On 14.12.2022 20:28, Kyle Rose wrote:
...
However, in v252, the corresponding event occurs earlier in the log
and (after some measurements extending PCR 11) is followed by another
BSA event extending PCR 4 with a DevicePath I can't parse from a call
I can't seem to find in the systemd source code:
- EventNum: 34
PCRIndex: 4
EventType: EV_EFI_BOOT_SERVICES_APPLICATION
DigestCount: 2
Digests:
- AlgorithmId: sha1
Digest: "9a3c68bb105e4c4e70cbc3375bd45d616e220586"
- AlgorithmId: sha256
Digest: "36e49f2a0c246db5836b85319e7b2ae04690aca40227895902870a54a054c78b"
EventSize: 56
Event:
ImageLocationInMemory: 0xb7c36000
ImageLengthInMemory: 7793888
ImageLinkTimeAddress: 0x1000000
LengthOfDevicePath: 24
DevicePath: '04031400f8d1c555cd04b5468a20e56cbb3052d07fff0400'
Can someone help me decode this so I can figure out where this event
originates, or (if this event is well-known to the folks working on
the trusted computing portion of systemd) tell me where this extension
is triggered in the source code? That will at least help me find and
hopefully understand the relevant change.
This is media device path type with vendor subtype, vendor GUID is
STUB_PAYLOAD_GUID defined and used in src/boot/efi/linux.c.
