From: anonymix007 <48598263+anonymix007@users.noreply.github.com>
Date: Wed, 4 Sep 2024 11:40:18 +0000 (+0300)
Subject: measure: introduce support for a .hwids section
X-Git-Tag: v257-rc1~19^2~4
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=763028a16cb54582823fedaba5d3ba8432e1c0ed;p=thirdparty%2Fsystemd.git
measure: introduce support for a .hwids section
---
diff --git a/man/systemd-measure.xml b/man/systemd-measure.xml
index 71983ffe008..a21b2dcecca 100644
--- a/man/systemd-measure.xml
+++ b/man/systemd-measure.xml
@@ -77,7 +77,7 @@
, , ,
, , ,
, , ,
- , see below. Only is mandatory. (Alternatively,
+ , , see below. Only is mandatory. (Alternatively,
specify to use the current values of PCR register 11 instead.)
@@ -125,6 +125,7 @@
+
When used with the calculate or sign verb,
configures the files to read the unified kernel image components from. Each option corresponds with
@@ -134,7 +135,7 @@
- With the exception of , which has been added in version
+ With the exception of and , which have been added in version
257.
diff --git a/src/boot/measure.c b/src/boot/measure.c
index 3c409f8bd9a..65fe2c7cdf5 100644
--- a/src/boot/measure.c
+++ b/src/boot/measure.c
@@ -103,6 +103,7 @@ static int help(int argc, char *argv[], void *userdata) {
" --sbat=PATH Path to SBAT file %7$s .sbat\n"
" --pcrpkey=PATH Path to public key for PCR signatures %7$s .pcrpkey\n"
" --profile=PATH Path to profile file %7$s .profile\n"
+ " --hwids=PATH Path to HWIDs file %7$s .hwids\n"
"\nSee the %2$s for details.\n",
program_invocation_short_name,
link,
@@ -146,8 +147,9 @@ static int parse_argv(int argc, char *argv[]) {
ARG_SBAT,
_ARG_PCRSIG, /* the .pcrsig section is not input for signing, hence not actually an argument here */
ARG_PCRPKEY,
+ ARG_PROFILE,
_ARG_SECTION_LAST,
- ARG_PROFILE = _ARG_SECTION_LAST,
+ ARG_HWIDS = _ARG_SECTION_LAST,
ARG_BANK,
ARG_PRIVATE_KEY,
ARG_PRIVATE_KEY_SOURCE,
@@ -174,6 +176,7 @@ static int parse_argv(int argc, char *argv[]) {
{ "sbat", required_argument, NULL, ARG_SBAT },
{ "pcrpkey", required_argument, NULL, ARG_PCRPKEY },
{ "profile", required_argument, NULL, ARG_PROFILE },
+ { "hwids", required_argument, NULL, ARG_HWIDS },
{ "current", no_argument, NULL, 'c' },
{ "bank", required_argument, NULL, ARG_BANK },
{ "tpm2-device", required_argument, NULL, ARG_TPM2_DEVICE },
diff --git a/src/fundamental/uki.c b/src/fundamental/uki.c
index da5da1cf106..bb4f6e480d6 100644
--- a/src/fundamental/uki.c
+++ b/src/fundamental/uki.c
@@ -21,5 +21,6 @@ const char* const unified_sections[_UNIFIED_SECTION_MAX + 1] = {
[UNIFIED_SECTION_PCRSIG] = ".pcrsig",
[UNIFIED_SECTION_PCRPKEY] = ".pcrpkey",
[UNIFIED_SECTION_PROFILE] = ".profile",
+ [UNIFIED_SECTION_HWIDS] = ".hwids",
NULL,
};
diff --git a/src/fundamental/uki.h b/src/fundamental/uki.h
index e7c59100e1f..fe5a08bf7c4 100644
--- a/src/fundamental/uki.h
+++ b/src/fundamental/uki.h
@@ -18,6 +18,7 @@ typedef enum UnifiedSection {
UNIFIED_SECTION_PCRSIG,
UNIFIED_SECTION_PCRPKEY,
UNIFIED_SECTION_PROFILE,
+ UNIFIED_SECTION_HWIDS,
_UNIFIED_SECTION_MAX,
} UnifiedSection;