sd-boot: measure kernel cmdline into PCR 12 rather than 8

Apparently Grub is measuring all kinds of garbage into PCR 8. Since people apparently chainload sd-boot from grub, let's thus stay away from PCR 8, and use PCR 12 instead for the kernel command line. As discussed here: #22635 Fixes: #22635
author: Lennart Poettering <lennart@poettering.net> 2022-03-16 10:51:03 +0100
committer: Lennart Poettering <lennart@poettering.net> 2022-03-16 17:44:32 +0100
commit: 4d32507f5186a89e98093659fbbe386787a97b9f (patch)
tree: e2db7d0dbb81dadfc081f46733246eb09172f978 /meson_options.txt
parent: 34604d6af70bc719eb338c0115ebdfdc5439ed1b (diff)
download: systemd-4d32507f5186a89e98093659fbbe386787a97b9f.tar.gz
1 files changed, 2 insertions, 0 deletions
diff --git a/meson_options.txt b/meson_options.txt
index 5d635748d5..284109cadf 100644
--- a/meson_options.txt
+++ b/meson_options.txt
@@ -426,6 +426,8 @@ option('efi-libdir', type : 'string',
        description : 'path to the EFI lib directory')
 option('efi-includedir', type : 'string', value : '/usr/include/efi',
        description : 'path to the EFI header directory')
+option('efi-tpm-pcr-compat', type : 'boolean', value : 'false',
+       description : 'Measure kernel command line also into TPM PCR 8 (in addition to 12)')
 option('sbat-distro', type : 'string', value : 'auto',
        description : 'SBAT distribution ID, e.g. fedora, or auto for autodetection')
 option('sbat-distro-generation', type : 'integer', value : 1,
author	Lennart Poettering <lennart@poettering.net>	2022-03-16 10:51:03 +0100
committer	Lennart Poettering <lennart@poettering.net>	2022-03-16 17:44:32 +0100
commit	4d32507f5186a89e98093659fbbe386787a97b9f (patch)
tree	e2db7d0dbb81dadfc081f46733246eb09172f978 /meson_options.txt
parent	34604d6af70bc719eb338c0115ebdfdc5439ed1b (diff)
download	systemd-4d32507f5186a89e98093659fbbe386787a97b9f.tar.gz