vbatts/grub
1
0
Fork 0
Code Issues Pull requests Releases Wiki Activity

Rework TPM measurements

Browse source 
Rework TPM measurements to use fewer PCRs. After discussion with upstream,
it's preferable to avoid using so many PCRs. Instead, measure into PCRs 8
and 9 but use a prefix in the event log to indicate which subsystem carried
out the measurements.
This commit is contained in:
Matthew Garrett 2016-03-23 17:03:43 -07:00
parent c2eee36ec0
commit bb3473d7c8
12 changed files with 24 additions and 21 deletions
Download patch file Download diff file Expand all files Collapse all files

2
grub-core/kern/dl.c
View file

@ -724,7 +724,7 @@ grub_dl_load_file (const char *filename)
opens of the same device. */
grub_file_close (file);
grub_tpm_measure(core, size, GRUB_TPM_PCR, filename);
grub_tpm_measure(core, size, GRUB_BINARY_PCR, "grub_module", filename);
mod = grub_dl_load_core (core, size);
grub_free (core);

10
grub-core/kern/tpm.c
View file

@ -7,7 +7,13 @@
grub_err_t
grub_tpm_measure (unsigned char *buf, grub_size_t size, grub_uint8_t pcr,
const char *description)
const char *kind, const char *description)
{
return grub_tpm_log_event(buf, size, pcr, description);
grub_err_t ret;
char *desc = grub_xasprintf("%s %s", kind, description);
if (!desc)
return GRUB_ERR_OUT_OF_MEMORY;
ret = grub_tpm_log_event(buf, size, pcr, description);
grub_free(desc);
return ret;
}