From: Lennart Poettering <lennart@poettering.net>
Date: Thu, 27 Feb 2025 14:29:48 +0000 (+0100)
Subject: units: measure additional phases into PCR 11 when entering storage target mode or... 
X-Git-Tag: v258-rc1~1232
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=cf20b5d1dc34a15286a60d874430cfe25ea89118;p=thirdparty%2Fsystemd.git

units: measure additional phases into PCR 11 when entering storage target mode or factory reset (#36543)

Let's "spoil" access to TPM secrets when we boot into these two modes.
This matters in particular for storagetm: if the host gets exploited
while booted into storage target mode any secrets kept by the TPM might
remain accessible otherwise. By measuring a new "phase" word into PCR 11
we "blow the fuse" however on this boot.
---

cf20b5d1dc34a15286a60d874430cfe25ea89118