verifiers: Core TPM support
Add support for performing basic TPM measurements. Right now this only supports extending PCRs statically and only on UEFI. In future we might want to have some sort of mechanism for choosing which events get logged to which PCRs, but this seems like a good default policy and we can wait to see whether anyone has a use case before adding more complexity. Signed-off-by: Matthew Garrett <mjg59@google.com> Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com>
This commit is contained in:
parent
8d6447d496
commit
f4f4e3c715
17 changed files with 616 additions and 146 deletions
|
@ -730,7 +730,7 @@ grub_dl_load_file (const char *filename)
|
|||
opens of the same device. */
|
||||
grub_file_close (file);
|
||||
|
||||
grub_tpm_measure(core, size, GRUB_BINARY_PCR, "grub_module", filename);
|
||||
grub_tpm_measure(core, size, GRUB_BINARY_PCR, filename);
|
||||
grub_print_error();
|
||||
|
||||
mod = grub_dl_load_core (core, size);
|
||||
|
|
|
@ -27,6 +27,7 @@
|
|||
#include <grub/efi/efi.h>
|
||||
#include <grub/i386/tsc.h>
|
||||
#include <grub/loader.h>
|
||||
#include <grub/tpm.h>
|
||||
|
||||
void
|
||||
grub_machine_init (void)
|
||||
|
|
|
@ -7,13 +7,8 @@
|
|||
|
||||
grub_err_t
|
||||
grub_tpm_measure (unsigned char *buf, grub_size_t size, grub_uint8_t pcr,
|
||||
const char *kind, const char *description)
|
||||
const char *description)
|
||||
{
|
||||
grub_err_t ret;
|
||||
char *desc = grub_xasprintf("%s %s", kind, description);
|
||||
if (!desc)
|
||||
return GRUB_ERR_OUT_OF_MEMORY;
|
||||
ret = grub_tpm_log_event(buf, size, pcr, desc);
|
||||
grub_free(desc);
|
||||
return ret;
|
||||
return grub_tpm_log_event (buf, size, pcr, description);
|
||||
}
|
||||
|
||||
|
|
Loading…
Add table
Add a link
Reference in a new issue