Jan Janssen [Fri, 20 Jan 2023 13:11:54 +0000 (14:11 +0100)]
boot: Properly strip EFI binaries
Removing debugging related sections is apparently not enough to truely
strip a (PE) binary.
Better late than never. It gets rid of this pesky warning from sbsign:
warning: data remaining[174080 vs 193173]: gaps between PE/COFF sections?
These combine strndup() + strspn()/strcspn() into one.
There are a bunch of strndupa() calls that could use similar treatment
(or should be converted to strdup[c]spn(), but this commit doesn't
bother with that.
Waltibaba [Fri, 20 Jan 2023 07:38:13 +0000 (08:38 +0100)]
hwdb: Add Chuwi Hi10X (N4120 version) iio matrix
There is a later model version of the Chuwi Hi10X that has significantly changed components compared to the existing hwdb one. Differentiator (on Chuwi forums, in thesofproject, etc.) is the N4120 rather than the N4100 processor.
The svn and pn seem to be identical, my Chuwi Hi10X matches with the old model except for the changed KIOX000A* iio sensor.
With the added ACCEL_MOUNT_MATRIX, my device works on gnome and has the correct (right-up) output in monitor-sensors.
Luca Boccassi [Thu, 19 Jan 2023 23:20:55 +0000 (23:20 +0000)]
sd-login: add sd_pidfd_* APIs
Same as the sd_pid_* counterparts, but take a pid file descriptor instead of
a pid, so that the callers can be sure that the returned values are really
about the process they asked for, and not about a recycled PID.
Michal Koutný [Wed, 18 Jan 2023 22:20:31 +0000 (23:20 +0100)]
core: mount namespaces: Remove auxiliary bind mounts directory after unit termination
Unit that requires its own mount namespace creates a temporary directory
to implement dynamic bind mounts (org.freedesktop.systemd1.Manager.BindMountUnit).
However, this directory is never removed and they will accumulate for
each unique unit (e.g. templated units of systemd-coredump@).
Attach the auxiliary runtime directory existence to lifetime of other
"runtime" only per-unit directories.
Ludwig Nussel [Thu, 8 Dec 2022 15:27:31 +0000 (16:27 +0100)]
bootctl: unlink and cleanup functions
The unlink command removes an entry from the ESP including
referenced files that are not referenced in other entries. That is
useful eg to have multiple entries that use the same kernel with
different options.
The cleanup command removes all files that are not referenced by any
entry.
Yu Watanabe [Thu, 19 Jan 2023 09:21:34 +0000 (18:21 +0900)]
network: assume prefix length is full address size
The commit 0f707207b9fc04d45ad176930cfefc77c0068545 enables strong
warning about missing prefix length in Address= setting.
The change was done in v241, and was about 4 years ago.
Let's drop the legacy assumption and make the parser consistent with
'ip address' command.
William Roberts [Wed, 18 Jan 2023 14:45:53 +0000 (08:45 -0600)]
tpm2: add salt to pin
Add a salt to the pin and store it in the TPM2 LUKS header for future
this. This adds entropy to user supplied pins and helps brute forcing
the passphrase on the key residing in the TPM or brute forcing bind key
encrypted sessions with low entropy passphrases.
Signed-off-by: malikabhi05 <abhishek.malik@intel.com> Signed-off-by: William Roberts <william.c.roberts@intel.com>
Jan Janssen [Tue, 23 Aug 2022 08:51:36 +0000 (10:51 +0200)]
boot: Drop use of Print
The custom print helpers have been replaced with explicit checks at the
call site to keep this in line with the way it is done in userspace. Any
calls where the check has been ommited should not need them as the value
is expected to alawys be around.
Jan Janssen [Thu, 18 Aug 2022 11:43:19 +0000 (13:43 +0200)]
tree-wide: Use __func__ in asserts
clang puts the whole function signature in __PRETTY_FUNCTION__, which is
a bit excessive for something that can already be figured out by using
the line number.
Luca Boccassi [Mon, 16 Jan 2023 23:46:01 +0000 (23:46 +0000)]
core: add GetUnitByPIDFD method and use it in systemctl
A pid can be recycled, but a pidfd is pinned. Add a new method that is safer
as it takes a pidfd as input.
Return not only the D-Bus object path, but also the unit id and the last
recorded invocation id, as they are both useful (especially the id, as
converting from a path object to a unit id from a script requires another
round-trip via D-Bus).
Note that the manager still tracks processes by pid, so theorethically this
is not fully error-proof, but on the other hand the method response is
synchronous and the manager is single-threaded, so once a call is being
processed the unit database will not change anyway. Once the manager
switches to use pidfds everywhere, this can be further hardened.
dissect-image: add probe_sector_size() helper for detecting sector size of a GPT disk image
When we operate with DDIs with sector sizes != 512 we need to configure
the loopback device to match it, otherwise the image and the kernel
block device will disagree what things are.
Let's add a prober that tries to determine the sector size of a GPT DDI.
It does this by looking for the GPT partition table header at the
various byte offsets they must be located on, given a specific sector
size. It will try sector size 512, 1024, 2048 and 4096. Of these only
the 512 and 4096 really make sense IRL I guess, but let's be thorough.
Dmitry V. Levin [Tue, 17 Jan 2023 08:00:00 +0000 (08:00 +0000)]
coredump: use fstatvfs to check the available space
Given that we already have the file descriptor opened for writing, it
would make sense to call fstatvfs with that file descriptor rather than
statvfs with the directory path that was used to open that descriptor.
Daan De Meyer [Thu, 12 Jan 2023 21:42:30 +0000 (22:42 +0100)]
repart: Allow configuring sector size
Let's allow users to configure the (logical) sector size of their
image. This is required when building images for a 4k sector size
disk on a 512b sector size host or vice-versa.
Jan Janssen [Tue, 17 Jan 2023 14:51:42 +0000 (15:51 +0100)]
boot: Fix missed argument to Print()
This fixes 3e87a057a796b57bf9540b948823fbefef6693d7, which passed the
path to the wrong Print() call. Miraculously, this was printing the
correct path during testing and was therefore missed.
Frantisek Sumsal [Tue, 17 Jan 2023 11:14:13 +0000 (12:14 +0100)]
units: don't install pcrphase-related units without gnu-efi
since we don't have systemd-pcrphase built anyway, which breaks the tests:
...
I: Attempting to install /usr/lib/systemd/systemd-networkd-wait-online (based on unit file reference)
I: Attempting to install /usr/lib/systemd/systemd-network-generator (based on unit file reference)
I: Attempting to install /usr/lib/systemd/systemd-oomd (based on unit file reference)
I: Attempting to install /usr/lib/systemd/systemd-pcrphase (based on unit file reference)
W: Failed to install '/usr/lib/systemd/systemd-pcrphase'
make: *** [Makefile:4: setup] Error 1
make: Leaving directory '/root/systemd/test/TEST-01-BASIC'
tpm2: add common helper for checking if we are running on UKI with TPM measurements
Let's introduce a common implementation of a function that checks
whether we are booted on a kernel with systemd-stub that has TPM PCR
measurements enabled. Do our own userspace measurements only if we
detect that.
PCRs are scarce and most likely there are projects which already make
use of them in other ways. Hence, instead of blindly stepping into their
territory let's conditionalize things so that people have to explicitly
buy into our PCR assignments before we start measuring things into them.
Specifically bind everything to an UKI that reported measurements.
This was previously already implemented in systemd-pcrphase, but with
this change we expand this to all tools that process PCR measurement
settings.
The env var to override the check is renamed to SYSTEMD_FORCE_MEASURE,
to make it more generic (since we'll use it at multiple places now).
This is not a compat break, since the original env var for that was not
included in any stable release yet.
units: rework growfs units to be just a regular unit that is instantiated
The systemd-growfs@.service units are currently written in full for each
file system to grow. Which is kinda pointless given that (besides an
optional ordering dep) they contain always the same definition. Let's
fix that and add a static template for this logic, that the generator
simply instantiates (and adds an ordering dep for).
This mimics how systemd-fsck@.service is handled. Similar to the wait
that for root fs there's a special instance systemd-fsck-root.service
we also add a special instance systemd-growfs-root.service for the root
fs, since it has slightly different deps.
units: measure /etc/machine-id into PCR 15 during early boot
We want PCR 15 to be useful for binding per-system policy to. Let's
measure the machine ID into it, to ensure that every OS we can
distinguish will get a different PCR (even if the root disk encryption
key is already measured into it).
cryptsetup: add tpm2-measure-pcr= and tpm2-measure-bank= crypttab options
These options allow measuring the volume key used for unlocking the
volume to a TPM2 PCR. This is ideally used for the volume key of the
root file system and can then be used to bind other resources to the
root file system volume in a secure way.
tpm2-util: optionally do HMAC in tpm2_extend_bytes() in case we process sensitive data
When measuring data into a PCR we are supposed to hash the data on the
CPU and then pass the hash value over the wire to the TPM2. That's all
good as long as the data we intend to measure is not sensitive.
Let's be extra careful though if we want to measure sensitive data, for
example the root file system volume key. Instead of just hashing that
and passing it over the wire to the TPM2, let's do a HMAC signature
instead. It's also a hash operation, but should protect our secret
reasonably well and not leak direct information about it to wiretappers.
Franck Bui [Tue, 17 Jan 2023 05:30:48 +0000 (14:30 +0900)]
udev: support '-=' operator for SYMLINK
For some (corner) cases, it might be desirable to disable the generation of
some persistent storage symlinks that 60-persistent-storage.rules creates.
For example on big setups with a high number of partitions which uses the same
label name, this can result in a noticeable slow-down in the (re)start of the
udevd as there are many contenders for the symlink /dev/disk/by-partlabel.
However it's currently pretty hard to overwrite just some specific part of the
rule file. Indeed one need to copy and modify the whole rule file in /etc but
will lost any upcoming updates/fixes that the distro might release in the
future.
With this simple patch, one can now disable the generation of the
"by-partlabel" symlinks (for example) with the following single rule:
projects / thirdparty / systemd.git / log
