[systemd-devel] Trying to understand change in PCR 4 extension behavior
Andrei Borzenkov
arvidjaar at gmail.com
Mon Dec 19 18:36:20 UTC 2022
On 14.12.2022 20:28, Kyle Rose wrote:
...
>
> However, in v252, the corresponding event occurs earlier in the log
> and (after some measurements extending PCR 11) is followed by another
> BSA event extending PCR 4 with a DevicePath I can't parse from a call
> I can't seem to find in the systemd source code:
>
> - EventNum: 34
> PCRIndex: 4
> EventType: EV_EFI_BOOT_SERVICES_APPLICATION
> DigestCount: 2
> Digests:
> - AlgorithmId: sha1
> Digest: "9a3c68bb105e4c4e70cbc3375bd45d616e220586"
> - AlgorithmId: sha256
> Digest: "36e49f2a0c246db5836b85319e7b2ae04690aca40227895902870a54a054c78b"
> EventSize: 56
> Event:
> ImageLocationInMemory: 0xb7c36000
> ImageLengthInMemory: 7793888
> ImageLinkTimeAddress: 0x1000000
> LengthOfDevicePath: 24
> DevicePath: '04031400f8d1c555cd04b5468a20e56cbb3052d07fff0400'
>
> Can someone help me decode this so I can figure out where this event
> originates, or (if this event is well-known to the folks working on
> the trusted computing portion of systemd) tell me where this extension
> is triggered in the source code? That will at least help me find and
> hopefully understand the relevant change.
>
This is media device path type with vendor subtype, vendor GUID is
STUB_PAYLOAD_GUID defined and used in src/boot/efi/linux.c.
More information about the systemd-devel
mailing list