diff --git a/initrd/bin/cbfs-init b/initrd/bin/cbfs-init
index efec2ca5..4035025c 100755
--- a/initrd/bin/cbfs-init
+++ b/initrd/bin/cbfs-init
@@ -22,7 +22,11 @@ for cbfsname in `echo $cbfsfiles`; do
 		|| die "$filename: cbfs file read failed"
 		if [ "$CONFIG_TPM" = "y" ]; then
 			echo "TPM: Extending PCR[$CONFIG_PCR with] with $filename"
-			tpmr extend -ix "$CONFIG_PCR" -if $filename \
+			# Measure both the filename and its content.  This
+			# ensures that renaming files or pivoting file content
+			# will still affect the resulting PCR measurement.
+			tpmr extend -ix "$CONFIG_PCR" -ic "$filename"
+			tpmr extend -ix "$CONFIG_PCR" -if "$filename" \
 			|| die "$filename: tpm extend failed"
 		fi
 	fi
diff --git a/initrd/sbin/insmod b/initrd/sbin/insmod
index e383eaf4..da654257 100755
--- a/initrd/sbin/insmod
+++ b/initrd/sbin/insmod
@@ -39,17 +39,15 @@ if [ ! -r /sys/class/tpm/tpm0/pcrs -o ! -x /bin/tpm ]; then
 fi
 
 if [ -z "$tpm_missing" ]; then
-	echo "TPM: Extending PCR[$MODULE_PCR] with $MODULE prior of loading into kernel"
+	echo "TPM: Extending PCR[$MODULE_PCR] with $MODULE and parameters '$*' before loading"
+	# Extend with the module parameters (even if they are empty) and the
+	# module. Changing the parameters or the module content will result in a
+	# different PCR measurement.
+	tpmr extend -ix "$MODULE_PCR" -ic "$*"
 	tpmr extend -ix "$MODULE_PCR" -if "$MODULE" \
 	|| die "$MODULE: tpm extend failed"
 fi
 
-if [ ! -z "$*" -a -z "$tpm_missing" ]; then
-	echo "TPM: Extending PCR[$MODULE_PCR] with $MODULE prior of loading into kernel"
-	tpmr extend -ix "$MODULE_PCR" -if "$MODULE" \
-	|| die "$MODULE: tpm extend on arguments failed"
-fi
-
 # Since we have replaced the real insmod, we must invoke
 # the busybox insmod via the original executable
 DEBUG "Loading $MODULE with busybox insmod"