From 85df120c198b71e6e760eb556cdce46196c9d383 Mon Sep 17 00:00:00 2001 From: Paul Meyer <49727155+katexochen@users.noreply.github.com> Date: Thu, 5 Sep 2024 08:13:13 +0200 Subject: [PATCH] readme: move pcr calculation section to the end Signed-off-by: Paul Meyer <49727155+katexochen@users.noreply.github.com> --- README.md | 58 +++++++++++++++++++++++++++---------------------------- 1 file changed, 29 insertions(+), 29 deletions(-) diff --git a/README.md b/README.md index 6c5b612..a063fbd 100644 --- a/README.md +++ b/README.md @@ -37,35 +37,6 @@ uplosi upload image.raw -i - `-i`,`--increment-version`: increment version number after upload - `-v`: version for uplosi -# Calculating TPM PCR Values - -> [!WARNING] -> This command is highly experimental. It does not account for all PCRs and all possibilities of their measurements, -> is only tested in a very specific environment and should not be used in production use-cases. - -Uplosi can also, from a given raw disk image, calculate TPM PCR values (Namely PCRs 4, 9, and 11) -ahead of the image boot to allow to craft remote attestation policies for images. -It requires `systemd-dissect` to be present in `$PATH`. - -## Usage - -```shell-session -sudo uplosi measurements [flags] -``` - -### Examples - -```shell-session -sudo uplosi measurements image.raw --output-file pcrs.json -``` - -### Flags - -- `--output-file` string: path to a JSON file the output should be written to -- `--uki-path` string: path to the unified kernel image (UKI) within the ESP of the image (default: `/boot/EFI/BOOT/BOOTX64.EFI`) -- `-h`,`--help`: help for uplosi -- `-v`: version for uplosi - # Configuration Uplosi requires configuration files in [TOML format](https://toml.io/en/) to be present in the user's workspace (CWD). @@ -468,3 +439,32 @@ If set, prevents accidential deletion of the image. - Required: no Extra key-value pairs attached to the image. Example: `{"hw_firmware_type" = "uefi", "os_type" = "linux"}`. + +# Calculating TPM PCR Values + +> [!WARNING] +> This command is highly experimental. It does not account for all PCRs and all possibilities of their measurements, +> is only tested in a very specific environment and should not be used in production use-cases. + +Uplosi can also, from a given raw disk image, calculate TPM PCR values (Namely PCRs 4, 9, and 11) +ahead of the image boot to allow to craft remote attestation policies for images. +It requires `systemd-dissect` to be present in `$PATH`. + +## Usage + +```shell-session +sudo uplosi measurements [flags] +``` + +### Examples + +```shell-session +sudo uplosi measurements image.raw --output-file pcrs.json +``` + +### Flags + +- `--output-file` string: path to a JSON file the output should be written to +- `--uki-path` string: path to the unified kernel image (UKI) within the ESP of the image (default: `/boot/EFI/BOOT/BOOTX64.EFI`) +- `-h`,`--help`: help for uplosi +- `-v`: version for uplosi