[SLOF] [PATCH 10/16] Implement measurements of the master boot record
Stefan Berger
stefanb at linux.vnet.ibm.com
Mon Aug 10 20:55:20 AEST 2015
This patch adds support for measuring the boot block of the
MBR and logging the measurement.
Signed-off-by: Stefan Berger <stefanb at linux.vnet.ibm.com>
---
board-js2x/slof/OF.fs | 2 ++
slof/fs/packages/disk-label.fs | 6 +++++-
slof/fs/tpm/tpm-static.fs | 13 +++++++++++++
3 files changed, 20 insertions(+), 1 deletion(-)
diff --git a/board-js2x/slof/OF.fs b/board-js2x/slof/OF.fs
index 3e37735..8e736c7 100644
--- a/board-js2x/slof/OF.fs
+++ b/board-js2x/slof/OF.fs
@@ -255,6 +255,8 @@ create vpd-bootlist 4 allot
#include <usb/usb-static.fs>
320 cp
#include <scsi-loader.fs>
+\\ need tpm-static for verbs in disk-labels.fs
+#include <tpm/tpm-static.fs>
#include <root.fs>
360 cp
#include "tree.fs"
diff --git a/slof/fs/packages/disk-label.fs b/slof/fs/packages/disk-label.fs
index e034d64..f827d72 100644
--- a/slof/fs/packages/disk-label.fs
+++ b/slof/fs/packages/disk-label.fs
@@ -545,7 +545,11 @@ B9E5 CONSTANT GPT-BASIC-DATA-PARTITION-2
\ load from a bootable partition
: load-from-boot-partition ( addr -- size )
debug-disk-label? IF ." Trying DOS boot " .s cr THEN
- dup load-from-dos-boot-partition ?dup 0 <> IF nip EXIT THEN
+ dup load-from-dos-boot-partition ?dup 0 <> IF
+ nip
+ 80 block 200 vtpm-add-bcv
+ EXIT
+ THEN
debug-disk-label? IF ." Trying CHRP boot " .s cr THEN
1 disk-chrp-boot !
diff --git a/slof/fs/tpm/tpm-static.fs b/slof/fs/tpm/tpm-static.fs
index 7954be2..bc5138a 100644
--- a/slof/fs/tpm/tpm-static.fs
+++ b/slof/fs/tpm/tpm-static.fs
@@ -44,6 +44,19 @@ false VALUE vtpm-debug?
THEN
;
+: vtpm-add-bcv ( boodrv addr length -- )
+ vtpm-available? IF
+ tpm-add-bcv ( -- errcode )
+ vtpm-debug? IF
+ ." VTPM: Error code from tpm-add-bootdevice-ipl: " . cr
+ ELSE
+ drop
+ THEN
+ ELSE
+ 3drop
+ THEN
+;
+
1 CONSTANT TPM_ST_ENABLED
2 CONSTANT TPM_ST_ACTIVE
4 CONSTANT TPM_ST_OWNED
--
1.9.3
More information about the SLOF
mailing list