Measure the kernel commandline to ensure that it hasn't been modified --- grub-core/lib/cmdline.c | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-)
diff --git a/grub-core/lib/cmdline.c b/grub-core/lib/cmdline.c index d5e10ee..055b7aa 100644 --- a/grub-core/lib/cmdline.c +++ b/grub-core/lib/cmdline.c @@ -19,6 +19,7 @@ #include <grub/lib/cmdline.h> #include <grub/misc.h> +#include <grub/tpm.h> static unsigned int check_arg (char *c, int *has_space) { @@ -67,7 +68,7 @@ int grub_create_loader_cmdline (int argc, char *argv[], char *buf, { int i, space; unsigned int arg_size; - char *c; + char *c, *orig = buf; for (i = 0; i < argc; i++) { @@ -104,5 +105,8 @@ int grub_create_loader_cmdline (int argc, char *argv[], char *buf, *buf = 0; + grub_tpm_measure ((void *)orig, grub_strlen (orig), GRUB_BINARY_PCR, "grub_kernel_cmdline", "Kernel Commandline"); + grub_print_error(); + return i; } -- 2.9.3 _______________________________________________ Grub-devel mailing list Grub-devel@gnu.org https://lists.gnu.org/mailman/listinfo/grub-devel