Log measurements in PCR4 for applications being verified through shim_lock

Currently the only measurement the shim logs in the TPM is that of the EFI
application it directly loads. However, there are no measurements being taken
of application that are being verified through the shim_lock protocol. In this
patch we extend PCR4 for any binary for which Verify is being called through
the shim_lock protocol.

Signed-off-by: Tamas K Lengyel <lengyelt@ainfosec.com>

2 files changed, 6 insertions, 0 deletions

diff --git a/README.tpm b/README.tpm
index 261bcd05..b7314f12 100644
--- a/README.tpm
+++ b/README.tpm
@@ -3,6 +3,8 @@ The following PCRs are extended by shim:
 PCR4:
 - the Authenticode hash of the binary being loaded will be extended into
   PCR4 before SB verification.
+- the hash of any binary for which Verify is called through the shim_lock
+  protocol
 
 PCR7:
 - Any certificate in one of our certificate databases that matches a binary
diff --git a/shim.c b/shim.c
index 2ab3dfe7..8fe70cb8 100644
--- a/shim.c
+++ b/shim.c
@@ -1820,7 +1820,11 @@ EFI_STATUS shim_verify (void *buffer, UINT32 size)
 	if (status != EFI_SUCCESS)
 		goto done;
 
+	/* Measure the binary into the TPM */
+	tpm_log_pe((EFI_PHYSICAL_ADDRESS)(UINTN)buffer, size, sha1hash, 4);
+
 	status = verify_buffer(buffer, size, &context, sha256hash, sha1hash);
+
 done:
 	in_protocol = 0;
 	return status;