]> git.ipfire.org Git - thirdparty/systemd.git/commitdiff
projects / thirdparty / systemd.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: e1f1b5f)
stub/measure: document and measure .uname UKI section
authorLuca Boccassi <bluca@debian.org>
Sun, 21 May 2023 13:32:09 +0000 (14:32 +0100)
committerLuca Boccassi <bluca@debian.org>
Wed, 24 May 2023 10:06:36 +0000 (11:06 +0100)
man/systemd-stub.xml patch | blob | blame | history
src/boot/measure.c patch | blob | blame | history
src/fundamental/tpm-pcr.c patch | blob | blame | history
src/fundamental/tpm-pcr.h patch | blob | blame | history
src/ukify/ukify.py patch | blob | blame | history

diff --git a/man/systemd-stub.xml b/man/systemd-stub.xml
index 4cbf9cde85bf368c5b0d2c7c2d68d901087b4405..e0513f2136bf65e9d45b67244788a2f3e96863a7 100644 (file)
--- a/man/systemd-stub.xml
+++ b/man/systemd-stub.xml
@@ -57,6 +57,9 @@
       <citerefentry><refentrytitle>os-release</refentrytitle><manvolnum>5</manvolnum></citerefentry> file of
       the OS the kernel belongs to, in the <literal>.osrel</literal> PE section.</para></listitem>
 
+      <listitem><para>Kernel version information, i.e. the output of <command>uname -r</command> for the
+      kernel included in the UKI, in the <literal>.uname</literal> PE section.</para></listitem>
+
       <listitem><para>The initrd will be loaded from the <literal>.initrd</literal> PE section.
       </para></listitem>
 
diff --git a/src/boot/measure.c b/src/boot/measure.c
index 072f38f20031f9c178fcdfc8eade5ff91a55047a..9b677a2a4875f02e3aa51e768c099bb689f21bbe 100644 (file)
--- a/src/boot/measure.c
+++ b/src/boot/measure.c
@@ -83,6 +83,7 @@ static int help(int argc, char *argv[], void *userdata) {
                "     --initrd=PATH       Path to initrd image file              %7$s .initrd\n"
                "     --splash=PATH       Path to splash bitmap file             %7$s .splash\n"
                "     --dtb=PATH          Path to Devicetree file                %7$s .dtb\n"
+               "     --uname=PATH        Path to 'uname -r' file                %7$s .uname\n"
                "     --pcrpkey=PATH      Path to public key for PCR signatures  %7$s .pcrpkey\n"
                "\nSee the %2$s for details.\n",
                program_invocation_short_name,
@@ -122,6 +123,7 @@ static int parse_argv(int argc, char *argv[]) {
                 ARG_INITRD,
                 ARG_SPLASH,
                 ARG_DTB,
+                ARG_UNAME,
                 _ARG_PCRSIG, /* the .pcrsig section is not input for signing, hence not actually an argument here */
                 _ARG_SECTION_LAST,
                 ARG_PCRPKEY = _ARG_SECTION_LAST,
@@ -144,6 +146,7 @@ static int parse_argv(int argc, char *argv[]) {
                 { "initrd",      required_argument, NULL, ARG_INITRD      },
                 { "splash",      required_argument, NULL, ARG_SPLASH      },
                 { "dtb",         required_argument, NULL, ARG_DTB         },
+                { "uname",       required_argument, NULL, ARG_UNAME       },
                 { "pcrpkey",     required_argument, NULL, ARG_PCRPKEY     },
                 { "current",     no_argument,       NULL, 'c'             },
                 { "bank",        required_argument, NULL, ARG_BANK        },
diff --git a/src/fundamental/tpm-pcr.c b/src/fundamental/tpm-pcr.c
index 7609d83c2ef237bd719be9a83f9d3cb5cb82a3c4..0685d37b05797ce8184d61db28a4a399edfd757e 100644 (file)
--- a/src/fundamental/tpm-pcr.c
+++ b/src/fundamental/tpm-pcr.c
@@ -11,6 +11,7 @@ const char* const unified_sections[_UNIFIED_SECTION_MAX + 1] = {
         [UNIFIED_SECTION_INITRD]  = ".initrd",
         [UNIFIED_SECTION_SPLASH]  = ".splash",
         [UNIFIED_SECTION_DTB]     = ".dtb",
+        [UNIFIED_SECTION_UNAME]   = ".uname",
         [UNIFIED_SECTION_PCRSIG]  = ".pcrsig",
         [UNIFIED_SECTION_PCRPKEY] = ".pcrpkey",
         NULL,
diff --git a/src/fundamental/tpm-pcr.h b/src/fundamental/tpm-pcr.h
index e12b4ff6077cfa8fa8c3375b5314a2c858c770a6..4989d93f0c1a7289cded50044ccbcebb1992bb31 100644 (file)
--- a/src/fundamental/tpm-pcr.h
+++ b/src/fundamental/tpm-pcr.h
@@ -29,6 +29,7 @@ typedef enum UnifiedSection {
         UNIFIED_SECTION_INITRD,
         UNIFIED_SECTION_SPLASH,
         UNIFIED_SECTION_DTB,
+        UNIFIED_SECTION_UNAME,
         UNIFIED_SECTION_PCRSIG,
         UNIFIED_SECTION_PCRPKEY,
         _UNIFIED_SECTION_MAX,
diff --git a/src/ukify/ukify.py b/src/ukify/ukify.py
index d87670eb24aaa6e4c90ec6c3844656b830d85db8..3167f5dbc5efad4fce465a4f347ebe4c755d6f41 100755 (executable)
--- a/src/ukify/ukify.py
+++ b/src/ukify/ukify.py
@@ -658,10 +658,10 @@ def make_uki(opts):
         ('.osrel',   opts.os_release, True ),
         ('.cmdline', opts.cmdline,    True ),
         ('.dtb',     opts.devicetree, True ),
+        ('.uname',   opts.uname,      True ),
         ('.splash',  opts.splash,     True ),
         ('.pcrpkey', pcrpkey,         True ),
         ('.initrd',  initrd,          True ),
-        ('.uname',   opts.uname,      False),
 
         # linux shall be last to leave breathing room for decompression.
         # We'll add it later.
Unnamed repository; edit this file 'description' to name the repository.