1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
|
The following PCRs are extended by shim:
PCR4:
- the Authenticode hash of the binary being loaded will be extended into
PCR4 before SB verification.
- the hash of any binary for which Verify is called through the shim_lock
protocol
PCR7:
- Any certificate in one of our certificate databases that matches a binary
we try to load will be extended into PCR7. That includes:
- DBX - the system denylist, logged as "dbx"
- MokListX - the Mok denylist, logged as "MokListX"
- vendor_dbx - shim's built-in vendor denylist, logged as "dbx"
- DB - the system allowlist, logged as "db"
- vendor_db - shim's built-in vendor allowlist, logged as "vendor_db"
- MokListRT the runtime Mok allowlist, logged as "MokListRT"
- vendor_cert - shim's built-in vendor allowlist, logged as "Shim"
- shim_cert - shim's build-time generated allowlist, logged as "Shim"
- MokSBState will be extended into PCR7 if it is set, logged as
"MokSBState".
- SBAT will be extended into PCR7 if it is set, logged as "SBAT"
Note: In the past this document called out that vendor_db was logged as
"db", when in fact the code didn't do that. Since changing the code
risks breaking recorded logs, the documentation is update to reflect
reality. vendor_dbx is in fact logged as "dbx".
PCR8:
- If you're using the grub2 TPM patchset we cary in Fedora, the kernel command
line and all grub commands (including all of grub.cfg that gets run) are
measured into PCR8.
PCR9:
- If you're using the grub2 TPM patchset we carry in Fedora, the kernel,
initramfs, and any multiboot modules loaded are measured into PCR9.
PCR14:
- MokList, MokListX, and MokSBState will be extended into PCR14 if they are
set.
|
