efi-loader: rename efi_stub_measured() → efi_measured_uki()

Let's say "uki" rather than "stub", since that is just too generic, and
we shouldn't limit us to our own stub anyway, but generally define a
concept of a "measured UKI", which is a UKI that measures its part to
PCR 11.

This is mostly preparation for exposing this check to the user via
ConditionSecurity=.

diff --git a/src/cryptsetup/cryptsetup.c b/src/cryptsetup/cryptsetup.c
index 4fb5fe89ef38f926a533ca53a118209df0aa74a0..d692f88a14011ba237619cc1f572b7beb06b9101 100644 (file)
--- a/src/cryptsetup/cryptsetup.c
+++ b/src/cryptsetup/cryptsetup.c
@@ -823,7 +823,7 @@ static int measure_volume_key(
                 return 0;
         }
 
-        r = efi_stub_measured(LOG_WARNING);
+        r = efi_measured_uki(LOG_WARNING);
         if (r < 0)
                 return r;
         if (r == 0) {

diff --git a/src/fstab-generator/fstab-generator.c b/src/fstab-generator/fstab-generator.c
index 0a30f8c9c902fb708c7c8a38aa7d2106177f06ba..5a5c05df0c22547aacc4d3c0d860a59cb30b3354 100644 (file)
--- a/src/fstab-generator/fstab-generator.c
+++ b/src/fstab-generator/fstab-generator.c
@@ -650,7 +650,7 @@ static int add_mount(
         }
 
         if (flags & MOUNT_PCRFS) {
-                r = efi_stub_measured(LOG_WARNING);
+                r = efi_measured_uki(LOG_WARNING);
                 if (r == 0)
                         log_debug("Kernel stub did not measure kernel image into PCR, skipping userspace measurement, too.");
                 else if (r > 0) {

diff --git a/src/gpt-auto-generator/gpt-auto-generator.c b/src/gpt-auto-generator/gpt-auto-generator.c
index 2bcb887a82e65ecba651a6dc338ee3e5f7ffb010..d774740622816a869072a242a06cf3a203324a4c 100644 (file)
--- a/src/gpt-auto-generator/gpt-auto-generator.c
+++ b/src/gpt-auto-generator/gpt-auto-generator.c
@@ -106,7 +106,7 @@ static int add_cryptsetup(
                  * assignment, under the assumption that people who are fine to use sd-stub with its PCR
                  * assignments are also OK with our PCR 15 use here. */
 
-                r = efi_stub_measured(LOG_WARNING);
+                r = efi_measured_uki(LOG_WARNING);
                 if (r == 0)
                         log_debug("Will not measure volume key of volume '%s', not booted via systemd-stub with measurements enabled.", id);
                 else if (r > 0) {

diff --git a/src/pcrextend/pcrextend.c b/src/pcrextend/pcrextend.c
index 358bee72b081614c181ceabf65cc68d0f927d47b..8c5631babbda85ec23ce5ddabed8657e210d5d2c 100644 (file)
--- a/src/pcrextend/pcrextend.c
+++ b/src/pcrextend/pcrextend.c
@@ -351,7 +351,7 @@ static int run(int argc, char *argv[]) {
         length = strlen(word);
 
         /* Skip logic if sd-stub is not used, after all PCR 11 might have a very different purpose then. */
-        r = efi_stub_measured(LOG_ERR);
+        r = efi_measured_uki(LOG_ERR);
         if (r < 0)
                 return r;
         if (r == 0) {

diff --git a/src/shared/efi-loader.c b/src/shared/efi-loader.c
index 7cbd69bfb0abd1cdd8fcb31e57f7d3086a050152..eae8deba39ad0300b280c364bfd4358d264de17c 100644 (file)
--- a/src/shared/efi-loader.c
+++ b/src/shared/efi-loader.c
@@ -238,7 +238,7 @@ int efi_stub_get_features(uint64_t *ret) {
         return 0;
 }
 
-int efi_stub_measured(int log_level) {
+int efi_measured_uki(int log_level) {
         _cleanup_free_ char *pcr_string = NULL;
         unsigned pcr_nr;
         int r;

diff --git a/src/shared/efi-loader.h b/src/shared/efi-loader.h
index 834362292a88a18a5ffe3545b9fbfe1448b54431..c878eea72fc6d2bf674a1fa3231de0af6f3a4737 100644 (file)
--- a/src/shared/efi-loader.h
+++ b/src/shared/efi-loader.h
@@ -18,7 +18,7 @@ int efi_loader_get_entries(char ***ret);
 int efi_loader_get_features(uint64_t *ret);
 int efi_stub_get_features(uint64_t *ret);
 
-int efi_stub_measured(int log_level);
+int efi_measured_uki(int log_level);
 
 int efi_loader_get_config_timeout_one_shot(usec_t *ret);
 int efi_loader_update_entry_one_shot_cache(char **cache, struct stat *cache_stat);
@@ -45,7 +45,7 @@ static inline int efi_stub_get_features(uint64_t *ret) {
         return -EOPNOTSUPP;
 }
 
-static inline int efi_stub_measured(int log_level) {
+static inline int efi_measured_uki(int log_level) {
         return log_full_errno(log_level, SYNTHETIC_ERRNO(EOPNOTSUPP),
                               "Compiled without support for EFI");
 }