summaryrefslogtreecommitdiff
path: root/README.tpm
AgeCommit message (Collapse)Author
2020-07-23Add support for vendor_db built-in shim authorized list.Peter Jones
Potential new signing strategies ( for example signing grub, fwupdate and vmlinuz with separate certificates ) require shim to support a vendor provided bundle of trusted certificates and hashes, which allows shim to trust EFI binaries matching either certificate by signature or hash in the vendor_db. Functionality is similar to vendor_dbx. This also improves the mirroring quite a bit. Upstream: pr#206
2020-07-23Update README.tpmnoahbliss
typo Upstream-commit-id: bc24c9eb1d4
2020-07-23Add GRUB's PCR Usage to README.tpmPeter Jones
This didn't seem to get documented anywhere, and this is as good a place as any. Upstream-commit-id: 4fab7281a8c
2018-03-06Log measurements in PCR4 for applications being verified through shim_lockTamas K Lengyel
Currently the only measurement the shim logs in the TPM is that of the EFI application it directly loads. However, there are no measurements being taken of application that are being verified through the shim_lock protocol. In this patch we extend PCR4 for any binary for which Verify is being called through the shim_lock protocol. Signed-off-by: Tamas K Lengyel <lengyelt@ainfosec.com>
2017-08-03Add README.tpm to explain which PCRs we extend things to.Peter Jones
Signed-off-by: Peter Jones <pjones@redhat.com>
generated by cgit v1.2.3 (git 2.39.1) at 2025-09-02 07:05:33 +0000