From 26fdfa4bee3b56b04a4b1c1569f0e3129d351570 Mon Sep 17 00:00:00 2001
From: Malte Poll <mp@edgeless.systems>
Date: Thu, 13 Oct 2022 10:53:52 +0200
Subject: [PATCH] Prefill PCR[11], PCR[12], PCR[13], PCR[15]

---
 .github/workflows/build-os-image.yml      | 3 ++-
 image/mkosi/measured-boot/pcr-stable.json | 6 ++++++
 2 files changed, 8 insertions(+), 1 deletion(-)
 create mode 100755 image/mkosi/measured-boot/pcr-stable.json

diff --git a/.github/workflows/build-os-image.yml b/.github/workflows/build-os-image.yml
index 106cf9b27..745951013 100644
--- a/.github/workflows/build-os-image.yml
+++ b/.github/workflows/build-os-image.yml
@@ -358,7 +358,8 @@ jobs:
           ./precalculate_pcr_4.sh ${{ github.workspace }}/image.raw ${{ github.workspace }}/pcr-4-${{ matrix.csp }}.json >> $GITHUB_STEP_SUMMARY
           ./precalculate_pcr_8.sh ${{ github.workspace }}/image.raw ${{ github.workspace }}/pcr-8-${{ matrix.csp }}.json ${{ matrix.csp }}  >> $GITHUB_STEP_SUMMARY
           ./precalculate_pcr_9.sh ${{ github.workspace }}/image.raw ${{ github.workspace }}/pcr-9-${{ matrix.csp }}.json >> $GITHUB_STEP_SUMMARY
-          jq --sort-keys -s '.[0] * .[1] * .[2]' ${{ github.workspace }}/pcr-* > ${{ github.workspace }}/pcrs-${{ matrix.csp }}.json
+          cp pcr-stable.json ${{ github.workspace }}/
+          jq --sort-keys -s '.[0] * .[1] * .[2] * .[3]' ${{ github.workspace }}/pcr-* > ${{ github.workspace }}/pcrs-${{ matrix.csp }}.json
           echo "::endgroup::"
         working-directory: ${{ github.workspace }}/image/mkosi/measured-boot
 
diff --git a/image/mkosi/measured-boot/pcr-stable.json b/image/mkosi/measured-boot/pcr-stable.json
new file mode 100755
index 000000000..48ba33120
--- /dev/null
+++ b/image/mkosi/measured-boot/pcr-stable.json
@@ -0,0 +1,6 @@
+{
+    "pcr11": "0000000000000000000000000000000000000000000000000000000000000000",
+    "pcr12": "0000000000000000000000000000000000000000000000000000000000000000",
+    "pcr13": "0000000000000000000000000000000000000000000000000000000000000000",
+    "pcr15": "0000000000000000000000000000000000000000000000000000000000000000"
+}