efi/libstub: measure loaded initrd info into the TPM - linux-dev - Linux kernel development work

diff options

author	Ilias Apalodimas <ilias.apalodimas@linaro.org>	2021-11-19 13:47:45 +0200
committer	Ard Biesheuvel <ardb@kernel.org>	2022-01-06 21:19:05 +0100
commit	f046fff8bc4c4d8f8a478022e76e40b818f692df (patch)
tree	a81be025f384d0c91aa3c489e672ddf88180ccc5 /mm
parent	efi/libstub: consolidate initrd handling across architectures (diff)
download	linux-dev-f046fff8bc4c4d8f8a478022e76e40b818f692df.tar.xz linux-dev-f046fff8bc4c4d8f8a478022e76e40b818f692df.zip

efi/libstub: measure loaded initrd info into the TPM

In an effort to ensure the initrd observed and used by the OS is the same one that was meant to be loaded, which is difficult to guarantee otherwise, let's measure the initrd if the EFI stub and specifically the newly introduced LOAD_FILE2 protocol was used. Modify the initrd loading sequence so that the contents of the initrd are measured into PCR9. Note that the patch is currently using EV_EVENT_TAG to create the eventlog entry instead of EV_IPL. According to the TCP PC Client specification this is used for PCRs defined for OS and application usage. Co-developed-by: Ard Biesheuvel <ardb@kernel.org> Signed-off-by: Ard Biesheuvel <ardb@kernel.org> Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Link: https://lore.kernel.org/r/20211119114745.1560453-5-ilias.apalodimas@linaro.org [ardb: add braces to initializer of tagged_event_data] Link: https://github.com/ClangBuiltLinux/linux/issues/1547 Signed-off-by: Ard Biesheuvel <ardb@kernel.org>

Diffstat (limited to 'mm')

0 files changed, 0 insertions, 0 deletions


context:
space:
mode: