From 4d32507f5186a89e98093659fbbe386787a97b9f Mon Sep 17 00:00:00 2001
From: Lennart Poettering <lennart@poettering.net>
Date: Wed, 16 Mar 2022 10:51:03 +0100
Subject: sd-boot: measure kernel cmdline into PCR 12 rather than 8

Apparently Grub is measuring all kinds of garbage into PCR 8. Since people
apparently chainload sd-boot from grub, let's thus stay away from PCR 8,
and use PCR 12 instead for the kernel command line.

As discussed here: #22635

Fixes: #22635
---
 meson_options.txt | 2 ++
 1 file changed, 2 insertions(+)

(limited to 'meson_options.txt')

diff --git a/meson_options.txt b/meson_options.txt
index 5d635748d5..284109cadf 100644
--- a/meson_options.txt
+++ b/meson_options.txt
@@ -426,6 +426,8 @@ option('efi-libdir', type : 'string',
        description : 'path to the EFI lib directory')
 option('efi-includedir', type : 'string', value : '/usr/include/efi',
        description : 'path to the EFI header directory')
+option('efi-tpm-pcr-compat', type : 'boolean', value : 'false',
+       description : 'Measure kernel command line also into TPM PCR 8 (in addition to 12)')
 option('sbat-distro', type : 'string', value : 'auto',
        description : 'SBAT distribution ID, e.g. fedora, or auto for autodetection')
 option('sbat-distro-generation', type : 'integer', value : 1,
-- 
cgit v1.2.1