diff options
| author | Peter Jones <pjones@redhat.com> | 2017-07-31 13:10:41 -0400 |
|---|---|---|
| committer | Peter Jones <pjones@redhat.com> | 2017-08-03 11:00:58 -0400 |
| commit | 431b8a2e75a71a0b1f47d47d3f045b1e3efbce53 (patch) | |
| tree | 237b7c4e8598bf2be1cd311819b46954ab532641 /fallback.c | |
| parent | 2d82a3899bc0dcc4de65035d7b3b214b14b8ed6a (diff) | |
| download | efi-boot-shim-431b8a2e75a71a0b1f47d47d3f045b1e3efbce53.tar.gz efi-boot-shim-431b8a2e75a71a0b1f47d47d3f045b1e3efbce53.zip | |
Make fallback aware of tpm measurements, and reboot if tpm is used.
Since booting the entry with fallback in the stack of things that got
measured will result in all the wrong PCR values, in the cases where TPM
is present and enabled, use ->Reset() instead of loading the Boot####
variable and executing its target.
Signed-off-by: Peter Jones <pjones@redhat.com>
Diffstat (limited to 'fallback.c')
| -rw-r--r-- | fallback.c | 9 |
1 files changed, 8 insertions, 1 deletions
@@ -12,6 +12,7 @@ #include "ucs2.h" #include "variables.h" +#include "tpm.h" EFI_LOADED_IMAGE *this_image = NULL; @@ -904,7 +905,13 @@ efi_main(EFI_HANDLE image, EFI_SYSTEM_TABLE *systab) return rc; } - try_start_first_option(image); + rc = fallback_should_prefer_reset(); + if (EFI_ERROR(rc)) { + VerbosePrint(L"tpm not present, starting the first image\n"); + try_start_first_option(image); + } else { + VerbosePrint(L"tpm present, resetting system\n"); + } Print(L"Reset System\n"); |