From bd97e72f0490b2be766949f448bf6ea3ec2bba1a Mon Sep 17 00:00:00 2001 From: Peter Jones Date: Wed, 1 Aug 2018 09:58:09 -0500 Subject: [PATCH 11/62] Add GRUB's PCR Usage to README.tpm This didn't seem to get documented anywhere, and this is as good a place as any. Upstream-commit-id: 4fab7281a8c --- README.tpm | 9 +++++++++ 1 file changed, 9 insertions(+) diff --git a/README.tpm b/README.tpm index b7314f12d57..d9c7c53483b 100644 --- a/README.tpm +++ b/README.tpm @@ -19,6 +19,15 @@ PCR7: - MokSBState will be extended into PCR7 if it is set, logged as "MokSBState". +PCR8: +- If you're using the grub2 TPM patchset we cary in Fedora, the kernel command + line and all grub commands (including all of grub.cfg that gets run) are + measured into PCR8. + +PCR9: +- If you're using the grub2 TPM patchset we cary in Fedora, the kernel, + initramfs, and any multiboot modules loaded are measured into PCR9. + PCR14: - MokList, MokListX, and MokSBState will be extended into PCR14 if they are set. -- 2.26.2