From: Lennart Poettering Date: Wed, 27 Sep 2023 09:50:14 +0000 (+0200) Subject: efi-loader: rename efi_stub_measured() → efi_measured_uki() X-Git-Tag: v255-rc1~412^2~4 X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=be8f478c0ffd5dbdebc82d4166631cc06d6f2917;p=thirdparty%2Fsystemd.git efi-loader: rename efi_stub_measured() → efi_measured_uki() Let's say "uki" rather than "stub", since that is just too generic, and we shouldn't limit us to our own stub anyway, but generally define a concept of a "measured UKI", which is a UKI that measures its part to PCR 11. This is mostly preparation for exposing this check to the user via ConditionSecurity=. --- diff --git a/src/cryptsetup/cryptsetup.c b/src/cryptsetup/cryptsetup.c index 4fb5fe89ef3..d692f88a140 100644 --- a/src/cryptsetup/cryptsetup.c +++ b/src/cryptsetup/cryptsetup.c @@ -823,7 +823,7 @@ static int measure_volume_key( return 0; } - r = efi_stub_measured(LOG_WARNING); + r = efi_measured_uki(LOG_WARNING); if (r < 0) return r; if (r == 0) { diff --git a/src/fstab-generator/fstab-generator.c b/src/fstab-generator/fstab-generator.c index 0a30f8c9c90..5a5c05df0c2 100644 --- a/src/fstab-generator/fstab-generator.c +++ b/src/fstab-generator/fstab-generator.c @@ -650,7 +650,7 @@ static int add_mount( } if (flags & MOUNT_PCRFS) { - r = efi_stub_measured(LOG_WARNING); + r = efi_measured_uki(LOG_WARNING); if (r == 0) log_debug("Kernel stub did not measure kernel image into PCR, skipping userspace measurement, too."); else if (r > 0) { diff --git a/src/gpt-auto-generator/gpt-auto-generator.c b/src/gpt-auto-generator/gpt-auto-generator.c index 2bcb887a82e..d7747406228 100644 --- a/src/gpt-auto-generator/gpt-auto-generator.c +++ b/src/gpt-auto-generator/gpt-auto-generator.c @@ -106,7 +106,7 @@ static int add_cryptsetup( * assignment, under the assumption that people who are fine to use sd-stub with its PCR * assignments are also OK with our PCR 15 use here. */ - r = efi_stub_measured(LOG_WARNING); + r = efi_measured_uki(LOG_WARNING); if (r == 0) log_debug("Will not measure volume key of volume '%s', not booted via systemd-stub with measurements enabled.", id); else if (r > 0) { diff --git a/src/pcrextend/pcrextend.c b/src/pcrextend/pcrextend.c index 358bee72b08..8c5631babbd 100644 --- a/src/pcrextend/pcrextend.c +++ b/src/pcrextend/pcrextend.c @@ -351,7 +351,7 @@ static int run(int argc, char *argv[]) { length = strlen(word); /* Skip logic if sd-stub is not used, after all PCR 11 might have a very different purpose then. */ - r = efi_stub_measured(LOG_ERR); + r = efi_measured_uki(LOG_ERR); if (r < 0) return r; if (r == 0) { diff --git a/src/shared/efi-loader.c b/src/shared/efi-loader.c index 7cbd69bfb0a..eae8deba39a 100644 --- a/src/shared/efi-loader.c +++ b/src/shared/efi-loader.c @@ -238,7 +238,7 @@ int efi_stub_get_features(uint64_t *ret) { return 0; } -int efi_stub_measured(int log_level) { +int efi_measured_uki(int log_level) { _cleanup_free_ char *pcr_string = NULL; unsigned pcr_nr; int r; diff --git a/src/shared/efi-loader.h b/src/shared/efi-loader.h index 834362292a8..c878eea72fc 100644 --- a/src/shared/efi-loader.h +++ b/src/shared/efi-loader.h @@ -18,7 +18,7 @@ int efi_loader_get_entries(char ***ret); int efi_loader_get_features(uint64_t *ret); int efi_stub_get_features(uint64_t *ret); -int efi_stub_measured(int log_level); +int efi_measured_uki(int log_level); int efi_loader_get_config_timeout_one_shot(usec_t *ret); int efi_loader_update_entry_one_shot_cache(char **cache, struct stat *cache_stat); @@ -45,7 +45,7 @@ static inline int efi_stub_get_features(uint64_t *ret) { return -EOPNOTSUPP; } -static inline int efi_stub_measured(int log_level) { +static inline int efi_measured_uki(int log_level) { return log_full_errno(log_level, SYNTHETIC_ERRNO(EOPNOTSUPP), "Compiled without support for EFI"); }