iv/linux
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
f046fff8bc
linux/drivers/firmware/efi
History
Ilias Apalodimas f046fff8bc efi/libstub: measure loaded initrd info into the TPM 
In an effort to ensure the initrd observed and used by the OS is
the same one that was meant to be loaded, which is difficult to
guarantee otherwise, let's measure the initrd if the EFI stub and
specifically the newly introduced LOAD_FILE2 protocol was used.

Modify the initrd loading sequence so that the contents of the initrd
are measured into PCR9.  Note that the patch is currently using
EV_EVENT_TAG to create the eventlog entry instead of EV_IPL.  According
to the TCP PC Client specification this is used for PCRs defined for OS
and application usage.

Co-developed-by: Ard Biesheuvel <ardb@kernel.org>
Signed-off-by: Ard Biesheuvel <ardb@kernel.org>
Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
Link: https://lore.kernel.org/r/20211119114745.1560453-5-ilias.apalodimas@linaro.org
[ardb: add braces to initializer of tagged_event_data]
Link: https://github.com/ClangBuiltLinux/linux/issues/1547
Signed-off-by: Ard Biesheuvel <ardb@kernel.org>
2022-01-06 21:19:05 +01:00
..
libstub efi/libstub: measure loaded initrd info into the TPM 2022-01-06 21:19:05 +01:00
test efi/efi_test: read RuntimeServicesSupported 2020-12-09 08:37:27 +01:00
apple-properties.c efi/apple-properties: Handle device properties with software node API 2021-05-22 14:06:59 +02:00
arm-runtime.c
capsule-loader.c
capsule.c efi: capsule: clean scatter-gather entries from the D-cache 2020-12-09 08:37:27 +01:00
cper-arm.c
cper-x86.c x86/mce, cper: Pass x86 CPER through the MCA handling chain 2020-11-21 12:05:41 +01:00
cper.c efi/cper: use stack buffer for error record decoding 2021-10-05 13:05:59 +02:00
dev-path-parser.c ACPI: utils: Fix reference counting in for_each_acpi_dev_match() 2021-07-19 16:22:01 +02:00
earlycon.c
efi-bgrt.c
efi-init.c drivers/firmware: consolidate EFI framebuffer setup for all arches 2021-07-21 12:04:56 +02:00
efi-pstore.c efi: pstore: move workqueue handling out of efivars 2020-09-29 19:40:57 +02:00
efi.c efi: Allow efi=runtime 2021-09-28 22:44:15 +02:00
efibc.c
efivars.c efi: efivars: limit availability to X86 builds 2020-09-29 19:40:57 +02:00
embedded-firmware.c crypto: sha - split sha.h into sha1.h and sha2.h 2020-11-20 14:45:33 +11:00
esrt.c
fake_mem.c
fake_mem.h
fdtparams.c efi/fdt: fix panic when no valid fdt found 2021-05-22 14:03:42 +02:00
Kconfig EFI updates collected by Ard Biesheuvel: 2020-12-24 12:40:07 -08:00
Makefile drivers/firmware: move x86 Generic System Framebuffers support 2021-07-21 12:04:56 +02:00
memattr.c efi: Allow EFI_MEMORY_XP and EFI_MEMORY_RO both to be cleared 2021-05-22 14:05:13 +02:00
memmap.c memblock: rename memblock_free to memblock_phys_free 2021-11-06 13:30:41 -07:00
mokvar-table.c efi/mokvar: Reserve the table only if it is in boot services data 2021-07-20 09:28:09 +02:00
rci2-table.c
reboot.c
riscv-runtime.c RISC-V: Add EFI runtime services 2020-10-02 14:31:28 -07:00
runtime-map.c
runtime-wrappers.c efi: Change down_interruptible() in virt_efi_reset_system() to down_trylock() 2021-10-05 13:07:01 +02:00
sysfb_efi.c efi: sysfb_efi: fix build when EFI is not set 2021-07-27 11:52:51 +02:00
tpm.c efi/tpm: Differentiate missing and invalid final event log table. 2021-07-16 18:04:55 +02:00
vars.c efivars: respect EFI_UNSUPPORTED return from firmware 2021-03-17 09:40:24 +01:00
x86_fake_mem.c efi/fake_mem: arrange for a resource entry per efi_fake_mem instance 2020-10-13 18:38:27 -07:00