<listitem><para>A compiled binary DeviceTree will be looked for in the <literal>.dtb</literal> PE
section.</para></listitem>
+ <listitem><para>Kernel version information, i.e. the output of <command>uname -r</command> for the
+ kernel included in the UKI, in the <literal>.uname</literal> PE section.</para></listitem>
+
<listitem><para>The kernel command line to pass to the invoked kernel will be looked for in the
<literal>.cmdline</literal> PE section.</para></listitem>
<varlistentry>
<term><varname>io.systemd.stub.kernel-cmdline-extra</varname></term>
<listitem><para>If set, the value of this string is added to the list of kernel command line
- arguments that are passed to the kernel.</para></listitem>
+ arguments that are measured in PCR12 and passed to the kernel.</para></listitem>
</varlistentry>
</variablelist>
</refsect1>
mangle_stub_cmdline(cmdline);
}
- /* SMBIOS strings are measured in PCR1, so we do not re-measure these command line extensions. */
const char *extra = smbios_find_oem_string("io.systemd.stub.kernel-cmdline-extra");
if (extra) {
_cleanup_free_ char16_t *tmp = TAKE_PTR(cmdline), *extra16 = xstr8_to_16(extra);
cmdline = xasprintf("%ls %ls", tmp, extra16);
+
+ /* SMBIOS strings are measured in PCR1, but we also want to measure them in our specific
+ * PCR12, as firmware-owned PCRs are very difficult to use as they'll contain unpredictable
+ * measurements that are not under control of the machine owner. */
+ m = false;
+ (void) tpm_log_load_options(extra16, &m);
+ parameters_measured = parameters_measured < 0 ? m : (parameters_measured && m);
}
export_variables(loaded_image);
projects / thirdparty / systemd.git / commitdiff
