Re-use systemd code to measure binary blobs to get both the loaded EFI image and the kernel options measured into the TPM PCR registers 4 and 8. The --disable-tpm and --options-pcr options were added to the configure script. The changes were tested on x86 platforms with TPM versions 1.2 and 2 but also without a TPM (just like systemd-boot, the absence of a TPM does not cause any harm even when the ENABLE_TPM pre-processing directive is in effect).
Changes in v2: - Pull the latest version of the systemd code - Re-license the LGPL code under the GPL (as permitted by the LGPL) Cedric Hombourger (2): measure: import systemd code to perform measurements into the TPM main: measure the kernel command line into the TPM Makefile.am | 1 + configure.ac | 16 +++ main.c | 12 ++ measure.c | 317 +++++++++++++++++++++++++++++++++++++++++++++++++++ measure.h | 6 + 5 files changed, 352 insertions(+) create mode 100644 measure.c create mode 100644 measure.h -- 2.30.2 -- You received this message because you are subscribed to the Google Groups "EFI Boot Guard" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/d/msgid/efibootguard-dev/20210701134939.325-1-Cedric_Hombourger%40mentor.com.
