From: Fergus Dall Date: Sun, 30 Nov 2025 05:38:49 +0000 (+1030) Subject: pcrlock: Record predictions at start of component range X-Git-Tag: v260-rc3~75 X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=d73dc51fbd937a3da97f4ab6748f36fc5d92d1c1;p=thirdparty%2Fsystemd.git pcrlock: Record predictions at start of component range Currently pcrlock won't predict PCR values that would be present at the start of the requested location range (unless there are no events for that PCR in the location range). This means predictions for the default range 760:940, which is intended to start just after entering the initrd, are not actually possible to fulfill until after the initrd is exited (or possibly even later, depending on what other events are recorded). Fix this by recording predictions immediately prior to processing components after the start point. Fixes #39946 --- diff --git a/src/pcrlock/pcrlock.c b/src/pcrlock/pcrlock.c index a02846e785d..ab97c1a754e 100644 --- a/src/pcrlock/pcrlock.c +++ b/src/pcrlock/pcrlock.c @@ -4004,8 +4004,7 @@ static int pcr_prediction_add_result( Tpm2PCRPrediction *context, Tpm2PCRPredictionResult *result, uint32_t pcr, - const char *path, - size_t offset) { + const char *path) { _cleanup_free_ Tpm2PCRPredictionResult *copy = NULL; int r; @@ -4040,18 +4039,11 @@ static const EVP_MD* evp_from_tpm2_alg(uint16_t alg) { } static int event_log_component_variant_calculate( - Tpm2PCRPrediction *context, Tpm2PCRPredictionResult *result, - EventLogComponent *component, EventLogComponentVariant *variant, - uint32_t pcr, - const char *path) { + uint32_t pcr) { - int r; - - assert(context); assert(result); - assert(component); assert(variant); FOREACH_ARRAY(rr, variant->records, variant->n_records) { @@ -4107,13 +4099,6 @@ static int event_log_component_variant_calculate( assert(l == (unsigned) sz); } - - /* This is a valid result once we hit the start location */ - if (arg_location_start && strcmp(component->id, arg_location_start) >= 0) { - r = pcr_prediction_add_result(context, result, pcr, path, rr - variant->records); - if (r < 0) - return r; - } } return 0; @@ -4137,7 +4122,7 @@ static int event_log_predict_pcrs( /* Check if we reached the end of the components, generate a result, and backtrack */ if (component_index >= el->n_components || (arg_location_end && strcmp(el->components[component_index]->id, arg_location_end) > 0)) { - r = pcr_prediction_add_result(context, parent_result, pcr, path, /* offset= */ 0); + r = pcr_prediction_add_result(context, parent_result, pcr, path); if (r < 0) return r; @@ -4146,6 +4131,13 @@ static int event_log_predict_pcrs( component = ASSERT_PTR(el->components[component_index]); + /* Check if we are just about to process a component after start, if so record a result and continue. */ + if (arg_location_start && strcmp(component->id, arg_location_start) > 0) { + r = pcr_prediction_add_result(context, parent_result, pcr, path); + if (r < 0) + return r; + } + FOREACH_ARRAY(ii, component->variants, component->n_variants) { _cleanup_free_ Tpm2PCRPredictionResult *result = NULL; EventLogComponentVariant *variant = *ii; @@ -4169,12 +4161,9 @@ static int event_log_predict_pcrs( return log_oom(); r = event_log_component_variant_calculate( - context, result, - component, variant, - pcr, - subpath); + pcr); if (r < 0) return r;