build_library/grub.cfg: Enable TPM module by default

For binding a secret to the OS we need TPM PCRs that measure the kernel and boot configuration. Used for: flatcar/flatcar-website#317
flatcar · Apr 9, 2024 · a46e2a3 · a46e2a3
1 parent 385b929
commit a46e2a3
Show file tree

Hide file tree

Showing 2 changed files with 2 additions and 1 deletion.
diff --git a/build_library/grub_install.sh b/build_library/grub_install.sh
@@ -43,7 +43,7 @@ GRUB_DIR="flatcar/grub/${FLAGS_target}"
 GRUB_SRC="/usr/lib/grub/${FLAGS_target}"
 
 # Modules required to boot a standard CoreOS configuration
-CORE_MODULES=( normal search test fat part_gpt search_fs_uuid gzio search_part_label terminal gptprio configfile memdisk tar echo read )
+CORE_MODULES=( normal search test fat part_gpt search_fs_uuid gzio search_part_label terminal gptprio configfile memdisk tar echo read tpm )
 
 # Name of the core image, depends on target
 CORE_NAME=

diff --git a/changelog/changes/2024-04-09-grub-tpm.md b/changelog/changes/2024-04-09-grub-tpm.md
@@ -0,0 +1 @@
+- Enabled the GRUB TPM2 module to measure the boot code path and files into PCR 8+9 in UEFI
Original file line number	Diff line number	Diff line change
		@@ -0,0 +1 @@
		- Enabled the GRUB TPM2 module to measure the boot code path and files into PCR 8+9 in UEFI