[Skiboot] [PATCH 2/3] libstb/stb.c: measure the IMA_CATALOG partition
Stewart Smith
stewart at linux.vnet.ibm.com
Wed Sep 20 16:19:02 AEST 2017
Claudio Carvalho <cclaudio at linux.vnet.ibm.com> writes:
> This maps a PCR number for the IMA_CATALOG partition so that it can be
> measured (extended to the mapped PCR).
>
> Signed-off-by: Claudio Carvalho <cclaudio at linux.vnet.ibm.com>
> ---
> libstb/stb.c | 1 +
> 1 file changed, 1 insertion(+)
>
> diff --git a/libstb/stb.c b/libstb/stb.c
> index eab04eb..15aa682 100644
> --- a/libstb/stb.c
> +++ b/libstb/stb.c
> @@ -58,6 +58,7 @@ static struct {
> enum resource_id id;
> TPM_Pcr pcr;
> } resources[] = {
> + { RESOURCE_ID_IMA_CATALOG, PCR_4 },
> { RESOURCE_ID_KERNEL, PCR_4 },
> { RESOURCE_ID_CAPP, PCR_2 },
> };
Our current async resource loading *currently* does so serially,
although there's no real requirement that this would be the
case in the future. Thus, we probably want something here to enforce
order if we're extending the same PCR?
Otherwise I forsee accepting an amazing patch that subtley makes the
order non-deterministic and we only find out ages later when somebody is
looking at PCR values and wondering why they're only consistent 99/100
boots.
--
Stewart Smith
OPAL Architect, IBM.
More information about the Skiboot
mailing list