[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[PATCH 4/7] Measure kernel and initrd
|
From: |
Matthew Garrett |
|
Subject: |
[PATCH 4/7] Measure kernel and initrd |
|
Date: |
Mon, 23 Jan 2017 16:38:25 -0800 |
Measure the kernel and initrd at load time
---
grub-core/loader/i386/linux.c | 6 ++++++
grub-core/loader/i386/pc/linux.c | 4 ++++
grub-core/loader/linux.c | 3 +++
3 files changed, 13 insertions(+)
diff --git a/grub-core/loader/i386/linux.c b/grub-core/loader/i386/linux.c
index 5e54ec9..6d8d3d6 100644
--- a/grub-core/loader/i386/linux.c
+++ b/grub-core/loader/i386/linux.c
@@ -35,6 +35,7 @@
#include <grub/i18n.h>
#include <grub/lib/cmdline.h>
#include <grub/linux.h>
+#include <grub/tpm.h>
GRUB_MOD_LICENSE ("GPLv3+");
@@ -716,7 +717,11 @@ grub_cmd_linux (grub_command_t cmd __attribute__
((unused)),
goto fail;
}
+ grub_tpm_measure (kernel, len, GRUB_BINARY_PCR, "grub_linux", "Linux
Kernel");
+ grub_print_error();
+
grub_memcpy (&lh, kernel, sizeof (lh));
+
kernel_offset = sizeof (lh);
if (lh.boot_flag != grub_cpu_to_le16_compile_time (0xaa55))
@@ -1025,6 +1030,7 @@ grub_cmd_linux (grub_command_t cmd __attribute__
((unused)),
len = prot_file_size;
grub_memcpy (prot_mode_mem, kernel + kernel_offset, len);
+ kernel_offset += len;
if (grub_errno == GRUB_ERR_NONE)
{
diff --git a/grub-core/loader/i386/pc/linux.c b/grub-core/loader/i386/pc/linux.c
index 1ac9cd1..c6197a1 100644
--- a/grub-core/loader/i386/pc/linux.c
+++ b/grub-core/loader/i386/pc/linux.c
@@ -35,6 +35,7 @@
#include <grub/i386/floppy.h>
#include <grub/lib/cmdline.h>
#include <grub/linux.h>
+#include <grub/tpm.h>
GRUB_MOD_LICENSE ("GPLv3+");
@@ -160,6 +161,9 @@ grub_cmd_linux (grub_command_t cmd __attribute__ ((unused)),
goto fail;
}
+ grub_tpm_measure (kernel, len, GRUB_BINARY_PCR, "grub_linux16", "BIOS Linux
Kernel");
+ grub_print_error();
+
grub_memcpy (&lh, kernel, sizeof (lh));
kernel_offset = sizeof (lh);
diff --git a/grub-core/loader/linux.c b/grub-core/loader/linux.c
index be6fa0f..8b5e6e0 100644
--- a/grub-core/loader/linux.c
+++ b/grub-core/loader/linux.c
@@ -4,6 +4,7 @@
#include <grub/misc.h>
#include <grub/file.h>
#include <grub/mm.h>
+#include <grub/tpm.h>
struct newc_head
{
@@ -288,6 +289,8 @@ grub_initrd_load (struct grub_linux_initrd_context
*initrd_ctx,
grub_initrd_close (initrd_ctx);
return grub_errno;
}
+ grub_tpm_measure (ptr, cursize, GRUB_BINARY_PCR, "grub_initrd", "Linux
Initrd");
+ grub_print_error();
ptr += cursize;
}
if (newc)
--
2.9.3
- Support for TPM measurements on UEFI systems, Matthew Garrett, 2017/01/23
- [PATCH 2/7] Rework linux command, Matthew Garrett, 2017/01/23
- [PATCH 1/7] Core TPM support, Matthew Garrett, 2017/01/23
- [PATCH 3/7] Rework linux16 command, Matthew Garrett, 2017/01/23
- [PATCH 4/7] Measure kernel and initrd,
Matthew Garrett <=
- [PATCH 5/7] Measure the kernel commandline, Matthew Garrett, 2017/01/23
- [PATCH 6/7] Measure commands, Matthew Garrett, 2017/01/23
- [PATCH 7/7] Measure multiboot images and modules, Matthew Garrett, 2017/01/23
- Re: Support for TPM measurements on UEFI systems, Vladimir 'phcoder' Serbinenko, 2017/01/23