git.ipfire.org Git - thirdparty/systemd.git/commit

author	Lennart Poettering <lennart@poettering.net>
	Fri, 7 Jul 2023 19:45:54 +0000 (21:45 +0200)
committer	Lennart Poettering <lennart@poettering.net>
	Wed, 30 Aug 2023 10:59:34 +0000 (12:59 +0200)
commit	cb19bdaebf3ceeb2d7e3e0347b285cd8eda1bf13
tree	2321fec40e391545d5bbb851a05b72298c99a1f6	tree \| snapshot
parent	73ac9520ec1727897cc7f6ed7509ac9657d9c7ac	commit \| diff

tpm2: whenever we measure, also write a tpm log record

Previously we only logged our measurements to the journal. This is not a
great solution though, since regular logs are subject to rotation, which
is something we really cannot have for measurements (as it means we can
never reproduce the PCR values from the data). Hence, let's maintain an
explicit log.

Ideally, we'd just use the TCG Canonical Event Log format 1:1
(https://trustedcomputinggroup.org/resource/canonical-event-log-format/).
However it's not a perfect fit fo us, for various reasons. But let's
follow it (in its JSON incantation) as closely at it makes sense, so
that it can easily be converted to the full format by programs consuming
it.

Code comments explain where we deviate from the TCG CEL-JSON, and what
to do about it when reading the data.

src/boot/pcrphase.c		diff \| blob \| blame \| history
src/cryptsetup/cryptsetup.c		diff \| blob \| blame \| history
src/shared/tpm2-util.c		diff \| blob \| blame \| history
src/shared/tpm2-util.h		diff \| blob \| blame \| history