Re: [Trustedgrub-users] How do I properly extend the command lines in menu.lst to pcr-12?

SourceForge Headquarters 225 Broadway Suite 1600 San Diego, CA 92101 +1 (858) 422-6466

Hi Bill,

thanks for sharing.

> Three things: First if you look at TrustedGRUB's builtin.c file,  
> there are certain commands that are associated with the enum  
> BUILTIN_CMDLINE. Any commands that are not associated with this  
> value are NOT extended into PCR-12. For instance the lines beginning  
> with "default," "timeout," and "title" are NOT extended into PCR-12.

exactly, only the commands defined there are executed and therefore measured.

> Third: the kicker is that the stage2 code adds an implicit "boot"  
> command as the last command. I did not see this in the code but took  
> a guess. On the normal command line at boot you have to type "boot"  
> in order to continue the boot. So it makes sense there is an  
> implicit one. So this "boot" command is extended into PCR 12.
> And there are no 0x0A ASCII codes at the end of each command line.

Yep. You can see which commands are extended if you compile  
TrustedGRUB in verbose (or even more with show-sha1, then you will see  
each hash and command).
Also notice, that tabs or more than one blank will be stripped down to  
one blank.

Best regards
Marcel