mirrors/flatcar-scripts
1
0
Fork 0
mirror of https://github.com/flatcar/scripts.git synced 2025-09-22 14:11:07 +02:00
Code Issues Packages Projects Releases Wiki Activity

build_library/grub.cfg: Enable TPM module by default

Browse Source 
For binding a secret to the OS we need TPM PCRs that measure the kernel
and boot configuration (UEFI). Used for:
https://github.com/flatcar/flatcar-website/pull/317
This commit is contained in:
Kai Lueke 2024-04-09 16:55:47 +09:00
parent 0bebfd9243
commit 834d32efa8
2 changed files with 3 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
build_library/grub_install.sh
View File

@ -60,7 +60,7 @@ case "${FLAGS_target}" in
CORE_NAME="core.img" CORE_NAME="core.img"
;; ;;
x86_64-efi) x86_64-efi)
CORE_MODULES+=( serial linux efi_gop efinet pgp http tftp ) CORE_MODULES+=( serial linux efi_gop efinet pgp http tftp tpm )
CORE_NAME="core.efi" CORE_NAME="core.efi"
SBAT_ARG=( --sbat "${BOARD_ROOT}/usr/share/grub/sbat.csv" ) SBAT_ARG=( --sbat "${BOARD_ROOT}/usr/share/grub/sbat.csv" )
;; ;;
@ -68,7 +68,7 @@ case "${FLAGS_target}" in
CORE_NAME="core.elf" CORE_NAME="core.elf"
;; ;;
arm64-efi) arm64-efi)
CORE_MODULES+=( serial linux efi_gop efinet pgp http tftp ) CORE_MODULES+=( serial linux efi_gop efinet pgp http tftp tpm )
CORE_NAME="core.efi" CORE_NAME="core.efi"
BOARD_GRUB=1 BOARD_GRUB=1
SBAT_ARG=( --sbat "${BOARD_ROOT}/usr/share/grub/sbat.csv" ) SBAT_ARG=( --sbat "${BOARD_ROOT}/usr/share/grub/sbat.csv" )

1
changelog/changes/2024-04-09-grub-tpm.md Normal file
View File

@ -0,0 +1 @@
- Enabled the GRUB TPM2 module to measure the boot code path and files into PCR 8+9 in UEFI ([scripts#1861](https://github.com/flatcar/scripts/pull/1861))