Traditionally, TPM2 PCR policies are bound against literal PCR values,
which makes them hard to work with when updating software that is
measured into PCRs: each update will change the PCR values, and thus
break TPM2 policies of existing objects.
Let's improve the situation: let's allow signed PCR policies. Secrets
and other TPM2 objects can be associated with a public key that signs a
PCR policy. Thus, if the signed policy and the public key is presented,
access to the TPM2 object can be granted. This allows a less brittle
handling of updates: for example, whenever a kernel image is updated a
new signed PCR policy can be shipped along with it, signed by a private
key owned by the kernel vendor (ideally: same private key that is used
to sign the kernel image itself). TPM2 objects can then be bound to the
associated public key, thus allowing objects that can only be unlocked
by kernels of the same vendor. This makes it very easy to update kernels
without affecting locked secrets.
This does not hook up any of the consuming code (just passes NULL/0
everywhere). This is for later commits.
Currently, the tpm2 support will use encrypted sessions by creating a
primary key that is used to encrypt traffic. This creates a problem as
the key created for encrypting the traffic could be faked by an active
interposer on the bus. In cases when a pin is used, we can introduce the
bind key. The pin is used as the auth value for the seal key, aka the
disk encryption key, and that auth value can be used in the session
establishment. An attacker would need the pin value to create the secure
session and thus an active interposer without the pin could not
interpose on TPM traffic.
Related-to: #22637
Signed-off-by: William Roberts <william.c.roberts@intel.com>
This commit adds a new Verity= setting to repart definition files
with two possible values: "data" and "hash".
If Verity= is set to "data", repart works as before, and populates
the partition with the content from CopyBlocks= or CopyFiles=.
If Verity= is set to "hash", repart will try to find a matching
data partition with Verity=data and equal values for CopyBlocks=
or CopyFiles=, Format= and MakeDirectories=. If a matching data
partition is found, repart will generate verity hashes for that
data partition in the verity partition. The UUID of the data
partition is set to the first 128 bits of the verity root hash. The
UUID of the hashes partition is set to the final 128 bits of the
verity root hash.
Fixes#24559
Let's return ENOSYS if /proc/ is not mounted (as that's what we usually
return in that case in various helpers that operate on /proc/). Return
EOPNOTSUPP if the kernel simply doesn't support userns.
Currently, dissect_image() is only called through dissect_loop_device(),
and the LoopDevice object has device name. Hence, it is not necessary to
get device name in dissect_image().
Note, currently, for each call of dissect_loop_device_and_warn(), the
specified name is equivalent to the path passed to loop_device_make_by_path().
Hence, this should not change the current behavios.
This arg expects scan codes and it can be very confusing to find a key
conflict when trying to add a F3 button when there are no F3 keycodes
seemingly in use. CHAR_CARRIAGE_RETURN and SCAN_F3 use the same value,
so no changes in behavior.
D-Bus interfaces can have multiple methods with the same name, as long
as they have different arguments (signature). Currently busctl can call
those methods but when introspecting the interface it just displays
"Duplicate method"
This PR fixes the behavior, by also adding the signature to the hash for
the members set.
Before this patch:
$ busctl introspect org.asamk.Signal /org/asamk/Signal
Invalid introspection data: duplicate method 'sendMessage' on interface 'org.asamk.Signal'.
After this patch:
$ busctl introspect org.asamk.Signal /org/asamk/Signal
NAME TYPE SIGNATURE RESULT/VALUE FLAGS
org.asamk.Signal interface - - -
.sendMessage method as x -
.sendMessage method s x -
Calling the methods already works as expected, as the user must specify
the signature explicitely:
busctl --user call org.asamk.Signal /org/asamk/Signal org.asamk.Signal sendMessage "as" 2 foo bar
busctl --user call org.asamk.Signal /org/asamk/Signal org.asamk.Signal sendMessage "s" foo
$ busctl --xml introspect org.asamk.Signal /org/asamk/Signal
<!DOCTYPE node PUBLIC "-//freedesktop//DTD D-BUS Object Introspection 1.0//EN" "http://www.freedesktop.org/standards/dbus/1.0/introspect.dtd">
<node name="/org/asamk/Signal">
<interface name="org.asamk.Signal">
<method name="sendMessage" >
<arg type="as" direction="in"/>
<arg type="x" direction="out"/>
</method>
<method name="sendMessage" >
<arg type="s" direction="in"/>
<arg type="x" direction="out"/>
</method>
<interface name="org.freedesktop.DBus.Introspectable">
<method name="Introspect">
<arg type="s" direction="out"/>
</method>
</interface>
<interface name="org.freedesktop.DBus.Peer">
<method name="Ping">
</method>
</interface>
</node>
