Dev question about UEFI implmentation

[Tutul-]

Hi, I've some question about the UEFI implementation guideline and a comparison with how Grub2 work nowadays with TPM.
(yea I read #15 #23 as well as #82 and #17)

I want to try and help to port TrustedGrub2 to UEFI but first I want your advices one those point :

• Is it ok to pull changes from Grub 2.04 and build TrustedGrub on top of it with the current security features replacing the one of the tpm.mod from upstream ? This should make help update this security bootloader and may help with developing TPM2 support.
• With UEFI, we use a single efi binary file (no more boot + core). The PCR status should be modified to reflect that. But I don't think of a way we can keep coherent between legacy and uefi mode as we don't need to measure anything before the commands). Is it ok for UEFI mode to move PCR10 to PCR8 as we don't require the two first measurement ?
• We may want to include all configfile in PCR13 like Grub 2.04 does for PCR9

Any other stuff I need to consider ?

[securitykernel]

Unfortunately, this project is deprecated and no longer maintained. I will be closing this issue.