Blame SOURCES/0011-Add-GRUB-s-PCR-Usage-to-README.tpm.patch
|
 |
00e791 |
From bd97e72f0490b2be766949f448bf6ea3ec2bba1a Mon Sep 17 00:00:00 2001
|
|
|
00e791 |
From: Peter Jones <pjones@redhat.com>
|
|
|
00e791 |
Date: Wed, 1 Aug 2018 09:58:09 -0500
|
|
|
00e791 |
Subject: [PATCH 11/62] Add GRUB's PCR Usage to README.tpm
|
|
|
00e791 |
|
|
|
00e791 |
This didn't seem to get documented anywhere, and this is as good a place as any.
|
|
|
00e791 |
Upstream-commit-id: 4fab7281a8c
|
|
|
00e791 |
---
|
|
|
00e791 |
README.tpm | 9 +++++++++
|
|
|
00e791 |
1 file changed, 9 insertions(+)
|
|
|
00e791 |
|
|
|
00e791 |
diff --git a/README.tpm b/README.tpm
|
|
|
00e791 |
index b7314f12d57..d9c7c53483b 100644
|
|
|
00e791 |
--- a/README.tpm
|
|
|
00e791 |
+++ b/README.tpm
|
|
|
00e791 |
@@ -19,6 +19,15 @@ PCR7:
|
|
|
00e791 |
- MokSBState will be extended into PCR7 if it is set, logged as
|
|
|
00e791 |
"MokSBState".
|
|
|
00e791 |
|
|
|
00e791 |
+PCR8:
|
|
|
00e791 |
+- If you're using the grub2 TPM patchset we cary in Fedora, the kernel command
|
|
|
00e791 |
+ line and all grub commands (including all of grub.cfg that gets run) are
|
|
|
00e791 |
+ measured into PCR8.
|
|
|
00e791 |
+
|
|
|
00e791 |
+PCR9:
|
|
|
00e791 |
+- If you're using the grub2 TPM patchset we cary in Fedora, the kernel,
|
|
|
00e791 |
+ initramfs, and any multiboot modules loaded are measured into PCR9.
|
|
|
00e791 |
+
|
|
|
00e791 |
PCR14:
|
|
|
00e791 |
- MokList, MokListX, and MokSBState will be extended into PCR14 if they are
|
|
|
00e791 |
set.
|
|
|
00e791 |
--
|
|
|
00e791 |
2.26.2
|
|
|
00e791 |
|