Hi all,
on an up-to-date Fedora x86_64 system with GRUB 2.12 I find a mismatch.
$ cat /proc/cmdline
BOOT_IMAGE=(hd0,gpt2)/vmlinuz-6.14.4-300.fc42.x86_64
root=UUID=8f69093e-6d07-458e-a2bc-103335e808df ro rootflags=subvol=root
rd.luks.uuid=luks-86c84710-0b33-4fda-9e02-e317320b32c2 rhgb quiet
$ sudo tpm2_eventlog /sys/kernel/security/tpm0/binary_bios_measurements
| grep kernel_cmdline
String: "kernel_cmdline: (hd0,gpt2)/vmlinuz-6.14.4-300.fc42.x86_64
root=UUID=8f69093e-6d07-458e-a2bc-103335e808df ro rootflags=subvol=root
rd.luks.uuid=luks-86c84710-0b33-4fda-9e02-e317320b32c2 rhgb quiet\0"
Explicitly, the measurement in the TPM eventlog lags the "BOOT_IMAGE="
portion of /proc/cmdline.
The code which leads to the transmission of the measurement is in the
file grub-core/loader/i386/linux.c with the function path:
1) grub_cmd_linux
2) grub_create_loader_cmdline
3) grub_verify_string
4) grub_tpm_verify_string
5) grub_tpm_measure
1 adds the "BOOT_IMAGE=" portion to the cmd line buffer. It then calls 2
passing a pointer to cmd line buffer with an offset skipping
"BOOT_IMAGE=". 2 passes this pointer as-is to 3, which thereby also
skips sending "BOOT_IMAGE=" to the TPM as event data in the next
functions. I suspect this is not intended -- I'm uncertain, however.
Andreas Korb
