diff options
| author | Chris Coulson <chris.coulson@canonical.com> | 2022-05-31 22:21:26 +0100 |
|---|---|---|
| committer | Peter Jones <pjones@redhat.com> | 2022-08-03 14:54:57 -0400 |
| commit | 0eb07e11b20680200d3ce9c5bc59299121a75388 (patch) | |
| tree | 1f4104419c70d4360bf52ffa4f9d410187f6e024 /Cryptlib/SysCall/TimerWrapper.c | |
| parent | 505cdb678b319fcf9a7fdee77c0f091b4147cbe5 (diff) | |
| download | efi-boot-shim-0eb07e11b20680200d3ce9c5bc59299121a75388.tar.gz efi-boot-shim-0eb07e11b20680200d3ce9c5bc59299121a75388.zip | |
Make SBAT variable payload introspectable
Given a set of EFI variables and boot assets, it should be possible
to compute what the value of PCR 7 will be on the next boot.
As shim manages the contents of the SbatLevel variable and this is
measured to PCR 7, export the payloads that shim contains in a new
COFF section (.sbatlevel) so that it can be introspected by code
outside of shim.
The new section works a bit like .vendor_cert - it contains a header
and then the payload. In this case, the header contains no size fields
because the strings are NULL terminated. Shim uses this new section
internally in set_sbat_uefi_variable.
The .sbatlevel section starts with a 4 byte version field which is
not used by shim but may be useful for external auditors if the
format of the section contents change in the future.
Signed-off-by: Chris Coulson <chris.coulson@canonical.com>
Diffstat (limited to 'Cryptlib/SysCall/TimerWrapper.c')
0 files changed, 0 insertions, 0 deletions