r = table_add_many(table,
TABLE_UINT32, pcr,
- TABLE_STRING, pcr_index_to_string(pcr),
+ TABLE_STRING, tpm2_pcr_index_to_string(pcr),
TABLE_STRING, h,
TABLE_SET_COLOR, color);
if (r < 0)
(void) table_set_display(table, 0, 1);
if (strv_isempty(strv_skip(argv, 1)))
- for (uint32_t pi = 0; pi < _PCR_INDEX_MAX_DEFINED; pi++) {
+ for (uint32_t pi = 0; pi < _TPM2_PCR_INDEX_MAX_DEFINED; pi++) {
r = add_pcr_to_table(table, alg, pi);
if (r < 0)
return r;
for (int i = 1; i < argc; i++) {
int pi;
- pi = pcr_index_from_string(argv[i]);
+ pi = tpm2_pcr_index_from_string(argv[i]);
if (pi < 0)
return log_error_errno(pi, "PCR index \"%s\" not known.", argv[i]);
/* Measures a load options string into the TPM2, i.e. the kernel command line */
err = tpm_log_event(
- TPM_PCR_INDEX_KERNEL_PARAMETERS,
+ TPM2_PCR_KERNEL_CONFIG,
POINTER_TO_PHYSICAL_ADDRESS(load_options),
strsize16(load_options),
load_options,
if (err != EFI_SUCCESS)
return log_error_status(
err,
- "Unable to add load options (i.e. kernel command) line measurement to PCR %u: %m",
- TPM_PCR_INDEX_KERNEL_PARAMETERS);
+ "Unable to add load options (i.e. kernel command) line measurement to PCR %i: %m",
+ TPM2_PCR_KERNEL_CONFIG);
if (ret_measured)
*ret_measured = measured;
/* First measure the name of the section */
(void) tpm_log_event_ascii(
- TPM_PCR_INDEX_KERNEL_IMAGE,
+ TPM2_PCR_KERNEL_BOOT,
POINTER_TO_PHYSICAL_ADDRESS(unified_sections[section]),
strsize8(unified_sections[section]), /* including NUL byte */
unified_sections[section],
/* Then measure the data of the section */
(void) tpm_log_event_ascii(
- TPM_PCR_INDEX_KERNEL_IMAGE,
+ TPM2_PCR_KERNEL_BOOT,
POINTER_TO_PHYSICAL_ADDRESS(loaded_image->ImageBase) + addrs[section],
szs[section],
unified_sections[section],
/* After we are done, set an EFI variable that tells userspace this was done successfully, and encode
* in it which PCR was used. */
if (sections_measured > 0)
- (void) efivar_set_uint_string(MAKE_GUID_PTR(LOADER), u"StubPcrKernelImage", TPM_PCR_INDEX_KERNEL_IMAGE, 0);
+ (void) efivar_set_uint_string(MAKE_GUID_PTR(LOADER), u"StubPcrKernelImage", TPM2_PCR_KERNEL_BOOT, 0);
/* Show splash screen as early as possible */
graphics_splash((const uint8_t*) loaded_image->ImageBase + addrs[UNIFIED_SECTION_SPLASH], szs[UNIFIED_SECTION_SPLASH]);
".extra/credentials",
/* dir_mode= */ 0500,
/* access_mode= */ 0400,
- /* tpm_pcr= */ TPM_PCR_INDEX_KERNEL_PARAMETERS,
+ /* tpm_pcr= */ TPM2_PCR_KERNEL_CONFIG,
u"Credentials initrd",
&credential_initrd,
&credential_initrd_size,
".extra/global_credentials",
/* dir_mode= */ 0500,
/* access_mode= */ 0400,
- /* tpm_pcr= */ TPM_PCR_INDEX_KERNEL_PARAMETERS,
+ /* tpm_pcr= */ TPM2_PCR_KERNEL_CONFIG,
u"Global credentials initrd",
&global_credential_initrd,
&global_credential_initrd_size,
".extra/sysext",
/* dir_mode= */ 0555,
/* access_mode= */ 0444,
- /* tpm_pcr= */ TPM_PCR_INDEX_INITRD_SYSEXTS,
+ /* tpm_pcr= */ TPM2_PCR_SYSEXTS,
u"System extension initrd",
&sysext_initrd,
&sysext_initrd_size,
sysext_measured = m;
if (parameters_measured > 0)
- (void) efivar_set_uint_string(MAKE_GUID_PTR(LOADER), u"StubPcrKernelParameters", TPM_PCR_INDEX_KERNEL_PARAMETERS, 0);
+ (void) efivar_set_uint_string(MAKE_GUID_PTR(LOADER), u"StubPcrKernelParameters", TPM2_PCR_KERNEL_CONFIG, 0);
if (sysext_measured)
- (void) efivar_set_uint_string(MAKE_GUID_PTR(LOADER), u"StubPcrInitRDSysExts", TPM_PCR_INDEX_INITRD_SYSEXTS, 0);
+ (void) efivar_set_uint_string(MAKE_GUID_PTR(LOADER), u"StubPcrInitRDSysExts", TPM2_PCR_SYSEXTS, 0);
/* If the PCR signature was embedded in the PE image, then let's wrap it in a cpio and also pass it
* to the kernel, so that it can be read from /.extra/tpm2-pcr-signature.json. Note that this section
_cleanup_free_ void *v = NULL;
size_t sz;
- if (asprintf(&p, "/sys/class/tpm/tpm0/pcr-%s/%" PRIu32, pcr_states[i].bank, TPM_PCR_INDEX_KERNEL_IMAGE) < 0)
+ if (asprintf(&p, "/sys/class/tpm/tpm0/pcr-%s/%i", pcr_states[i].bank, TPM2_PCR_KERNEL_BOOT) < 0)
return log_oom();
r = read_virtual_file(p, 4096, &s, NULL);
if (i == 0) {
fflush(stdout);
- fprintf(stderr, "%s# PCR[%" PRIu32 "] Phase <%s>%s\n",
+ fprintf(stderr, "%s# PCR[%i] Phase <%s>%s\n",
ansi_grey(),
- TPM_PCR_INDEX_KERNEL_IMAGE,
+ TPM2_PCR_KERNEL_BOOT,
isempty(*phase) ? ":" : *phase,
ansi_normal());
fflush(stderr);
if (!hd)
return log_oom();
- printf("%" PRIu32 ":%s=%s\n", TPM_PCR_INDEX_KERNEL_IMAGE, pcr_states[i].bank, hd);
+ printf("%i:%s=%s\n", TPM2_PCR_KERNEL_BOOT, pcr_states[i].bank, hd);
} else {
_cleanup_(json_variant_unrefp) JsonVariant *array = NULL;
&array,
JSON_BUILD_OBJECT(
JSON_BUILD_PAIR_CONDITION(!isempty(*phase), "phase", JSON_BUILD_STRING(*phase)),
- JSON_BUILD_PAIR("pcr", JSON_BUILD_INTEGER(TPM_PCR_INDEX_KERNEL_IMAGE)),
+ JSON_BUILD_PAIR("pcr", JSON_BUILD_INTEGER(TPM2_PCR_KERNEL_BOOT)),
JSON_BUILD_PAIR("hash", JSON_BUILD_HEX(pcr_states[i].value, pcr_states[i].value_size))));
if (r < 0)
return log_error_errno(r, "Failed to append JSON object to array: %m");
if (tpmalg < 0)
return log_error_errno(tpmalg, "Unsupported PCR bank");
- Tpm2PCRValue pcr_value = TPM2_PCR_VALUE_MAKE(TPM_PCR_INDEX_KERNEL_IMAGE,
+ Tpm2PCRValue pcr_value = TPM2_PCR_VALUE_MAKE(TPM2_PCR_KERNEL_BOOT,
tpmalg,
TPM2B_DIGEST_MAKE(p->value, p->value_size));
return r;
_cleanup_(json_variant_unrefp) JsonVariant *a = NULL;
- r = tpm2_make_pcr_json_array(UINT64_C(1) << TPM_PCR_INDEX_KERNEL_IMAGE, &a);
+ r = tpm2_make_pcr_json_array(UINT64_C(1) << TPM2_PCR_KERNEL_BOOT, &a);
if (r < 0)
return log_error_errno(r, "Failed to build JSON PCR mask array: %m");
log_warning("Warning: current kernel image does not support measuring itself, the command line or initrd system extension images.\n"
"The PCR measurements seen are unlikely to be valid.");
- r = compare_reported_pcr_nr(TPM_PCR_INDEX_KERNEL_IMAGE, EFI_LOADER_VARIABLE(StubPcrKernelImage), "kernel image");
+ r = compare_reported_pcr_nr(TPM2_PCR_KERNEL_BOOT, EFI_LOADER_VARIABLE(StubPcrKernelImage), "kernel image");
if (r < 0)
return r;
- r = compare_reported_pcr_nr(TPM_PCR_INDEX_KERNEL_PARAMETERS, EFI_LOADER_VARIABLE(StubPcrKernelParameters), "kernel parameters");
+ r = compare_reported_pcr_nr(TPM2_PCR_KERNEL_CONFIG, EFI_LOADER_VARIABLE(StubPcrKernelParameters), "kernel parameters");
if (r < 0)
return r;
- r = compare_reported_pcr_nr(TPM_PCR_INDEX_INITRD_SYSEXTS, EFI_LOADER_VARIABLE(StubPcrInitRDSysExts), "initrd system extension images");
+ r = compare_reported_pcr_nr(TPM2_PCR_SYSEXTS, EFI_LOADER_VARIABLE(StubPcrInitRDSysExts), "initrd system extension images");
if (r < 0)
return r;
}
static int verb_status(int argc, char *argv[], void *userdata) {
- _cleanup_(json_variant_unrefp) JsonVariant *v = NULL;
-
- static const struct {
- uint32_t nr;
- const char *description;
- } relevant_pcrs[] = {
- { TPM_PCR_INDEX_KERNEL_IMAGE, "Unified Kernel Image" },
- { TPM_PCR_INDEX_KERNEL_PARAMETERS, "Kernel Parameters" },
- { TPM_PCR_INDEX_INITRD_SYSEXTS, "initrd System Extensions" },
+ static const uint32_t relevant_pcrs[] = {
+ TPM2_PCR_KERNEL_BOOT,
+ TPM2_PCR_KERNEL_CONFIG,
+ TPM2_PCR_SYSEXTS,
};
+ _cleanup_(json_variant_unrefp) JsonVariant *v = NULL;
int r;
r = validate_stub();
if (!b)
return log_oom();
- if (asprintf(&p, "/sys/class/tpm/tpm0/pcr-%s/%" PRIu32, ascii_strlower(b), relevant_pcrs[i].nr) < 0)
+ if (asprintf(&p, "/sys/class/tpm/tpm0/pcr-%s/%" PRIu32, ascii_strlower(b), relevant_pcrs[i]) < 0)
return log_oom();
r = read_virtual_file(p, 4096, &s, NULL);
fflush(stdout);
fprintf(stderr, "%s# PCR[%" PRIu32 "] %s%s%s\n",
ansi_grey(),
- relevant_pcrs[i].nr,
- relevant_pcrs[i].description,
+ relevant_pcrs[i],
+ tpm2_pcr_index_to_string(relevant_pcrs[i]),
memeqzero(h, l) ? " (NOT SET!)" : "",
ansi_normal());
fflush(stderr);
}
- printf("%" PRIu32 ":%s=%s\n", relevant_pcrs[i].nr, b, f);
+ printf("%" PRIu32 ":%s=%s\n", relevant_pcrs[i], b, f);
} else {
_cleanup_(json_variant_unrefp) JsonVariant *bv = NULL, *a = NULL;
r = json_build(&bv,
JSON_BUILD_OBJECT(
- JSON_BUILD_PAIR("pcr", JSON_BUILD_INTEGER(relevant_pcrs[i].nr)),
+ JSON_BUILD_PAIR("pcr", JSON_BUILD_INTEGER(relevant_pcrs[i])),
JSON_BUILD_PAIR("hash", JSON_BUILD_HEX(h, l))
)
);
return log_error_errno(r, "Failed to get file system identifier string for '%s': %m", arg_file_system);
}
- target_pcr_nr = TPM_PCR_INDEX_VOLUME_KEY; /* → PCR 15 */
+ target_pcr_nr = TPM2_PCR_SYSTEM_IDENTITY; /* → PCR 15 */
} else if (arg_machine_id) {
sd_id128_t mid;
if (!word)
return log_oom();
- target_pcr_nr = TPM_PCR_INDEX_VOLUME_KEY; /* → PCR 15 */
+ target_pcr_nr = TPM2_PCR_SYSTEM_IDENTITY; /* → PCR 15 */
} else {
if (optind+1 != argc)
if (isempty(word))
return log_error_errno(SYNTHETIC_ERRNO(EINVAL), "String to measure cannot be empty, refusing.");
- target_pcr_nr = TPM_PCR_INDEX_KERNEL_IMAGE; /* → PCR 11 */
+ target_pcr_nr = TPM2_PCR_KERNEL_BOOT; /* → PCR 11 */
}
if (arg_graceful && tpm2_support() != TPM2_SUPPORT_FULL) {
if (r < 0)
return r;
if (r == 0) {
- log_info("Kernel stub did not measure kernel image into PCR %u, skipping userspace measurement, too.", TPM_PCR_INDEX_KERNEL_IMAGE);
+ log_info("Kernel stub did not measure kernel image into PCR %i, skipping userspace measurement, too.", TPM2_PCR_KERNEL_BOOT);
return EXIT_SUCCESS;
}
if (arg_tpm2_pcr_mask == UINT32_MAX)
arg_tpm2_pcr_mask = TPM2_PCR_MASK_DEFAULT;
if (arg_tpm2_public_key_pcr_mask == UINT32_MAX)
- arg_tpm2_public_key_pcr_mask = UINT32_C(1) << TPM_PCR_INDEX_KERNEL_IMAGE;
+ arg_tpm2_public_key_pcr_mask = UINT32_C(1) << TPM2_PCR_KERNEL_BOOT;
return 1;
}
return r;
if (arg_tpm2_public_key_pcr_mask_use_default && arg_tpm2_public_key)
- arg_tpm2_public_key_pcr_mask = INDEX_TO_MASK(uint32_t, TPM_PCR_INDEX_KERNEL_IMAGE);
+ arg_tpm2_public_key_pcr_mask = INDEX_TO_MASK(uint32_t, TPM2_PCR_KERNEL_BOOT);
if (arg_tpm2_hash_pcr_values_use_default && !GREEDY_REALLOC_APPEND(
arg_tpm2_hash_pcr_values,
return 0;
}
- pcr = r ? TPM_PCR_INDEX_VOLUME_KEY : UINT_MAX;
+ pcr = r ? TPM2_PCR_SYSTEM_IDENTITY : UINT_MAX;
} else if (!TPM2_PCR_INDEX_VALID(pcr)) {
log_warning("Selected TPM index for measurement %u outside of allowed range 0…%u, ignoring.", pcr, TPM2_PCRS_MAX-1);
return 0;
/* The various TPM PCRs we measure into from sd-stub and sd-boot. */
-/* This TPM PCR is where we extend the sd-stub "payloads" into, before using them. i.e. the kernel ELF image,
- * embedded initrd, and so on. In contrast to PCR 4 (which also contains this data, given the whole
- * surrounding PE image is measured into it) this should be reasonably pre-calculatable, because it *only*
- * consists of static data from the kernel PE image. */
-#define TPM_PCR_INDEX_KERNEL_IMAGE 11U
+enum {
+ /* The following names for PCRs 0…7 are based on the names in the "TCG PC Client Specific Platform
+ * Firmware Profile Specification"
+ * (https://trustedcomputinggroup.org/resource/pc-client-specific-platform-firmware-profile-specification/) */
+ TPM2_PCR_PLATFORM_CODE = 0,
+ TPM2_PCR_PLATFORM_CONFIG = 1,
+ TPM2_PCR_EXTERNAL_CODE = 2,
+ TPM2_PCR_EXTERNAL_CONFIG = 3,
+ TPM2_PCR_BOOT_LOADER_CODE = 4,
+ TPM2_PCR_BOOT_LOADER_CONFIG = 5,
+ TPM2_PCR_HOST_PLATFORM = 6,
+ TPM2_PCR_SECURE_BOOT_POLICY = 7,
-/* This TPM PCR is where sd-stub extends the kernel command line and any passed credentials into. */
-#define TPM_PCR_INDEX_KERNEL_PARAMETERS 12U
+ /* The following names for PCRs 9…15 are based on the "Linux TPM PCR Registry"
+ (https://uapi-group.org/specifications/specs/linux_tpm_pcr_registry/) */
+ TPM2_PCR_KERNEL_INITRD = 9,
+ TPM2_PCR_IMA = 10,
-/* This TPM PCR is where we extend the initrd sysext images into which we pass to the booted kernel */
-#define TPM_PCR_INDEX_INITRD_SYSEXTS 13U
+ /* systemd: This TPM PCR is where we extend the sd-stub "payloads" into, before using them. i.e. the kernel
+ * ELF image, embedded initrd, and so on. In contrast to PCR 4 (which also contains this data, given
+ * the whole surrounding PE image is measured into it) this should be reasonably pre-calculatable,
+ * because it *only* consists of static data from the kernel PE image. */
+ TPM2_PCR_KERNEL_BOOT = 11,
-/* This TPM PCR is where we measure the root fs volume key (and maybe /var/'s) if it is split off */
-#define TPM_PCR_INDEX_VOLUME_KEY 15U
+ /* systemd: This TPM PCR is where sd-stub extends the kernel command line and any passed credentials into. */
+ TPM2_PCR_KERNEL_CONFIG = 12,
+
+ /* systemd: This TPM PCR is where we extend the initrd sysext images into which we pass to the booted kernel */
+ TPM2_PCR_SYSEXTS = 13,
+ TPM2_PCR_SHIM_POLICY = 14,
+
+ /* systemd: This TPM PCR is where we measure the root fs volume key (and maybe /var/'s) if it is split off */
+ TPM2_PCR_SYSTEM_IDENTITY = 15,
+
+ /* As per "TCG PC Client Specific Platform Firmware Profile Specification" again, see above */
+ TPM2_PCR_DEBUG = 16,
+ TPM2_PCR_APPLICATION_SUPPORT = 23,
+};
/* List of PE sections that have special meaning for us in unified kernels. This is the canonical order in
* which we measure the sections into TPM PCR 11 (see above). PLEASE DO NOT REORDER! */
"A path to a loopback file must be specified when --split is used.");
if (arg_tpm2_public_key_pcr_mask_use_default && arg_tpm2_public_key)
- arg_tpm2_public_key_pcr_mask = INDEX_TO_MASK(uint32_t, TPM_PCR_INDEX_KERNEL_IMAGE);
+ arg_tpm2_public_key_pcr_mask = INDEX_TO_MASK(uint32_t, TPM2_PCR_KERNEL_BOOT);
if (arg_tpm2_hash_pcr_values_use_default && !GREEDY_REALLOC_APPEND(
arg_tpm2_hash_pcr_values,
if (r < 0)
return log_full_errno(log_level, r,
"Failed to parse StubPcrKernelImage EFI variable: %s", pcr_string);
- if (pcr_nr != TPM_PCR_INDEX_KERNEL_IMAGE)
+ if (pcr_nr != TPM2_PCR_KERNEL_BOOT)
return log_full_errno(log_level, SYNTHETIC_ERRNO(EREMOTE),
- "Kernel stub measured kernel image into PCR %u, which is different than expected %u.",
- pcr_nr, TPM_PCR_INDEX_KERNEL_IMAGE);
+ "Kernel stub measured kernel image into PCR %u, which is different than expected %i.",
+ pcr_nr, TPM2_PCR_KERNEL_BOOT);
return 1;
}
if (r < 1)
return log_error_errno(r, "Could not parse pcr value '%s': %m", p);
- r = pcr_index_from_string(index);
+ r = tpm2_pcr_index_from_string(index);
if (r < 0)
return log_error_errno(r, "Invalid pcr index '%s': %m", index);
pcr_value.index = (unsigned) r;
return 0;
}
-static const char* const pcr_index_table[_PCR_INDEX_MAX_DEFINED] = {
- [PCR_PLATFORM_CODE] = "platform-code",
- [PCR_PLATFORM_CONFIG] = "platform-config",
- [PCR_EXTERNAL_CODE] = "external-code",
- [PCR_EXTERNAL_CONFIG] = "external-config",
- [PCR_BOOT_LOADER_CODE] = "boot-loader-code",
- [PCR_BOOT_LOADER_CONFIG] = "boot-loader-config",
- [PCR_HOST_PLATFORM] = "host-platform",
- [PCR_SECURE_BOOT_POLICY] = "secure-boot-policy",
- [PCR_KERNEL_INITRD] = "kernel-initrd",
- [PCR_IMA] = "ima",
- [PCR_KERNEL_BOOT] = "kernel-boot",
- [PCR_KERNEL_CONFIG] = "kernel-config",
- [PCR_SYSEXTS] = "sysexts",
- [PCR_SHIM_POLICY] = "shim-policy",
- [PCR_SYSTEM_IDENTITY] = "system-identity",
- [PCR_DEBUG] = "debug",
- [PCR_APPLICATION_SUPPORT] = "application-support",
+static const char* const tpm2_pcr_index_table[_TPM2_PCR_INDEX_MAX_DEFINED] = {
+ [TPM2_PCR_PLATFORM_CODE] = "platform-code",
+ [TPM2_PCR_PLATFORM_CONFIG] = "platform-config",
+ [TPM2_PCR_EXTERNAL_CODE] = "external-code",
+ [TPM2_PCR_EXTERNAL_CONFIG] = "external-config",
+ [TPM2_PCR_BOOT_LOADER_CODE] = "boot-loader-code",
+ [TPM2_PCR_BOOT_LOADER_CONFIG] = "boot-loader-config",
+ [TPM2_PCR_HOST_PLATFORM] = "host-platform",
+ [TPM2_PCR_SECURE_BOOT_POLICY] = "secure-boot-policy",
+ [TPM2_PCR_KERNEL_INITRD] = "kernel-initrd",
+ [TPM2_PCR_IMA] = "ima",
+ [TPM2_PCR_KERNEL_BOOT] = "kernel-boot",
+ [TPM2_PCR_KERNEL_CONFIG] = "kernel-config",
+ [TPM2_PCR_SYSEXTS] = "sysexts",
+ [TPM2_PCR_SHIM_POLICY] = "shim-policy",
+ [TPM2_PCR_SYSTEM_IDENTITY] = "system-identity",
+ [TPM2_PCR_DEBUG] = "debug",
+ [TPM2_PCR_APPLICATION_SUPPORT] = "application-support",
};
-DEFINE_STRING_TABLE_LOOKUP_FROM_STRING_WITH_FALLBACK(pcr_index, int, TPM2_PCRS_MAX - 1);
-DEFINE_STRING_TABLE_LOOKUP_TO_STRING(pcr_index, int);
+DEFINE_STRING_TABLE_LOOKUP_FROM_STRING_WITH_FALLBACK(tpm2_pcr_index, int, TPM2_PCRS_MAX - 1);
+DEFINE_STRING_TABLE_LOOKUP_TO_STRING(tpm2_pcr_index, int);
#include "macro.h"
#include "openssl-util.h"
#include "sha256.h"
+#include "tpm-pcr.h"
typedef enum TPM2Flags {
TPM2_FLAGS_USE_PIN = 1 << 0,
* TPM2 on a Client PC must have at least 24 PCRs. This hardcodes our expectation of 24. */
#define TPM2_PCRS_MAX 24U
#define TPM2_PCRS_MASK ((UINT32_C(1) << TPM2_PCRS_MAX) - 1)
+
static inline bool TPM2_PCR_INDEX_VALID(unsigned pcr) {
return pcr < TPM2_PCRS_MAX;
}
TPM2_SUPPORT_FULL = TPM2_SUPPORT_FIRMWARE|TPM2_SUPPORT_DRIVER|TPM2_SUPPORT_SYSTEM|TPM2_SUPPORT_SUBSYSTEM|TPM2_SUPPORT_LIBRARIES,
} Tpm2Support;
-enum {
- /* The following names for PCRs 0…7 are based on the names in the "TCG PC Client Specific Platform
- * Firmware Profile Specification"
- * (https://trustedcomputinggroup.org/resource/pc-client-specific-platform-firmware-profile-specification/) */
- PCR_PLATFORM_CODE = 0,
- PCR_PLATFORM_CONFIG = 1,
- PCR_EXTERNAL_CODE = 2,
- PCR_EXTERNAL_CONFIG = 3,
- PCR_BOOT_LOADER_CODE = 4,
- PCR_BOOT_LOADER_CONFIG = 5,
- PCR_HOST_PLATFORM = 6,
- PCR_SECURE_BOOT_POLICY = 7,
- /* The following names for PCRs 9…15 are based on the "Linux TPM PCR Registry"
- (https://uapi-group.org/specifications/specs/linux_tpm_pcr_registry/) */
- PCR_KERNEL_INITRD = 9,
- PCR_IMA = 10,
- PCR_KERNEL_BOOT = 11,
- PCR_KERNEL_CONFIG = 12,
- PCR_SYSEXTS = 13,
- PCR_SHIM_POLICY = 14,
- PCR_SYSTEM_IDENTITY = 15,
- /* As per "TCG PC Client Specific Platform Firmware Profile Specification" again, see above */
- PCR_DEBUG = 16,
- PCR_APPLICATION_SUPPORT = 23,
- _PCR_INDEX_MAX_DEFINED = TPM2_PCRS_MAX,
- _PCR_INDEX_INVALID = -EINVAL,
-};
-
Tpm2Support tpm2_support(void);
int tpm2_parse_pcr_argument(const char *arg, Tpm2PCRValue **ret_pcr_values, size_t *ret_n_pcr_values);
size_t saltlen,
uint8_t res[static SHA256_DIGEST_SIZE]);
-int pcr_index_from_string(const char *s) _pure_;
-const char *pcr_index_to_string(int pcr) _const_;
+enum {
+ /* Additional defines for the PCR index naming enum from "fundamental/tpm-pcr.h" */
+ _TPM2_PCR_INDEX_MAX_DEFINED = TPM2_PCRS_MAX,
+ _TPM2_PCR_INDEX_INVALID = -EINVAL,
+};
+
+int tpm2_pcr_index_from_string(const char *s) _pure_;
+const char *tpm2_pcr_index_to_string(int pcr) _const_;
#include "tpm2-util.h"
#include "tests.h"
-TEST(pcr_index_from_string) {
- assert_se(pcr_index_from_string("platform-code") == 0);
- assert_se(pcr_index_from_string("0") == 0);
- assert_se(pcr_index_from_string("platform-config") == 1);
- assert_se(pcr_index_from_string("1") == 1);
- assert_se(pcr_index_from_string("external-code") == 2);
- assert_se(pcr_index_from_string("2") == 2);
- assert_se(pcr_index_from_string("external-config") == 3);
- assert_se(pcr_index_from_string("3") == 3);
- assert_se(pcr_index_from_string("boot-loader-code") == 4);
- assert_se(pcr_index_from_string("4") == 4);
- assert_se(pcr_index_from_string("boot-loader-config") == 5);
- assert_se(pcr_index_from_string("5") == 5);
- assert_se(pcr_index_from_string("secure-boot-policy") == 7);
- assert_se(pcr_index_from_string("7") == 7);
- assert_se(pcr_index_from_string("kernel-initrd") == 9);
- assert_se(pcr_index_from_string("9") == 9);
- assert_se(pcr_index_from_string("ima") == 10);
- assert_se(pcr_index_from_string("10") == 10);
- assert_se(pcr_index_from_string("kernel-boot") == 11);
- assert_se(pcr_index_from_string("11") == 11);
- assert_se(pcr_index_from_string("kernel-config") == 12);
- assert_se(pcr_index_from_string("12") == 12);
- assert_se(pcr_index_from_string("sysexts") == 13);
- assert_se(pcr_index_from_string("13") == 13);
- assert_se(pcr_index_from_string("shim-policy") == 14);
- assert_se(pcr_index_from_string("14") == 14);
- assert_se(pcr_index_from_string("system-identity") == 15);
- assert_se(pcr_index_from_string("15") == 15);
- assert_se(pcr_index_from_string("debug") == 16);
- assert_se(pcr_index_from_string("16") == 16);
- assert_se(pcr_index_from_string("application-support") == 23);
- assert_se(pcr_index_from_string("23") == 23);
- assert_se(pcr_index_from_string("hello") == -EINVAL);
- assert_se(pcr_index_from_string("8") == 8);
- assert_se(pcr_index_from_string("44") == -EINVAL);
- assert_se(pcr_index_from_string("-5") == -EINVAL);
- assert_se(pcr_index_from_string("24") == -EINVAL);
+TEST(tpm2_pcr_index_from_string) {
+ assert_se(tpm2_pcr_index_from_string("platform-code") == 0);
+ assert_se(tpm2_pcr_index_from_string("0") == 0);
+ assert_se(tpm2_pcr_index_from_string("platform-config") == 1);
+ assert_se(tpm2_pcr_index_from_string("1") == 1);
+ assert_se(tpm2_pcr_index_from_string("external-code") == 2);
+ assert_se(tpm2_pcr_index_from_string("2") == 2);
+ assert_se(tpm2_pcr_index_from_string("external-config") == 3);
+ assert_se(tpm2_pcr_index_from_string("3") == 3);
+ assert_se(tpm2_pcr_index_from_string("boot-loader-code") == 4);
+ assert_se(tpm2_pcr_index_from_string("4") == 4);
+ assert_se(tpm2_pcr_index_from_string("boot-loader-config") == 5);
+ assert_se(tpm2_pcr_index_from_string("5") == 5);
+ assert_se(tpm2_pcr_index_from_string("secure-boot-policy") == 7);
+ assert_se(tpm2_pcr_index_from_string("7") == 7);
+ assert_se(tpm2_pcr_index_from_string("kernel-initrd") == 9);
+ assert_se(tpm2_pcr_index_from_string("9") == 9);
+ assert_se(tpm2_pcr_index_from_string("ima") == 10);
+ assert_se(tpm2_pcr_index_from_string("10") == 10);
+ assert_se(tpm2_pcr_index_from_string("kernel-boot") == 11);
+ assert_se(tpm2_pcr_index_from_string("11") == 11);
+ assert_se(tpm2_pcr_index_from_string("kernel-config") == 12);
+ assert_se(tpm2_pcr_index_from_string("12") == 12);
+ assert_se(tpm2_pcr_index_from_string("sysexts") == 13);
+ assert_se(tpm2_pcr_index_from_string("13") == 13);
+ assert_se(tpm2_pcr_index_from_string("shim-policy") == 14);
+ assert_se(tpm2_pcr_index_from_string("14") == 14);
+ assert_se(tpm2_pcr_index_from_string("system-identity") == 15);
+ assert_se(tpm2_pcr_index_from_string("15") == 15);
+ assert_se(tpm2_pcr_index_from_string("debug") == 16);
+ assert_se(tpm2_pcr_index_from_string("16") == 16);
+ assert_se(tpm2_pcr_index_from_string("application-support") == 23);
+ assert_se(tpm2_pcr_index_from_string("23") == 23);
+ assert_se(tpm2_pcr_index_from_string("hello") == -EINVAL);
+ assert_se(tpm2_pcr_index_from_string("8") == 8);
+ assert_se(tpm2_pcr_index_from_string("44") == -EINVAL);
+ assert_se(tpm2_pcr_index_from_string("-5") == -EINVAL);
+ assert_se(tpm2_pcr_index_from_string("24") == -EINVAL);
}
TEST(tpm2_util_pbkdf2_hmac_sha256) {
projects / thirdparty / systemd.git / commitdiff
