptions are not taken into account, these
should be recorded also.
This patch logs and extends a TPM PCR register with the LoadOptions.
This feature can be enabled with configure --enable-tpm
The PCR register index can be specified with
configure --with-tpm-pcrindex=<NUM>
Diffstat (limited to 'src/boot/efi/measure.h')
| -rw-r--r-- | src/boot/efi/measure.h | 21 |
1 files changed, 21 insertions, 0 deletions
diff --git a/src/boot/efi/measure.h b/src/boot/efi/measure.h new file mode 100644 index 0000000000..a2cfe817d0 --- /dev/null +++ b/src/boot/efi/measure.h @@ -0,0 +1,21 @@ +/* + * This program is free software; you can redistribute it and/or modify it + * under the terms of the GNU Lesser General Public License as published by + * the Free Software Foundation; either version 2.1 of the License, or + * (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + * Lesser General Public License for more details. + * + */ +#ifndef __SDBOOT_MEASURE_H +#define __SDBOOT_MEASURE_H + +#ifndef SD_TPM_PCR +#define SD_TPM_PCR 8 +#endif + +EFI_STATUS tpm_log_event(UINT32 pcrindex, const EFI_PHYSICAL_ADDRESS buffer, UINTN buffer_size, const CHAR16 *description); +#endif |