Measure kernel + initrd
Measure the kernel and initrd when loaded on UEFI systems
This commit is contained in:
		
							parent
							
								
									858f763466
								
							
						
					
					
						commit
						f22ee4487c
					
				
					 1 changed files with 4 additions and 0 deletions
				
			
		|  | @ -26,6 +26,7 @@ | |||
| #include <grub/i18n.h> | ||||
| #include <grub/lib/cmdline.h> | ||||
| #include <grub/efi/efi.h> | ||||
| #include <grub/tpm.h> | ||||
| 
 | ||||
| #include "../verity-hash.h" | ||||
| 
 | ||||
|  | @ -168,6 +169,7 @@ grub_cmd_initrd (grub_command_t cmd __attribute__ ((unused)), | |||
|                         argv[i]); | ||||
|           goto fail; | ||||
|         } | ||||
|       grub_tpm_measure (ptr, cursize, GRUB_INITRD_PCR, "UEFI Linux initrd"); | ||||
|       ptr += cursize; | ||||
|       grub_memset (ptr, 0, ALIGN_UP_OVERHEAD (cursize, 4)); | ||||
|       ptr += ALIGN_UP_OVERHEAD (cursize, 4); | ||||
|  | @ -223,6 +225,8 @@ grub_cmd_linux (grub_command_t cmd __attribute__ ((unused)), | |||
|       goto fail; | ||||
|     } | ||||
| 
 | ||||
|   grub_tpm_measure (kernel, filelen, GRUB_KERNEL_PCR, "UEFI Linux kernel"); | ||||
| 
 | ||||
|   if (! grub_linuxefi_secure_validate (kernel, filelen)) | ||||
|     { | ||||
|       grub_error (GRUB_ERR_INVALID_COMMAND, N_("%s has invalid signature"), argv[0]); | ||||
|  |  | |||
		Loading…
	
	Add table
		Add a link
		
	
		Reference in a new issue