Today I looked into your GRUB2-TPM2 source code and finally realized it's actually working, but extends the kernel image and initrd into PCR 9, instead of PCR 10~14. In your blog article, you said these values will be extended to PCR 10~14, which is different from your actual implementation.
Here I manually created grub_printf() logs of all PCR extension events occuring upon booting.
[execute.c] log is for extending GRUB2's executed commands. [dl.c] log is for extending .mod module files loaded. [i386/linux.c] log is for extending Linux kernel file loaded. [linux.c] log is for extending Initrd RAM disk loaded.
For log parameters,
- version: TPM version (1.2 or 2) - size: file size (bytes) - pcr: PCR register number (8 is for extending human-readable ASCII values, 9 is for extending bynary files) - description: the target to be extended (either GRUB2 commands or module/kernel/ramdisk filenames)
TPM2-GRUB2 resolved
Today I looked into your GRUB2-TPM2 source code and finally realized it's actually working, but extends the kernel image and initrd into PCR 9, instead of PCR 10~14. In your blog article, you said these values will be extended to PCR 10~14, which is different from your actual implementation.
Here I manually created grub_printf() logs of all PCR extension events occuring upon booting.
GRUB2 TPM2 Screenshot: http://bigmail.mail.daum.net/Mail-bin/bigfile_down?uid=3CTYs-xo5EfJy9-Ui8oDlgp-zJRm9skt
[execute.c] log is for extending GRUB2's executed commands.
[dl.c] log is for extending .mod module files loaded.
[i386/linux.c] log is for extending Linux kernel file loaded.
[linux.c] log is for extending Initrd RAM disk loaded.
For log parameters,
- version: TPM version (1.2 or 2)
- size: file size (bytes)
- pcr: PCR register number (8 is for extending human-readable ASCII values, 9 is for extending bynary files)
- description: the target to be extended (either GRUB2 commands or module/kernel/ramdisk filenames)