Make fallback aware of tpm measurements, and reboot if tpm is used.

Since booting the entry with fallback in the stack of things that got measured will result in all the wrong PCR values, in the cases where TPM is present and enabled, use ->Reset() instead of loading the Boot#### variable and executing its target. Signed-off-by: Peter Jones <pjones@redhat.com>
author: Peter Jones <pjones@redhat.com> 2017-07-31 13:10:41 -0400
committer: Peter Jones <pjones@redhat.com> 2017-08-03 11:00:58 -0400
commit: 431b8a2e75a71a0b1f47d47d3f045b1e3efbce53 (patch)
tree: 237b7c4e8598bf2be1cd311819b46954ab532641 /tpm.h
parent: 2d82a3899bc0dcc4de65035d7b3b214b14b8ed6a (diff)
download: efi-boot-shim-431b8a2e75a71a0b1f47d47d3f045b1e3efbce53.tar.gz
efi-boot-shim-431b8a2e75a71a0b1f47d47d3f045b1e3efbce53.zip
1 files changed, 1 insertions, 0 deletions
diff --git a/tpm.h b/tpm.h
index e3c2b923..d11b545b 100644
--- a/tpm.h
+++ b/tpm.h
@@ -8,6 +8,7 @@
 
 EFI_STATUS tpm_log_event(EFI_PHYSICAL_ADDRESS buf, UINTN size, UINT8 pcr,
 			 const CHAR8 *description);
+EFI_STATUS fallback_should_prefer_reset(void);
 
 EFI_STATUS tpm_log_pe(EFI_PHYSICAL_ADDRESS buf, UINTN size, UINT8 *sha1hash,
 		      UINT8 pcr);
author	Peter Jones <pjones@redhat.com>	2017-07-31 13:10:41 -0400
committer	Peter Jones <pjones@redhat.com>	2017-08-03 11:00:58 -0400
commit	431b8a2e75a71a0b1f47d47d3f045b1e3efbce53 (patch)
tree	237b7c4e8598bf2be1cd311819b46954ab532641 /tpm.h
parent	2d82a3899bc0dcc4de65035d7b3b214b14b8ed6a (diff)
download	efi-boot-shim-431b8a2e75a71a0b1f47d47d3f045b1e3efbce53.tar.gz efi-boot-shim-431b8a2e75a71a0b1f47d47d3f045b1e3efbce53.zip