#if ENABLE_TPM
/* Try to log any options to the TPM, especially to catch manually edited options */
- err = tpm_log_event(TPM_PCR_INDEX_KERNEL_PARAMETERS,
- (EFI_PHYSICAL_ADDRESS) (UINTN) loaded_image->LoadOptions,
- loaded_image->LoadOptionsSize, loaded_image->LoadOptions);
- if (EFI_ERROR(err))
- log_error_stall(L"Unable to add image options measurement: %r", err);
+ (VOID) tpm_log_load_options(options);
#endif
}
return EFI_SUCCESS;
}
+EFI_STATUS tpm_log_load_options(const CHAR16 *load_options) {
+ EFI_STATUS err;
+
+ /* Measures a load options string into the TPM2, i.e. the kernel command line */
+
+ err = tpm_log_event(TPM_PCR_INDEX_KERNEL_PARAMETERS,
+ (EFI_PHYSICAL_ADDRESS) (UINTN) load_options,
+ StrSize(load_options), load_options);
+ if (EFI_ERROR(err))
+ return log_error_status_stall(err, L"Unable to add load options (i.e. kernel command) line measurement: %r", err);
+
+ return EFI_SUCCESS;
+}
+
#endif
#include <efi.h>
EFI_STATUS tpm_log_event(UINT32 pcrindex, const EFI_PHYSICAL_ADDRESS buffer, UINTN buffer_size, const CHAR16 *description);
+
+EFI_STATUS tpm_log_load_options(const CHAR16 *cmdline);
cmdline = line;
#if ENABLE_TPM
- /* Try to log any options to the TPM, especially manually edited options */
- err = tpm_log_event(TPM_PCR_INDEX_KERNEL_PARAMETERS,
- (EFI_PHYSICAL_ADDRESS) (UINTN) loaded_image->LoadOptions,
- loaded_image->LoadOptionsSize, loaded_image->LoadOptions);
- if (EFI_ERROR(err))
- log_error_stall(L"Unable to add image options measurement: %r", err);
+ /* Let's measure the passed kernel command line into the TPM. Note that this possibly
+ * duplicates what we already did in the boot menu, if that was already used. However, since
+ * we want the boot menu to support an EFI binary, and want to this stub to be usable from
+ * any boot menu, let's measure things anyway. */
+ (VOID) tpm_log_load_options(loaded_image->LoadOptions);
#endif
}
projects / thirdparty / systemd.git / commitdiff
