In my last post about Intel TXT, I showed how to  Enable Trusted Boot on Linux OS using Intel TXT. In this post, I will show you how create custom policies, and in this particular example, you will learn how to Measure Launch the Linux kernel and initial RAM disk (initrd).

 

In this 14min29sec video, I'll guide you on the steps required to create a simple policy:

 

 

At this point, if you successfully completed these steps, then you configured the Trusted Boot verifying Linux kernel and initial RAM disk. If any of these components aren't in a well-known state the machine halt the boot process.

 

Further references can be found here:

 

Intel Trusted Execution Technology Software Development Guide 

 

Best Regards!