From: Lennart Poettering <lennart@poettering.net>
Date: Thu, 12 Oct 2023 14:28:38 +0000 (+0200)
Subject: tpm2: move event tag sd-boot/sd-stub to make measurements with into src/fundamental/
X-Git-Tag: v255-rc1~177
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=83ee462c72792b955c149522f2b6b114762ad4d7;p=thirdparty%2Fsystemd.git

tpm2: move event tag sd-boot/sd-stub to make measurements with into src/fundamental/

Ultimately we want to be able to recognize these in userspace, hence
make them available in both UEFI mode and userspace.

While we are at it, let's rename the fields a bit, reflecting more what
they measure, not what the metadata is that we store about them.
---

diff --git a/src/boot/efi/boot.c b/src/boot/efi/boot.c
index 48fc79ea232..7b17088b085 100644
--- a/src/boot/efi/boot.c
+++ b/src/boot/efi/boot.c
@@ -39,8 +39,6 @@ DECLARE_NOALLOC_SECTION(
 
 DECLARE_SBAT(SBAT_BOOT_SECTION_TEXT);
 
-#define LOADER_CONF_CONTENT_EVENT_TAG_ID UINT32_C(0xf5bc582a)
-
 typedef enum LoaderType {
         LOADER_UNDEFINED,
         LOADER_AUTO,
@@ -1573,7 +1571,7 @@ static void config_load_defaults(Config *config, EFI_FILE *root_dir) {
                                 TPM2_PCR_BOOT_LOADER_CONFIG,
                                 POINTER_TO_PHYSICAL_ADDRESS(content),
                                 content_size,
-                                LOADER_CONF_CONTENT_EVENT_TAG_ID,
+                                LOADER_CONF_EVENT_TAG_ID,
                                 u"loader.conf",
                                 /* ret_measured= */ NULL);
                 if (err != EFI_SUCCESS)
diff --git a/src/boot/efi/stub.c b/src/boot/efi/stub.c
index d38f0206cfd..572ea480f0e 100644
--- a/src/boot/efi/stub.c
+++ b/src/boot/efi/stub.c
@@ -26,8 +26,6 @@ DECLARE_NOALLOC_SECTION(".sdmagic", "#### LoaderInfo: systemd-stub " GIT_VERSION
 
 DECLARE_SBAT(SBAT_STUB_SECTION_TEXT);
 
-#define ADDON_FILENAME_EVENT_TAG_ID UINT32_C(0x6c46f751)
-
 static EFI_STATUS combine_initrd(
                 EFI_PHYSICAL_ADDRESS initrd_base, size_t initrd_size,
                 const void * const extra_initrds[], const size_t extra_initrd_sizes[], size_t n_extra_initrds,
@@ -314,7 +312,7 @@ static void dtb_install_addons(
                                         TPM2_PCR_KERNEL_CONFIG,
                                         POINTER_TO_PHYSICAL_ADDRESS(dt_bases[i]),
                                         dt_sizes[i],
-                                        ADDON_FILENAME_EVENT_TAG_ID,
+                                        DEVICETREE_ADDON_EVENT_TAG_ID,
                                         dt_filenames[i],
                                         &m);
                         if (err != EFI_SUCCESS)
diff --git a/src/fundamental/tpm2-pcr.h b/src/fundamental/tpm2-pcr.h
index 57befdf83b1..d0d5b74d0c5 100644
--- a/src/fundamental/tpm2-pcr.h
+++ b/src/fundamental/tpm2-pcr.h
@@ -43,3 +43,9 @@ enum {
         TPM2_PCR_DEBUG               = 16,
         TPM2_PCR_APPLICATION_SUPPORT = 23,
 };
+
+/* The tag used for EV_EVENT_TAG event log records covering the boot loader config */
+#define LOADER_CONF_EVENT_TAG_ID UINT32_C(0xf5bc582a)
+
+/* The tag used for EV_EVENT_TAG event log records covering Devicetree blobs */
+#define DEVICETREE_ADDON_EVENT_TAG_ID UINT32_C(0x6c46f751)