Remove call to TPM2 get_event_log() - efi-boot-shim.git - (mirror of https://github.com/vyos/efi-boot-shim.git)

diff options

author	Matthew Garrett <mjg59@google.com>	2018-12-11 15:25:44 -0800
committer	Peter Jones <pjones@redhat.com>	2020-07-23 20:52:12 -0400
commit	cf3f99c3b1e11c8c83938784975331db5efb410f (patch)
tree	56d726c8283e9463cbce0d6dbcb660c685601ca5 /lib/variables.c
parent	ff890cf45224926574eee93b0ea1494468870bd3 (diff)
download	efi-boot-shim-cf3f99c3b1e11c8c83938784975331db5efb410f.tar.gz efi-boot-shim-cf3f99c3b1e11c8c83938784975331db5efb410f.zip

Remove call to TPM2 get_event_log()

Calling the TPM2 get_event_log causes the firmware to start logging events to the final events table, but implementations may also continue logging to the boot services event log. Any OS that wishes to reconstruct the full PCR state must already look at both the final events log and the boot services event log, so if this call is made anywhere other than immediately before ExitBootServices() then the OS must deduplicate events that occur in both, complicating things immensely. Linux already has support for copying up the boot services event log across the ExitBootServices() boundary, so there's no reason to make this call. Remove it. Signed-off-by: Matthew Garrett <mjg59@google.com> Upstream-commit-id: fd7c3bd920b

Diffstat (limited to 'lib/variables.c')

0 files changed, 0 insertions, 0 deletions


context:
space:
mode: