efi: add comment clarifying we should not use EV_IPL anymore

author Lennart Poettering <lennart@poettering.net>

Mon, 21 Aug 2023 16:38:18 +0000 (18:38 +0200)

committer Lennart Poettering <lennart@poettering.net>

Mon, 21 Aug 2023 21:18:28 +0000 (23:18 +0200)
author Lennart Poettering <lennart@poettering.net>
Mon, 21 Aug 2023 16:38:18 +0000 (18:38 +0200)
committer Lennart Poettering <lennart@poettering.net>
Mon, 21 Aug 2023 21:18:28 +0000 (23:18 +0200)
diff --git a/src/boot/efi/measure.c b/src/boot/efi/measure.c

index c2552268d5ec4a0ee2fc7723ecba828e362d6d20..359d277e2f2021aea2048c44c211b991ee5fbffe 100644 (file)
--- a/src/boot/efi/measure.c
+++ b/src/boot/efi/measure.c
@@ -55,6 +55,12 @@ static EFI_STATUS tpm2_measure_to_pcr_and_event_log(
          assert(tcg);
          assert(description);
  
+        /* NB: We currently record everything as EV_IPL. Which sucks, because it makes it hard to
+         * recognize from the event log which of the events are ours. Measurement logs are kinda API hence
+         * this is hard to change for existing, established events. But for future additions, let's use
+         * EV_EVENT_TAG instead, with a tag of our choosing that makes clear what precisely we are measuring
+         * here. */
+
          desc_len = strsize16(description);
          tcg_event = xmalloc(offsetof(EFI_TCG2_EVENT, Event) + desc_len);
          memset(tcg_event, 0, offsetof(EFI_TCG2_EVENT, Event) + desc_len);
author	Lennart Poettering <lennart@poettering.net>
	Mon, 21 Aug 2023 16:38:18 +0000 (18:38 +0200)
committer	Lennart Poettering <lennart@poettering.net>
	Mon, 21 Aug 2023 21:18:28 +0000 (23:18 +0200)