I went ahead and added support for measuring files to TPM PCRs to Shim so it now measures the next boot loader prior to execution. It's hardwired right now but was easy enough to implement. It helps extend the chain of trust upwards and enable further attestation.
Power management, mobile and firmware developer on Linux. Security developer at nvidia. Ex-biologist. Content here should not be interpreted as the opinion of my employer. Also on Mastodon and Bluesky.
![[personal profile]](https://www.dreamwidth.org/img/silk/identity/user.png){kind=small}
no subject
Date: 2013-12-05 03:26 pm (UTC)