Re: Support for TPM measurements on UEFI systems

On Mon, 6 Feb 2017, 18:55 Jon McCune wrote: > Matthew, > > On Mon, Feb 6, 2017 at 8:43 AM, Matthew Garrett > wrote: > > On Sun, Feb 05, 2017 at 01:28:20PM +, Vladimir 'phcoder' Serbinenko > wrote: > > See verify.h for the interface. Obviously if you need changes in the API, > > please say. >

Re: Support for TPM measurements on UEFI systems

On Mon, Feb 6, 2017 at 2:04 PM, Matthew Garrett wrote: > On Mon, Feb 06, 2017 at 09:53:57AM -0800, Jon McCune wrote: > > > I'm not sure about measuring the commands that GRUB runs. GRUB's config > > file is a shell-like language, and measuring that file should give a > pretty > > good indication

Re: Support for TPM measurements on UEFI systems

Le Mon, Feb 6, 2017 à 11:11 PM, Matthew Garrett a écrit : > On Mon, Feb 06, 2017 at 07:58:37PM +, Vladimir 'phcoder' Serbinenko > wrote: > > On Mon, 6 Feb 2017, 17:44 Matthew Garrett wrote: > > > > > On Sun, Feb 05, 2017 at 01:28:20PM +, Vladimir 'phcoder' Serbinenko > > > wrote: > > > >

Re: Support for TPM measurements on UEFI systems

On Mon, Feb 06, 2017 at 07:58:37PM +, Vladimir 'phcoder' Serbinenko wrote: > On Mon, 6 Feb 2017, 17:44 Matthew Garrett wrote: > > > On Sun, Feb 05, 2017 at 01:28:20PM +, Vladimir 'phcoder' Serbinenko > > wrote: > > > See verify.h for the interface. Obviously if you need changes in the API

Re: Support for TPM measurements on UEFI systems

On Mon, Feb 06, 2017 at 09:53:57AM -0800, Jon McCune wrote: > I'm not sure about measuring the commands that GRUB runs. GRUB's config > file is a shell-like language, and measuring that file should give a pretty > good indication of its behavior. In the grey area between "what is code?" > and "wha

Re: Support for TPM measurements on UEFI systems

On Mon, 6 Feb 2017, 17:44 Matthew Garrett wrote: > On Sun, Feb 05, 2017 at 01:28:20PM +, Vladimir 'phcoder' Serbinenko > wrote: > > See verify.h for the interface. Obviously if you need changes in the API, > > please say. > > I think that's a starting point, but it doesn't seem sufficient for

Re: Support for TPM measurements on UEFI systems

Matthew, On Mon, Feb 6, 2017 at 8:43 AM, Matthew Garrett wrote: > On Sun, Feb 05, 2017 at 01:28:20PM +, Vladimir 'phcoder' Serbinenko > wrote: > > See verify.h for the interface. Obviously if you need changes in the API, > > please say. > > I think that's a starting point, but it doesn't see

Re: Support for TPM measurements on UEFI systems

On Sun, Feb 05, 2017 at 01:28:20PM +, Vladimir 'phcoder' Serbinenko wrote: > See verify.h for the interface. Obviously if you need changes in the API, > please say. I think that's a starting point, but it doesn't seem sufficient for some of the cases I care about. For instance, measuring boot

Re: Support for TPM measurements on UEFI systems

See verify.h for the interface. Obviously if you need changes in the API, please say. Le Sun, Feb 5, 2017 à 2:27 PM, Vladimir 'phcoder' Serbinenko < phco...@gmail.com> a écrit : > Rebased and uploaded to branch phcoder/verifiers. > > Le Sat, Feb 4, 2017 à 10:24 PM, Matthew Garrett a > écrit : >

Re: Support for TPM measurements on UEFI systems

Rebased and uploaded to branch phcoder/verifiers. Le Sat, Feb 4, 2017 à 10:24 PM, Matthew Garrett a écrit : > On Fri, Jan 27, 2017 at 09:08:33PM +, Vladimir 'phcoder' Serbinenko > wrote: > > > I must have accidentally deleted it on the server. I'll reupload it when > > I'll have access to th

Re: Support for TPM measurements on UEFI systems

On Fri, Jan 27, 2017 at 09:08:33PM +, Vladimir 'phcoder' Serbinenko wrote: > I must have accidentally deleted it on the server. I'll reupload it when > I'll have access to the laptop in question on Monday Hi, Did you have any luck digging this up? -- Matthew Garrett | mj...@srcf.ucam.org

Re: Support for TPM measurements on UEFI systems

On Tue, 24 Jan 2017, 05:14 Matthew Garrett wrote: > On Mon, Jan 23, 2017 at 6:03 PM, Vladimir 'phcoder' Serbinenko > wrote: > > Ok. Good. Still, can we use verifiers framework ? We can adjust it if > > needed. Also it's still post-release material > > Where's the branch? I wasn't able to find it

Add support for TPM measurements on UEFI systems

This patchset adds support for measuring grub components and commands into TPMs on UEFI systems. It supports both the original TPM and the new TPM 2.0 protocols. Grub will measure each module it loads, along with any Linux kernels and initrds, multiboot images, the command line passed to Linux and

Re: Support for TPM measurements on UEFI systems

On Mon, Jan 23, 2017 at 6:03 PM, Vladimir 'phcoder' Serbinenko wrote: > Ok. Good. Still, can we use verifiers framework ? We can adjust it if > needed. Also it's still post-release material Where's the branch? I wasn't able to find it on Savannah. ___

Re: Support for TPM measurements on UEFI systems

Ok. Good. Still, can we use verifiers framework ? We can adjust it if needed. Also it's still post-release material On Tue, 24 Jan 2017, 04:34 Matthew Garrett wrote: > On Mon, Jan 23, 2017 at 5:29 PM, Vladimir 'phcoder' Serbinenko > wrote: > > For policy reasons we can't put any TPM code into G

Re: Support for TPM measurements on UEFI systems

On Mon, Jan 23, 2017 at 5:29 PM, Vladimir 'phcoder' Serbinenko wrote: > For policy reasons we can't put any TPM code into GNU project. Can we use > verifiers framework for this rather than custom hooks? This would allow your > code to be a single module that can be put into a separate repo rather

Re: Support for TPM measurements on UEFI systems

For policy reasons we can't put any TPM code into GNU project. Can we use verifiers framework for this rather than custom hooks? This would allow your code to be a single module that can be put into a separate repo rather than a complex patch set. Verifiers framework is in separate branch verifiers

Support for TPM measurements on UEFI systems

This patchset adds support for measuring components of grub and what it's loading into the TPM. It supports both TPM 1.2 and 2.0 devices via the standard UEFI protocols. ___ Grub-devel mailing list Grub-devel@gnu.org https://lists.gnu.org/mailman/listin