verifiers: Verify commands executed by grub

Pass all commands executed by GRUB to the verifiers layer. Most verifiers will
ignore this, but some (such as the TPM verifier) want to be able to measure and
log each command executed in order to ensure that the boot state is as expected.

Signed-off-by: Matthew Garrett <mjg59@google.com>
Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com>

grub-core/script/execute.c

@@ -28,6 +28,7 @@
 #include <grub/extcmd.h>
 #include <grub/i18n.h>
 #include <grub/tpm.h>
+#include <grub/verify.h>
 
 /* Max digits for a char is 3 (0xFF is 255), similarly for an int it
    is sizeof (int) * 3, and one extra for a possible -ve sign.  */
@@ -941,7 +942,8 @@ grub_script_execute_cmdline (struct grub_script_cmd *cmd)
   if (grub_script_arglist_to_argv (cmdline->arglist, &argv) || ! argv.args[0])
     return grub_errno;
 
-  for (i = 0; i < argv.argc; i++) {
+  for (i = 0; i < argv.argc; i++)
+    {
       cmdlen += grub_strlen (argv.args[i]) + 1;
     }
 
@@ -952,7 +954,8 @@ grub_script_execute_cmdline (struct grub_script_cmd *cmd)
 			 N_("cannot allocate command buffer"));
     }
 
-  for (i = 0; i < argv.argc; i++) {
+  for (i = 0; i < argv.argc; i++)
+    {
       offset += grub_snprintf (cmdstring + offset, cmdlen - offset, "%s ",
 			       argv.args[i]);
     }
@@ -960,6 +963,7 @@ grub_script_execute_cmdline (struct grub_script_cmd *cmd)
   grub_tpm_measure ((unsigned char *)cmdstring, cmdlen, GRUB_ASCII_PCR,
 		    "grub_cmd", cmdstring);
   grub_print_error();
+  grub_verify_string (cmdstring, GRUB_VERIFY_COMMAND);
   grub_free (cmdstring);
   invert = 0;
   argc = argv.argc - 1;
@@ -1185,4 +1189,3 @@ grub_script_execute (struct grub_script *script)
 
   return grub_script_execute_cmd (script->cmd);
 }
-

include/grub/verify.h

@@ -34,6 +34,7 @@ enum grub_verify_string_type
   {
     GRUB_VERIFY_KERNEL_CMDLINE,
     GRUB_VERIFY_MODULE_CMDLINE,
+    GRUB_VERIFY_COMMAND,
   };
 
 struct grub_file_verifier