[PATCH 7/7] Measure multiboot images and modules

grub-devel

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[PATCH 7/7] Measure multiboot images and modules

From:	Matthew Garrett
Subject:	[PATCH 7/7] Measure multiboot images and modules
Date:	Mon, 23 Jan 2017 16:38:28 -0800

---
 grub-core/loader/i386/multiboot_mbi.c | 4 ++++
 grub-core/loader/multiboot.c          | 3 +++
 grub-core/loader/multiboot_mbi2.c     | 4 ++++
 3 files changed, 11 insertions(+)

diff --git a/grub-core/loader/i386/multiboot_mbi.c 
b/grub-core/loader/i386/multiboot_mbi.c
index fd7b41b..42372bf 100644
--- a/grub-core/loader/i386/multiboot_mbi.c
+++ b/grub-core/loader/i386/multiboot_mbi.c
@@ -36,6 +36,7 @@
 #include <grub/net.h>
 #include <grub/i18n.h>
 #include <grub/lib/cmdline.h>
+#include <grub/tpm.h>
 
 #ifdef GRUB_MACHINE_EFI
 #include <grub/efi/efi.h>
@@ -173,6 +174,9 @@ grub_multiboot_load (grub_file_t file, const char *filename)
       return grub_errno;
     }
 
+  grub_tpm_measure((unsigned char*)buffer, len, GRUB_BINARY_PCR, 
"grub_multiboot", filename);
+  grub_print_error();
+
   header = find_header (buffer, len);
 
   if (header == 0)
diff --git a/grub-core/loader/multiboot.c b/grub-core/loader/multiboot.c
index bd9d5b3..a97ed87 100644
--- a/grub-core/loader/multiboot.c
+++ b/grub-core/loader/multiboot.c
@@ -42,6 +42,7 @@
 #include <grub/video.h>
 #include <grub/memory.h>
 #include <grub/i18n.h>
+#include <grub/tpm.h>
 
 GRUB_MOD_LICENSE ("GPLv3+");
 
@@ -424,6 +425,8 @@ grub_cmd_module (grub_command_t cmd __attribute__ 
((unused)),
     }
 
   grub_file_close (file);
+  grub_tpm_measure (module, size, GRUB_BINARY_PCR, "grub_multiboot", argv[0]);
+  grub_print_error();
   return GRUB_ERR_NONE;
 }
 
diff --git a/grub-core/loader/multiboot_mbi2.c 
b/grub-core/loader/multiboot_mbi2.c
index b0679a9..c62ced3 100644
--- a/grub-core/loader/multiboot_mbi2.c
+++ b/grub-core/loader/multiboot_mbi2.c
@@ -36,6 +36,7 @@
 #include <grub/i18n.h>
 #include <grub/net.h>
 #include <grub/lib/cmdline.h>
+#include <grub/tpm.h>
 
 #if defined (GRUB_MACHINE_EFI)
 #include <grub/efi/efi.h>
@@ -131,6 +132,9 @@ grub_multiboot_load (grub_file_t file, const char *filename)
 
   COMPILE_TIME_ASSERT (MULTIBOOT_HEADER_ALIGN % 4 == 0);
 
+  grub_tpm_measure ((unsigned char *)mld.buffer, len, GRUB_BINARY_PCR, 
"grub_multiboot", filename);
+  grub_print_error();
+
   header = find_header (mld.buffer, len);
 
   if (header == 0)
-- 
2.9.3

[Prev in Thread]

Current Thread

[Next in Thread]

Support for TPM measurements on UEFI systems, Matthew Garrett, 2017/01/23
- [PATCH 2/7] Rework linux command, Matthew Garrett, 2017/01/23
- [PATCH 1/7] Core TPM support, Matthew Garrett, 2017/01/23
- [PATCH 3/7] Rework linux16 command, Matthew Garrett, 2017/01/23
- [PATCH 4/7] Measure kernel and initrd, Matthew Garrett, 2017/01/23
- [PATCH 5/7] Measure the kernel commandline, Matthew Garrett, 2017/01/23
- [PATCH 6/7] Measure commands, Matthew Garrett, 2017/01/23
- [PATCH 7/7] Measure multiboot images and modules, Matthew Garrett <=
- Re: Support for TPM measurements on UEFI systems, Vladimir 'phcoder' Serbinenko, 2017/01/23
  - Re: Support for TPM measurements on UEFI systems, Matthew Garrett, 2017/01/23
    - Re: Support for TPM measurements on UEFI systems, Vladimir 'phcoder' Serbinenko, 2017/01/23
    - Re: Support for TPM measurements on UEFI systems, Matthew Garrett, 2017/01/23
    - Re: Support for TPM measurements on UEFI systems, Vladimir 'phcoder' Serbinenko, 2017/01/27

Prev by Date: [PATCH 6/7] Measure commands
Next by Date: Re: [PATCH] Add efi getenv command
Previous by thread: [PATCH 6/7] Measure commands
Next by thread: Re: Support for TPM measurements on UEFI systems
Index(es):
- Date
- Thread