kernel-6.1, -6.12: disable PCR 9 measurement

bcressey · bcressey · commit 310060ae4d79 · 2025-11-05T05:34:41.000Z
On aarch64, the kernel measures the command line from the bootloader
into PCR 9 during early boot. As the sequence below shows, this takes
place before bootconfig can be parsed.

  efi_pe_entry()
    ↓
  efi_handle_cmdline(image, &amp;cmdline_ptr)
    ↓
  efi_convert_cmdline(image, &amp;cmdline_size)
    - Measures boot_command_line into PCR 9
    ↓
  handle_kernel_image()
    ↓
  efi_stub_common()
    ↓
  efi_boot_kernel()
    ↓
  efi_enter_kernel()
    ↓
  [architecture-specific early setup]
    ↓
  start_kernel()
    ↓
  setup_arch(&amp;command_line)
    ↓
  setup_boot_config()
    - Extracts bootconfig from initrd
    - Sets up extra_command_line
    ↓
  setup_command_line(command_line)
    - Concatenates extra_command_line + boot_command_line

Since an incomplete measurement results in a PCR value that's hard to
predict, disable the kernel's measurement and rely on the verified
userspace to measure the final value from /proc/cmdline.

Signed-off-by: Ben Cressey &lt;bcressey@amazon.com&gt;
diff --git a/packages/kernel-6.1/1007-efi-libstub-don-t-measure-kernel-command-line-into-P.patch b/packages/kernel-6.1/1007-efi-libstub-don-t-measure-kernel-command-line-into-P.patch
@@ -0,0 +1,33 @@
+From fa0eefb655d457b24bdaffab3e7beb968faae223 Mon Sep 17 00:00:00 2001
+From: Ben Cressey <bcressey@amazon.com>
+Date: Tue, 4 Nov 2025 16:42:55 +0000
+Subject: [PATCH] efi/libstub: don't measure kernel command line into PCR 9
+
+The kernel command line can be extended via bootconfig, which may add
+additional parameters but depends on initrd parsing that happens at a
+later point in the boot.
+
+Disable the boot-time measurement so that the verified userspace can
+perform a complete measurement later.
+
+Signed-off-by: Ben Cressey <bcressey@amazon.com>
+---
+ drivers/firmware/efi/libstub/efi-stub-helper.c | 2 ++
+ 1 file changed, 2 insertions(+)
+
+diff --git a/drivers/firmware/efi/libstub/efi-stub-helper.c b/drivers/firmware/efi/libstub/efi-stub-helper.c
+index 587ba946ba9d..e932673f5209 100644
+--- a/drivers/firmware/efi/libstub/efi-stub-helper.c
++++ b/drivers/firmware/efi/libstub/efi-stub-helper.c
+@@ -431,9 +431,11 @@ char *efi_convert_cmdline(efi_loaded_image_t *image, int *cmd_line_len)
+ 	efi_status_t status;
+ 	u32 options_chars;
+ 
++#if 0
+ 	if (options_size > 0)
+ 		efi_measure_tagged_event((unsigned long)options, options_size,
+ 					 EFISTUB_EVT_LOAD_OPTIONS);
++#endif
+ 
+ 	efi_apply_loadoptions_quirk((const void **)&options, &options_size);
+ 	options_chars = options_size / sizeof(efi_char16_t);
diff --git a/packages/kernel-6.1/kernel-6.1.spec b/packages/kernel-6.1/kernel-6.1.spec
@@ -57,6 +57,8 @@ Patch1004: 1004-af_unix-increase-default-max_dgram_qlen-to-512.patch
 Patch1005: 1005-Revert-Revert-drm-fb_helper-improve-CONFIG_FB-depend.patch
 # Backport patch to ensure NUL-terminated task->comm buffer
 Patch1006: 1006-strscpy-write-destination-buffer-only-once.patch
+# Disable incomplete measurement into PCR 9 on aarch64.
+Patch1007: 1007-efi-libstub-don-t-measure-kernel-command-line-into-P.patch
 
 BuildRequires: bc
 BuildRequires: elfutils-devel
diff --git a/packages/kernel-6.12/1008-efi-libstub-don-t-measure-kernel-command-line-into-P.patch b/packages/kernel-6.12/1008-efi-libstub-don-t-measure-kernel-command-line-into-P.patch
@@ -0,0 +1,33 @@
+From 7582a3b837ddffaddf2a4121285464b8655fe4f0 Mon Sep 17 00:00:00 2001
+From: Ben Cressey <bcressey@amazon.com>
+Date: Tue, 4 Nov 2025 16:42:55 +0000
+Subject: [PATCH] efi/libstub: don't measure kernel command line into PCR 9
+
+The kernel command line can be extended via bootconfig, which may add
+additional parameters but depends on initrd parsing that happens at a
+later point in the boot.
+
+Disable the boot-time measurement so that the verified userspace can
+perform a complete measurement later.
+
+Signed-off-by: Ben Cressey <bcressey@amazon.com>
+---
+ drivers/firmware/efi/libstub/efi-stub-helper.c | 2 ++
+ 1 file changed, 2 insertions(+)
+
+diff --git a/drivers/firmware/efi/libstub/efi-stub-helper.c b/drivers/firmware/efi/libstub/efi-stub-helper.c
+index 1ad414da9920..f8363a5d31f7 100644
+--- a/drivers/firmware/efi/libstub/efi-stub-helper.c
++++ b/drivers/firmware/efi/libstub/efi-stub-helper.c
+@@ -338,9 +338,11 @@ char *efi_convert_cmdline(efi_loaded_image_t *image, int *cmd_line_len)
+ 	efi_status_t status;
+ 	u32 options_chars;
+ 
++#if 0
+ 	if (options_size > 0)
+ 		efi_measure_tagged_event((unsigned long)options, options_size,
+ 					 EFISTUB_EVT_LOAD_OPTIONS);
++#endif
+ 
+ 	efi_apply_loadoptions_quirk((const void **)&options, &options_size);
+ 	options_chars = options_size / sizeof(efi_char16_t);
diff --git a/packages/kernel-6.12/kernel-6.12.spec b/packages/kernel-6.12/kernel-6.12.spec
@@ -60,6 +60,8 @@ Patch1005: 1005-Lustre-cast-unsigned-long-to-pointer.patch
 Patch1006: 1006-Select-prerequisites-for-gpu-drivers.patch
 # Backport patch to ensure NUL-terminated task->comm buffer
 Patch1007: 1007-strscpy-write-destination-buffer-only-once.patch
+# Disable incomplete measurement into PCR 9 on aarch64.
+Patch1008: 1008-efi-libstub-don-t-measure-kernel-command-line-into-P.patch
 
 BuildRequires: bc
 BuildRequires: elfutils-devel
