summaryrefslogtreecommitdiff
path: root/README.tpm
AgeCommit message (Collapse)Author
2020-08-04Add support for vendor_db built-in shim whitelistAlexander Burmashev
Potential new signing strategies ( for example signing grub, fwupdate and vmlinuz with separate certificates ) require shim to support a vendor provided bundle of trusted certificates and hashes, which allows shim to "whitelist" EFI binaries matching either certificate by signature, or hash in the vendor_db.. Functionality is similar to vendor_dbx ( vendor blacklist ). Patch is a polished version of code, authored by P. Jones. Signed-off-by: Alex Burmashev <alexander.burmashev@oracle.com>
2020-08-04Add GRUB's PCR Usage to README.tpmPeter Jones
This didn't seem to get documented anywhere, and this is as good a place as any. Upstream-commit-id: 4fab7281a8c
2018-03-06Log measurements in PCR4 for applications being verified through shim_lockTamas K Lengyel
Currently the only measurement the shim logs in the TPM is that of the EFI application it directly loads. However, there are no measurements being taken of application that are being verified through the shim_lock protocol. In this patch we extend PCR4 for any binary for which Verify is being called through the shim_lock protocol. Signed-off-by: Tamas K Lengyel <lengyelt@ainfosec.com>
2017-08-03Add README.tpm to explain which PCRs we extend things to.Peter Jones
Signed-off-by: Peter Jones <pjones@redhat.com>
generated by cgit v1.2.3 (git 2.39.1) at 2025-09-01 05:39:45 +0000