From 5aee2444093cfc8006865766f89e5a775a940ab1 Mon Sep 17 00:00:00 2001 From: Matthew Garrett Date: Sun, 9 Aug 2015 16:28:29 -0700 Subject: [PATCH] Measure kernel and initrd on BIOS systems Measure the kernel and initrd when loaded on BIOS systems --- grub-core/loader/i386/linux.c | 5 +++++ grub-core/loader/i386/pc/linux.c | 3 +++ grub-core/loader/linux.c | 2 ++ 3 files changed, 10 insertions(+) diff --git a/grub-core/loader/i386/linux.c b/grub-core/loader/i386/linux.c index c9e89310bdd..bc10add45a6 100644 --- a/grub-core/loader/i386/linux.c +++ b/grub-core/loader/i386/linux.c @@ -36,6 +36,7 @@ #include #include #include +#include GRUB_MOD_LICENSE ("GPLv3+"); @@ -718,7 +719,10 @@ grub_cmd_linux (grub_command_t cmd __attribute__ ((unused)), goto fail; } + grub_tpm_measure (kernel, len, GRUB_KERNEL_PCR, "Linux Kernel"); + grub_memcpy (&lh, kernel, sizeof (lh)); + kernel_offset = sizeof (lh); if (lh.boot_flag != grub_cpu_to_le16_compile_time (0xaa55)) @@ -1032,6 +1036,7 @@ grub_cmd_linux (grub_command_t cmd __attribute__ ((unused)), len = prot_file_size; grub_memcpy (prot_mode_mem, kernel + kernel_offset, len); + kernel_offset += len; if (grub_errno == GRUB_ERR_NONE) { diff --git a/grub-core/loader/i386/pc/linux.c b/grub-core/loader/i386/pc/linux.c index b864e540333..6b8f365c9cf 100644 --- a/grub-core/loader/i386/pc/linux.c +++ b/grub-core/loader/i386/pc/linux.c @@ -36,6 +36,7 @@ #include #include #include +#include GRUB_MOD_LICENSE ("GPLv3+"); @@ -161,6 +162,8 @@ grub_cmd_linux (grub_command_t cmd __attribute__ ((unused)), goto fail; } + grub_tpm_measure (kernel, len, GRUB_KERNEL_PCR, "BIOS Linux Kernel"); + grub_memcpy (&lh, kernel, sizeof (lh)); kernel_offset = sizeof (lh); diff --git a/grub-core/loader/linux.c b/grub-core/loader/linux.c index be6fa0f4d45..3005c0d19c9 100644 --- a/grub-core/loader/linux.c +++ b/grub-core/loader/linux.c @@ -4,6 +4,7 @@ #include #include #include +#include struct newc_head { @@ -288,6 +289,7 @@ grub_initrd_load (struct grub_linux_initrd_context *initrd_ctx, grub_initrd_close (initrd_ctx); return grub_errno; } + grub_tpm_measure (ptr, cursize, GRUB_INITRD_PCR, "Linux Initrd"); ptr += cursize; } if (newc)