From: Marc-André Lureau <marcandre.lur...@redhat.com>
The library registers a security management handler, to measure images
that are not measure in PEI phase.
This seems to work for example with the qemu PXE rom:
Loading driver at 0x0003E6C2000 EntryPoint=0x0003E6C9076 8086100e.efi
And the following binary_bios_measurements log entry seems to be
added:
PCR: 2 type: EV_EFI_BOOT_SERVICES_DRIVER size: 0x4e digest:
70a22475e9f18806d2ed9193b48d80d26779d9a4
CC: Laszlo Ersek <ler...@redhat.com>
CC: Stefan Berger <stef...@linux.vnet.ibm.com>
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Marc-André Lureau <marcandre.lur...@redhat.com>
---
OvmfPkg/OvmfPkgX64.dsc | 5 ++++-
1 file changed, 4 insertions(+), 1 deletion(-)
diff --git a/OvmfPkg/OvmfPkgX64.dsc b/OvmfPkg/OvmfPkgX64.dsc
index 2281bd5ff8..92ed9f3b0c 100644
--- a/OvmfPkg/OvmfPkgX64.dsc
+++ b/OvmfPkg/OvmfPkgX64.dsc
@@ -677,7 +677,10 @@
MdeModulePkg/Universal/SecurityStubDxe/SecurityStubDxe.inf {
<LibraryClasses>
NULL|SecurityPkg/Library/DxeImageVerificationLib/DxeImageVerificationLib.inf
- }
+!if $(TPM2_ENABLE) == TRUE
+ NULL|SecurityPkg/Library/DxeTpm2MeasureBootLib/DxeTpm2MeasureBootLib.inf
+!endif
+ }
!else
MdeModulePkg/Universal/SecurityStubDxe/SecurityStubDxe.inf
!endif
--
2.16.1.73.g5832b7e9f2
_______________________________________________
edk2-devel mailing list
edk2-devel@lists.01.org
https://lists.01.org/mailman/listinfo/edk2-devel
