Hello Matthew, On 07/21/2017 12:41 AM, Matthew Garrett wrote: > On Wed, Jul 05, 2017 at 02:19:55PM -0700, Matthew Garrett wrote: >> This patchset extends the verifier framework to support verifying commands >> executed by Grub, and makes use of this to add support for measuring files >> and commands executed by grub into the TPM on UEFI-based systems. > > Any feedback on this? Vladimir, are you planning on merging your > verifier branch? >
I've given a try to this new version of your patches and it worked correctly: $ tpm2_listpcrs -L 0x4:8,9 Bank/Algorithm: TPM_ALG_SHA1(0x0004) PCR_08: fb 91 4b bb 62 48 00 7f 5f 32 d0 58 24 23 92 a6 a8 39 7a c4 PCR_09: 78 cc c7 b8 4c 95 dc 21 8e bd a2 07 d9 94 0a 4c 95 e6 44 d2 Without your patches: $ tpm2_listpcrs -L 0x4:8,9 PCR_08: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 PCR_09: aa 40 46 af 96 b1 62 d0 8e 9c 10 b2 1a 2f a8 5e ac 84 cd e4 I've also tested changing the linux image, modifying the kernel command line parameters, inserting other grub modules and changing the grub commands. In all cases I see that the PCR hashes changed. Best regards, -- Javier Martinez Canillas Software Engineer - Desktop Hardware Enablement Red Hat _______________________________________________ Grub-devel mailing list Grub-devel@gnu.org https://lists.gnu.org/mailman/listinfo/grub-devel
