Skip to content

feat: add settings.measurement model for PCR 8 exclusion control#140

Open
ginglis13 wants to merge 1 commit into
bottlerocket-os:developfrom
ginglis13:measurement-excluded-settings
Open

feat: add settings.measurement model for PCR 8 exclusion control#140
ginglis13 wants to merge 1 commit into
bottlerocket-os:developfrom
ginglis13:measurement-excluded-settings

Conversation

@ginglis13

Copy link
Copy Markdown
Contributor

Issue #, if available:

Related: bottlerocket-os/bottlerocket#4872

Description of changes:

Add a new settings extension for settings.measurement that allows customers to configure which settings are excluded from PCR 8 measurement. Includes validation to reject dangerous patterns (bare "settings", empty strings, wildcards, and self-references).

Values are accepted with or without a "settings." prefix for convenience — both "host-containers" and "settings.host-containers" are treated equivalently.

By submitting this pull request, I confirm that you can use, modify, copy, and redistribute this contribution, under the terms of your choice.

Add a new settings extension for `settings.measurement` that allows
customers to configure which settings are excluded from PCR 8
measurement. Includes validation to reject disallowed patterns.

Values are accepted with or without a "settings." prefix for
convenience (e.g. both "host-containers" and "settings.host-containers"
are treated equivalently)

Signed-off-by: Gavin Inglis <giinglis@amazon.com>
@ginglis13 ginglis13 force-pushed the measurement-excluded-settings branch from 2f963ea to 7a8ce78 Compare July 2, 2026 22:05
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant