Skip to content

Commit

Permalink
os-helpers-tpm2: compute_pcr7: allow overriding efivars
Browse files Browse the repository at this point in the history 
When computing the digest of PCR7, it may be necessary to override the
input variables used, in order to predict the value on the next boot.
Allow these inputs to be overridden using function parameters.

Change-type: patch
Signed-off-by: Joseph Kogut <joseph@balena.io>
  • Loading branch information
@jakogut
jakogut committed Mar 20, 2024
1 parent 80f9bd8 commit 3e0911a
Showing 1 changed file with 8 additions and 8 deletions.
16 changes: 8 additions & 8 deletions meta-balena-common/recipes-support/os-helpers/os-helpers/os-helpers-tpm2
View file
Expand Up @@ -51,15 +51,15 @@ EOF
)
for i in $inputs; do
var="${efivars_path}/${i}"
extend=$(
case $i in
"SecureBoot-${EFI_GLOBAL_VARIABLE_GUID}") override="${1}" ;;
"PK-${EFI_GLOBAL_VARIABLE_GUID}") override="${2}" ;;
"KEK-${EFI_GLOBAL_VARIABLE_GUID}") override="${3}" ;;
"db-${EFI_IMAGE_SECURITY_DATABASE_GUID}") override="${4}" ;;
"dbx-${EFI_IMAGE_SECURITY_DATABASE_GUID}") override="${5}" ;;
esac
case $i in
"SecureBoot-${EFI_GLOBAL_VARIABLE_GUID}") override="${1}" ;;
"PK-${EFI_GLOBAL_VARIABLE_GUID}") override="${2}" ;;
"KEK-${EFI_GLOBAL_VARIABLE_GUID}") override="${3}" ;;
"db-${EFI_IMAGE_SECURITY_DATABASE_GUID}") override="${4}" ;;
"dbx-${EFI_IMAGE_SECURITY_DATABASE_GUID}") override="${5}" ;;
esac

extend=$(
if [ -n "${override}" ]; then
echo "${override}" | _hexdecode | tcgtool "$var" | _sha256
else
Expand Down

0 comments on commit 3e0911a

Please sign in to comment.