Measure the kernel and initrd at load time --- grub-core/loader/i386/linux.c | 6 ++++++ grub-core/loader/i386/pc/linux.c | 4 ++++ grub-core/loader/linux.c | 3 +++ 3 files changed, 13 insertions(+)
diff --git a/grub-core/loader/i386/linux.c b/grub-core/loader/i386/linux.c index 5e54ec9..6d8d3d6 100644 --- a/grub-core/loader/i386/linux.c +++ b/grub-core/loader/i386/linux.c @@ -35,6 +35,7 @@ #include <grub/i18n.h> #include <grub/lib/cmdline.h> #include <grub/linux.h> +#include <grub/tpm.h> GRUB_MOD_LICENSE ("GPLv3+"); @@ -716,7 +717,11 @@ grub_cmd_linux (grub_command_t cmd __attribute__ ((unused)), goto fail; } + grub_tpm_measure (kernel, len, GRUB_BINARY_PCR, "grub_linux", "Linux Kernel"); + grub_print_error(); + grub_memcpy (&lh, kernel, sizeof (lh)); + kernel_offset = sizeof (lh); if (lh.boot_flag != grub_cpu_to_le16_compile_time (0xaa55)) @@ -1025,6 +1030,7 @@ grub_cmd_linux (grub_command_t cmd __attribute__ ((unused)), len = prot_file_size; grub_memcpy (prot_mode_mem, kernel + kernel_offset, len); + kernel_offset += len; if (grub_errno == GRUB_ERR_NONE) { diff --git a/grub-core/loader/i386/pc/linux.c b/grub-core/loader/i386/pc/linux.c index 1ac9cd1..c6197a1 100644 --- a/grub-core/loader/i386/pc/linux.c +++ b/grub-core/loader/i386/pc/linux.c @@ -35,6 +35,7 @@ #include <grub/i386/floppy.h> #include <grub/lib/cmdline.h> #include <grub/linux.h> +#include <grub/tpm.h> GRUB_MOD_LICENSE ("GPLv3+"); @@ -160,6 +161,9 @@ grub_cmd_linux (grub_command_t cmd __attribute__ ((unused)), goto fail; } + grub_tpm_measure (kernel, len, GRUB_BINARY_PCR, "grub_linux16", "BIOS Linux Kernel"); + grub_print_error(); + grub_memcpy (&lh, kernel, sizeof (lh)); kernel_offset = sizeof (lh); diff --git a/grub-core/loader/linux.c b/grub-core/loader/linux.c index be6fa0f..8b5e6e0 100644 --- a/grub-core/loader/linux.c +++ b/grub-core/loader/linux.c @@ -4,6 +4,7 @@ #include <grub/misc.h> #include <grub/file.h> #include <grub/mm.h> +#include <grub/tpm.h> struct newc_head { @@ -288,6 +289,8 @@ grub_initrd_load (struct grub_linux_initrd_context *initrd_ctx, grub_initrd_close (initrd_ctx); return grub_errno; } + grub_tpm_measure (ptr, cursize, GRUB_BINARY_PCR, "grub_initrd", "Linux Initrd"); + grub_print_error(); ptr += cursize; } if (newc) -- 2.9.3 _______________________________________________ Grub-devel mailing list Grub-devel@gnu.org https://lists.gnu.org/mailman/listinfo/grub-devel