Blame SOURCES/0131-Measure-the-kernel-commandline.patch

d9d99f
From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
d9d99f
From: Matthew Garrett <mjg59@coreos.com>
d9d99f
Date: Sun, 9 Aug 2015 16:32:29 -0700
d9d99f
Subject: [PATCH] Measure the kernel commandline
d9d99f
d9d99f
Measure the kernel commandline to ensure that it hasn't been modified
d9d99f
---
d9d99f
 grub-core/lib/cmdline.c | 6 +++++-
d9d99f
 1 file changed, 5 insertions(+), 1 deletion(-)
d9d99f
d9d99f
diff --git a/grub-core/lib/cmdline.c b/grub-core/lib/cmdline.c
b71686
index 970ea868c..6b56304d4 100644
d9d99f
--- a/grub-core/lib/cmdline.c
d9d99f
+++ b/grub-core/lib/cmdline.c
d9d99f
@@ -19,6 +19,7 @@
d9d99f
 
d9d99f
 #include <grub/lib/cmdline.h>
d9d99f
 #include <grub/misc.h>
d9d99f
+#include <grub/tpm.h>
d9d99f
 
d9d99f
 static int
d9d99f
 is_hex(char c)
d9d99f
@@ -79,7 +80,7 @@ int grub_create_loader_cmdline (int argc, char *argv[], char *buf,
d9d99f
 {
d9d99f
   int i, space;
d9d99f
   unsigned int arg_size;
d9d99f
-  char *c;
d9d99f
+  char *c, *orig = buf;
d9d99f
 
d9d99f
   for (i = 0; i < argc; i++)
d9d99f
     {
d9d99f
@@ -125,5 +126,8 @@ int grub_create_loader_cmdline (int argc, char *argv[], char *buf,
d9d99f
 
d9d99f
   *buf = 0;
d9d99f
 
d9d99f
+  grub_tpm_measure ((void *)orig, grub_strlen (orig), GRUB_CMDLINE_PCR,
d9d99f
+		    "Kernel Commandline");
d9d99f
+
d9d99f
   return i;
d9d99f
 }