[SLOF] [PATCH 10/16] Implement measurements of the master boot record

Nikunj A Dadhania nikunj at linux.vnet.ibm.com
Thu Nov 12 16:15:18 AEDT 2015 

Stefan Berger <stefanb at linux.vnet.ibm.com> writes:

> On 11/09/2015 05:57 AM, Nikunj A Dadhania wrote:
>> Stefan Berger <stefanb at linux.vnet.ibm.com> writes:
>>
>>> This patch adds support for measuring the boot block of the
>>> MBR and logging the measurement.
>> GPT support ?
>
> Will add an additional patch once I have a distro to play with. Which 
> distro uses it?
>
>>
>>> Signed-off-by: Stefan Berger <stefanb at linux.vnet.ibm.com>
>>> ---
>>>   board-js2x/slof/OF.fs          |  2 ++
>>>   slof/fs/packages/disk-label.fs |  6 +++++-
>>>   slof/fs/tpm/tpm-static.fs      | 13 +++++++++++++
>>>   3 files changed, 20 insertions(+), 1 deletion(-)
>>>
>>> diff --git a/board-js2x/slof/OF.fs b/board-js2x/slof/OF.fs
>>> index 3e37735..8e736c7 100644
>>> --- a/board-js2x/slof/OF.fs
>>> +++ b/board-js2x/slof/OF.fs
>> Why js2x ?
>
> Avoid compilation error.

OK

>
>>
>>> @@ -255,6 +255,8 @@ create vpd-bootlist 4 allot
>>>   #include <usb/usb-static.fs>
>>>   320 cp
>>>   #include <scsi-loader.fs>
>>> +\\ need tpm-static for verbs in disk-labels.fs
>>> +#include <tpm/tpm-static.fs>
>>>   #include <root.fs>
>>>   360 cp
>>>   #include "tree.fs"
>>> diff --git a/slof/fs/packages/disk-label.fs b/slof/fs/packages/disk-label.fs
>>> index e034d64..f827d72 100644
>>> --- a/slof/fs/packages/disk-label.fs
>>> +++ b/slof/fs/packages/disk-label.fs
>>> @@ -545,7 +545,11 @@ B9E5                CONSTANT GPT-BASIC-DATA-PARTITION-2
>>>   \ load from a bootable partition
>>>   : load-from-boot-partition ( addr -- size )
>>>      debug-disk-label? IF ." Trying DOS boot " .s cr THEN
>>> -   dup load-from-dos-boot-partition ?dup 0 <> IF nip EXIT THEN
>>> +   dup load-from-dos-boot-partition ?dup 0 <> IF
>>> +      nip
>>> +      80 block 200 vtpm-add-bcv
>> what does 80 mean ?
>
> Ah, cannot drop the bcv function...

Yes.

>
> 0x200 is a length indicator. We will be measuring 512 bytes in total. 
> 0x80 is an indicator for the hard disk -- comes from the PC world. I can 
> replace this with a constant.

Yes, will help.

Regards
Nikunj

More information about the SLOF mailing list