TrustedGRUB checkfile


  • Anonymous

    Hello All,

    I am attempting to use TrustedGRUB, specifically it's checkfile feature in Ubuntu 12.04.  I have gotten TrustedGRUB to successfully install, and boot. However when I try to implement the checkfile feature it will not accept my checkfile and says the syntax is incorrect.  Even though it is the exact same as the example on their website.  Here is my section of menu.lst pointing to the checkfile:

    title Ubuntu 12.04 LTS, kernel 3.2.0-23-generic-pae
    uuid 5f7439b8-cead-4fcd-afce-2befff31d1f5
    kernel /boot/vmlinuz-3.2.0-23-generic-pae root=UUID=5f7439b8-cead-4fcd-afce-2befff31d1f5 ro quiet splash
    initrd /boot/initrd.img-3.2.0-23-generic-pae
    #checkfile /boot/grub/check.file

    I am aware the documentation says to have the (hdX,Y) in the path for the checkfile. But I have tried it both ways and recieve the same result.

    My checkfile has one line (followed by a newline)  and looks like the following:

    f3d1a91bc73e7602b9e8ab25369adb6b4af7bc3a (hd0,0)/home/cartman/testfile.txt

    Has anyone been able to successfully  use checkfile?  If so I would appreciate viewing you checkfile, or any informtion you have regarding configuration.

    Thanks in advance!


  • Anonymous

    * I have the checkfile command commented out because my system will not boot otherwise.


  • Anonymous

    I was finally able to get checkfile to function and extend hashes into  PCR 13.  The trick is to not listen to the documentation.  It explicitly says on the TrustedGRUB developers page to have a new line character after every entry including the last one, they even go out of the way to remind you to have the last new line character!  However once i took out the last newline character it worked perfectly!

    Hope this helps any future users who run into the same issue.

  • I am having the same problem. Using Debian Lenny, I've tried all solutions from google, does not generate PCR13, can anyone help me?
    Everyone else is working, trustedGrub ok, ok PCR others,

    (sorry for my bad english)

  • Check with the "e" on the boot if the entry is there checkfile. I had a similar problem and solved (previous post). Edited the menu.lst and then used grub-install