Re-use systemd code to measure binary blobs to get both the loaded EFI image and the kernel options measured into the TPM PCR registers 4 and 8. The --disable-tpm and --options-pcr options were added to the configure script. The changes were tested on x86 platforms with and without a TPM (just like systemd-boot, the absence of a TPM does not cause any harm even when the ENABLE_TPM pre-processing directive is in effect).
Cedric Hombourger (2): measure: import systemd code to perform measurements into the TPM main: measure the kernel command line into the TPM Makefile.am | 1 + configure.ac | 16 +++ main.c | 12 ++ measure.c | 365 +++++++++++++++++++++++++++++++++++++++++++++++++++ measure.h | 5 + 5 files changed, 399 insertions(+) create mode 100644 measure.c create mode 100644 measure.h -- 2.30.2 -- You received this message because you are subscribed to the Google Groups "EFI Boot Guard" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/d/msgid/efibootguard-dev/20210628112803.16248-1-Cedric_Hombourger%40mentor.com.
