public/nixpkgs
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Merge pull request #9077 from ts468/upstream.tcsd

Browse Source 
tcsd module: expose firmwarePCRs and kernelPCRs
This commit is contained in:
Arseniy Seroka 2015-08-02 03:47:06 +03:00
commit b563775994
1 changed files with 18 additions and 6 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

16
nixos/modules/services/hardware/tcsd.nix
View File

@ -17,8 +17,8 @@ let
# what is available directly from the PCR registers. # what is available directly from the PCR registers.
firmware_log_file = /sys/kernel/security/tpm0/binary_bios_measurements firmware_log_file = /sys/kernel/security/tpm0/binary_bios_measurements
kernel_log_file = /sys/kernel/security/ima/binary_runtime_measurements kernel_log_file = /sys/kernel/security/ima/binary_runtime_measurements
#firmware_pcrs = 0,1,2,3,4,5,6,7 firmware_pcrs = ${cfg.firmwarePCRs}
#kernel_pcrs = 10,11 kernel_pcrs = ${cfg.kernelPCRs}
platform_cred = ${cfg.platformCred} platform_cred = ${cfg.platformCred}
conformance_cred = ${cfg.conformanceCred} conformance_cred = ${cfg.conformanceCred}
endorsement_cred = ${cfg.endorsementCred} endorsement_cred = ${cfg.endorsementCred}
@ -69,6 +69,18 @@ in
''; '';
}; };
firmwarePCRs = mkOption {
default = "0,1,2,3,4,5,6,7";
type = types.string;
description = "PCR indices used in the TPM for firmware measurements.";
};
kernelPCRs = mkOption {
default = "10,11";
type = types.string;
description = "PCR indices used in the TPM for kernel measurements.";
};
platformCred = mkOption { platformCred = mkOption {
default = "${cfg.stateDir}/platform.cert"; default = "${cfg.stateDir}/platform.cert";
type = types.path; type = types.path;