mirror of
https://github.com/systemd/systemd
synced 2024-10-15 20:45:09 +00:00
stub: measure all cmdline addons together
This commit is contained in:
parent
68f85761e2
commit
3e6f010e03
|
@ -77,12 +77,11 @@ PE section order, as per the UKI specification, see above.
|
|||
|
||||
### PCR 12, `EV_IPL`, "Kernel Command Line"
|
||||
|
||||
Might happen up to four times, for kernel command lines from:
|
||||
Might happen up to three times, for kernel command lines from:
|
||||
|
||||
1. Passed cmdline
|
||||
2. System cmdline add-ons (one measurement covering all add-ons combined)
|
||||
3. Per-UKI cmdline add-ons (one measurement covering all add-ons combined)
|
||||
2. SMBIOS cmdline
|
||||
2. System and per-UKI cmdline add-ons (one measurement covering all add-ons combined)
|
||||
3. SMBIOS cmdline
|
||||
|
||||
→ **Description** in the event log record is the literal kernel command line in
|
||||
UTF-16.
|
||||
|
|
|
@ -257,26 +257,35 @@ static EFI_STATUS load_addons_from_dir(
|
|||
}
|
||||
|
||||
static void cmdline_append_and_measure_addons(
|
||||
char16_t *cmdline,
|
||||
char16_t *cmdline_global,
|
||||
char16_t *cmdline_uki,
|
||||
char16_t **cmdline_append,
|
||||
bool *ret_parameters_measured) {
|
||||
|
||||
_cleanup_free_ char16_t *tmp = NULL;
|
||||
_cleanup_free_ char16_t *tmp = NULL, *merged = NULL;
|
||||
bool m = false;
|
||||
|
||||
assert(cmdline_append);
|
||||
assert(ret_parameters_measured);
|
||||
|
||||
mangle_stub_cmdline(cmdline);
|
||||
|
||||
if (isempty(cmdline))
|
||||
if (isempty(cmdline_global) && isempty(cmdline_uki))
|
||||
return;
|
||||
|
||||
(void) tpm_log_load_options(cmdline, &m);
|
||||
merged = xasprintf("%ls%ls%ls",
|
||||
strempty(cmdline_global),
|
||||
isempty(cmdline_global) || isempty(cmdline_uki) ? u"" : u" ",
|
||||
strempty(cmdline_uki));
|
||||
|
||||
mangle_stub_cmdline(merged);
|
||||
|
||||
if (isempty(merged))
|
||||
return;
|
||||
|
||||
(void) tpm_log_load_options(merged, &m);
|
||||
*ret_parameters_measured = m;
|
||||
|
||||
tmp = TAKE_PTR(*cmdline_append);
|
||||
*cmdline_append = xasprintf("%ls%ls%ls", strempty(tmp), isempty(tmp) ? u"" : u" ", cmdline);
|
||||
*cmdline_append = xasprintf("%ls%ls%ls", strempty(tmp), isempty(tmp) ? u"" : u" ", merged);
|
||||
}
|
||||
|
||||
static void dtb_install_addons(
|
||||
|
@ -623,13 +632,10 @@ static EFI_STATUS run(EFI_HANDLE image) {
|
|||
}
|
||||
|
||||
/* If we have any extra command line to add via PE addons, load them now and append, and
|
||||
* measure the additions separately, after the embedded options, but before the smbios ones,
|
||||
* measure the additions together, after the embedded options, but before the smbios ones,
|
||||
* so that the order is reversed from "most hardcoded" to "most dynamic". The global addons are
|
||||
* loaded first, and the image-specific ones later, for the same reason. */
|
||||
cmdline_append_and_measure_addons(cmdline_addons_global, &cmdline, &m);
|
||||
parameters_measured = parameters_measured < 0 ? m : (parameters_measured && m);
|
||||
|
||||
cmdline_append_and_measure_addons(cmdline_addons_uki, &cmdline, &m);
|
||||
cmdline_append_and_measure_addons(cmdline_addons_global, cmdline_addons_uki, &cmdline, &m);
|
||||
parameters_measured = parameters_measured < 0 ? m : (parameters_measured && m);
|
||||
|
||||
/* SMBIOS OEM Strings data is controlled by the host admin and not covered
|
||||
|
|
Loading…
Reference in a new issue