]> git.ipfire.org Git - thirdparty/systemd.git/commitdiff
projects / thirdparty / systemd.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: c033267)
measure: introduce support for a .hwids section
authoranonymix007 <48598263+anonymix007@users.noreply.github.com>
Wed, 4 Sep 2024 11:40:18 +0000 (14:40 +0300)
committeranonymix007 <48598263+anonymix007@users.noreply.github.com>
Tue, 5 Nov 2024 21:47:04 +0000 (00:47 +0300)
man/systemd-measure.xml patch | blob | blame | history
src/boot/measure.c patch | blob | blame | history
src/fundamental/uki.c patch | blob | blame | history
src/fundamental/uki.h patch | blob | blame | history

diff --git a/man/systemd-measure.xml b/man/systemd-measure.xml
index 71983ffe0083634bae0abed537913a8c08346080..a21b2dceccacbed36dc603f1683fbbc7ba74c57f 100644 (file)
--- a/man/systemd-measure.xml
+++ b/man/systemd-measure.xml
@@ -77,7 +77,7 @@
         <option>--osrel=</option>, <option>--cmdline=</option>, <option>--initrd=</option>,
         <option>--ucode=</option>, <option>--splash=</option>, <option>--dtb=</option>,
         <option>--uname=</option>, <option>--sbat=</option>, <option>--pcrpkey=</option>,
-        <option>--profile=</option>, see below.  Only <option>--linux=</option> is mandatory. (Alternatively,
+        <option>--profile=</option>, <option>--hwids=</option>, see below.  Only <option>--linux=</option> is mandatory. (Alternatively,
         specify <option>--current</option> to use the current values of PCR register 11 instead.)</para>
 
         <xi:include href="version-info.xml" xpointer="v252"/>
@@ -125,6 +125,7 @@
         <term><option>--sbat=<replaceable>PATH</replaceable></option></term>
         <term><option>--pcrpkey=<replaceable>PATH</replaceable></option></term>
         <term><option>--profile=<replaceable>PATH</replaceable></option></term>
+        <term><option>--hwids=<replaceable>PATH</replaceable></option></term>
 
         <listitem><para>When used with the <command>calculate</command> or <command>sign</command> verb,
         configures the files to read the unified kernel image components from. Each option corresponds with
@@ -134,7 +135,7 @@
 
         <xi:include href="version-info.xml" xpointer="v252"/>
 
-        <para id="v257">With the exception of <option>--profile=</option>, which has been added in version
+        <para id="v257">With the exception of <option>--profile=</option> and <option>--hwids=</option>, which have been added in version
         257.</para></listitem>
       </varlistentry>
 
diff --git a/src/boot/measure.c b/src/boot/measure.c
index 3c409f8bd9ad4706eea063b3b77c0cbf35b24437..65fe2c7cdf52a688f6ee49b1618e70d92a467028 100644 (file)
--- a/src/boot/measure.c
+++ b/src/boot/measure.c
@@ -103,6 +103,7 @@ static int help(int argc, char *argv[], void *userdata) {
                "     --sbat=PATH         Path to SBAT file                      %7$s .sbat\n"
                "     --pcrpkey=PATH      Path to public key for PCR signatures  %7$s .pcrpkey\n"
                "     --profile=PATH      Path to profile file                   %7$s .profile\n"
+               "     --hwids=PATH        Path to HWIDs file                     %7$s .hwids\n"
                "\nSee the %2$s for details.\n",
                program_invocation_short_name,
                link,
@@ -146,8 +147,9 @@ static int parse_argv(int argc, char *argv[]) {
                 ARG_SBAT,
                 _ARG_PCRSIG, /* the .pcrsig section is not input for signing, hence not actually an argument here */
                 ARG_PCRPKEY,
+                ARG_PROFILE,
                 _ARG_SECTION_LAST,
-                ARG_PROFILE = _ARG_SECTION_LAST,
+                ARG_HWIDS = _ARG_SECTION_LAST,
                 ARG_BANK,
                 ARG_PRIVATE_KEY,
                 ARG_PRIVATE_KEY_SOURCE,
@@ -174,6 +176,7 @@ static int parse_argv(int argc, char *argv[]) {
                 { "sbat",               required_argument, NULL, ARG_SBAT               },
                 { "pcrpkey",            required_argument, NULL, ARG_PCRPKEY            },
                 { "profile",            required_argument, NULL, ARG_PROFILE            },
+                { "hwids",              required_argument, NULL, ARG_HWIDS              },
                 { "current",            no_argument,       NULL, 'c'                    },
                 { "bank",               required_argument, NULL, ARG_BANK               },
                 { "tpm2-device",        required_argument, NULL, ARG_TPM2_DEVICE        },
diff --git a/src/fundamental/uki.c b/src/fundamental/uki.c
index da5da1cf106fbdeab4bb618a28f76268476125bd..bb4f6e480d683c9b3d665dc328138d205902059f 100644 (file)
--- a/src/fundamental/uki.c
+++ b/src/fundamental/uki.c
@@ -21,5 +21,6 @@ const char* const unified_sections[_UNIFIED_SECTION_MAX + 1] = {
         [UNIFIED_SECTION_PCRSIG]  = ".pcrsig",
         [UNIFIED_SECTION_PCRPKEY] = ".pcrpkey",
         [UNIFIED_SECTION_PROFILE] = ".profile",
+        [UNIFIED_SECTION_HWIDS]   = ".hwids",
         NULL,
 };
diff --git a/src/fundamental/uki.h b/src/fundamental/uki.h
index e7c59100e1f9ab838a13e9fd58439fe9dcc22590..fe5a08bf7c4c349edc3550eb9c43e4cec9567857 100644 (file)
--- a/src/fundamental/uki.h
+++ b/src/fundamental/uki.h
@@ -18,6 +18,7 @@ typedef enum UnifiedSection {
         UNIFIED_SECTION_PCRSIG,
         UNIFIED_SECTION_PCRPKEY,
         UNIFIED_SECTION_PROFILE,
+        UNIFIED_SECTION_HWIDS,
         _UNIFIED_SECTION_MAX,
 } UnifiedSection;
 
Unnamed repository; edit this file 'description' to name the repository.