boot: split out TPM PCR defines into header file we can share between userspace and...

diff --git a/src/boot/efi/measure.c b/src/boot/efi/measure.c
index 9041896f5b373c21659a961089e2e4a7a7d1e921..9a16920787bf3f41d11a616368fae23d6f2f2c39 100644 (file)
--- a/src/boot/efi/measure.c
+++ b/src/boot/efi/measure.c
@@ -5,6 +5,7 @@
 #include <efi.h>
 #include <efilib.h>
 
+#include "tpm-pcr.h"
 #include "macro-fundamental.h"
 #include "measure.h"
 #include "missing_efi.h"

diff --git a/src/boot/efi/measure.h b/src/boot/efi/measure.h
index 141d44aa79c2cb5042625ff1296aae85166020c1..19a50f47e7d37bbb6c090edbfe82638101e370b8 100644 (file)
--- a/src/boot/efi/measure.h
+++ b/src/boot/efi/measure.h
@@ -5,26 +5,6 @@
 #include <stdbool.h>
 #include <uchar.h>
 
-/* This TPM PCR is where we extend the sd-stub "payloads" into, before using them. i.e. the kernel ELF image,
- * embedded initrd, and so on. In contrast to PCR 4 (which also contains this data, given the whole
- * surrounding PE image is measured into it) this should be reasonably pre-calculatable, because it *only*
- * consists of static data from the kernel PE image. */
-#define TPM_PCR_INDEX_KERNEL_IMAGE 11U
-
-/* This TPM PCR is where sd-stub extends the kernel command line and any passed credentials into. */
-#define TPM_PCR_INDEX_KERNEL_PARAMETERS 12U
-
-/* sd-stub used to write the kernel command line/credentials into PCR 8, in systemd <= 250. Let's provide for
- * some compatibility. (Remove in 2023!) */
-#if EFI_TPM_PCR_COMPAT
-#define TPM_PCR_INDEX_KERNEL_PARAMETERS_COMPAT 8U
-#else
-#define TPM_PCR_INDEX_KERNEL_PARAMETERS_COMPAT UINT32_MAX
-#endif
-
-/* This TPM PCR is where we extend the initrd sysext images into which we pass to the booted kernel */
-#define TPM_PCR_INDEX_INITRD_SYSEXTS 13U
-
 #if ENABLE_TPM
 
 bool tpm_present(void);

diff --git a/src/boot/efi/stub.c b/src/boot/efi/stub.c
index 3b74647a18c396fa00bc68712dcb6e936dede246..549f3ce1d5bdf4c4ad8a3b67cdb5ef5c1571d0ca 100644 (file)
--- a/src/boot/efi/stub.c
+++ b/src/boot/efi/stub.c
@@ -12,6 +12,7 @@
 #include "pe.h"
 #include "secure-boot.h"
 #include "splash.h"
+#include "tpm-pcr.h"
 #include "util.h"
 
 /* magic string to find in the binary image */

diff --git a/src/fundamental/meson.build b/src/fundamental/meson.build
index 2ec4a28433d477d65854f2242c9cfc59f24c08f8..a4383f6a27100afc4d44890d9be24f6117a76232 100644 (file)
--- a/src/fundamental/meson.build
+++ b/src/fundamental/meson.build
@@ -8,6 +8,7 @@ fundamental_headers = files(
         'macro-fundamental.h',
         'sha256.h',
         'string-util-fundamental.h',
+        'tpm-pcr.h',
 )
 
 # for sd-boot

diff --git a/src/fundamental/tpm-pcr.h b/src/fundamental/tpm-pcr.h
new file mode 100644 (file)
index 0000000..6e8b259
--- /dev/null
+++ b/src/fundamental/tpm-pcr.h
@@ -0,0 +1,24 @@
+/* SPDX-License-Identifier: LGPL-2.1-or-later */
+#pragma once
+
+/* The various TPM PCRs we measure into from sd-stub and sd-boot. */
+
+/* This TPM PCR is where we extend the sd-stub "payloads" into, before using them. i.e. the kernel ELF image,
+ * embedded initrd, and so on. In contrast to PCR 4 (which also contains this data, given the whole
+ * surrounding PE image is measured into it) this should be reasonably pre-calculatable, because it *only*
+ * consists of static data from the kernel PE image. */
+#define TPM_PCR_INDEX_KERNEL_IMAGE 11U
+
+/* This TPM PCR is where sd-stub extends the kernel command line and any passed credentials into. */
+#define TPM_PCR_INDEX_KERNEL_PARAMETERS 12U
+
+/* sd-stub used to write the kernel command line/credentials into PCR 8, in systemd <= 250. Let's provide for
+ * some compatibility. (Remove in 2023!) */
+#if EFI_TPM_PCR_COMPAT
+#define TPM_PCR_INDEX_KERNEL_PARAMETERS_COMPAT 8U
+#else
+#define TPM_PCR_INDEX_KERNEL_PARAMETERS_COMPAT UINT32_MAX
+#endif
+
+/* This TPM PCR is where we extend the initrd sysext images into which we pass to the booted kernel */
+#define TPM_PCR_INDEX_INITRD_SYSEXTS 13U