Re-use systemd code to measure binary blobs to get both the loaded EFI image and the kernel options measured into the TPM PCR registers 8 and 9. The --kernel-pcr and --options-pcr options were added to the configure script. The changes were tested on x86 platforms with TPM versions 1.2 and 2 but also without a TPM (just like systemd-boot, the absence of a TPM does not cause any harm or errors).
Changes in v3: - load kernel into memory using introduced load_from_device_path() - make LoadImage() relocate the image in memory instead of loading it from disk - remove --disable-tpm from configure.ac and "#if ENABLE_TPM" from main.c and measure.c - add --kernel-pcr to configure.ac (defines KERNEL_PCR) Changes in v2: - Pull the latest version of the systemd code - Re-license the LGPL code under the GPL (as permitted by the LGPL) Cedric Hombourger (3): loader: add load_from_device_path() to load a binary into memory measure: import systemd code to perform measurements into the TPM main: measure kernel image and options Makefile.am | 4 +- configure.ac | 18 +++ include/loader.h | 21 ++++ loader.c | 155 +++++++++++++++++++++++ main.c | 25 +++- measure.c | 313 +++++++++++++++++++++++++++++++++++++++++++++++ measure.h | 6 + 7 files changed, 538 insertions(+), 4 deletions(-) create mode 100644 include/loader.h create mode 100644 loader.c create mode 100644 measure.c create mode 100644 measure.h -- 2.30.2 -- You received this message because you are subscribed to the Google Groups "EFI Boot Guard" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/d/msgid/efibootguard-dev/20210704180009.383-1-Cedric_Hombourger%40mentor.com.
