From 86dc140b9fe632aff129be91d54877a857dc8db5 Mon Sep 17 00:00:00 2001 From: Lennart Poettering Date: Thu, 13 Nov 2025 14:46:24 +0100 Subject: [PATCH] pcrextend: allow setting the event type for the event log on the command line This makes the tool more powerful as we can invoke it for any type of measurement correctly --- man/systemd-pcrphase.service.xml | 11 +++++++++++ src/pcrextend/pcrextend.c | 20 +++++++++++++++++++- 2 files changed, 30 insertions(+), 1 deletion(-) diff --git a/man/systemd-pcrphase.service.xml b/man/systemd-pcrphase.service.xml index b95007dfcba..7832e10f85a 100644 --- a/man/systemd-pcrphase.service.xml +++ b/man/systemd-pcrphase.service.xml @@ -240,6 +240,17 @@ + + + + Set the event log event type for this measurement. Pass help for a + list of currently defined identifiers. Defaults to an appropriate value for + , , , and + otherwise to phase. + + + + diff --git a/src/pcrextend/pcrextend.c b/src/pcrextend/pcrextend.c index 18d51ca2144..7af7d3211e7 100644 --- a/src/pcrextend/pcrextend.c +++ b/src/pcrextend/pcrextend.c @@ -15,6 +15,7 @@ #include "parse-argument.h" #include "pcrextend-util.h" #include "pretty-print.h" +#include "string-table.h" #include "string-util.h" #include "strv.h" #include "tpm2-pcr.h" @@ -32,6 +33,7 @@ static unsigned arg_pcr_index = UINT_MAX; static char *arg_nvpcr_name = NULL; static bool arg_varlink = false; static bool arg_early = false; +static Tpm2UserspaceEventType arg_event_type = _TPM2_USERSPACE_EVENT_TYPE_INVALID; STATIC_DESTRUCTOR_REGISTER(arg_banks, strv_freep); STATIC_DESTRUCTOR_REGISTER(arg_tpm2_device, freep); @@ -65,6 +67,7 @@ static int help(int argc, char *argv[], void *userdata) { " --machine-id Measure machine ID into PCR 15\n" " --product-id Measure SMBIOS product ID into NvPCR 'hardware'\n" " --early Run in early boot mode, without access to /var/\n" + " --event-type=TYPE Event type to include in the event log\n" "\nSee the %2$s for details.\n", program_invocation_short_name, link, @@ -88,6 +91,7 @@ static int parse_argv(int argc, char *argv[]) { ARG_MACHINE_ID, ARG_PRODUCT_ID, ARG_EARLY, + ARG_EVENT_TYPE, }; static const struct option options[] = { @@ -102,6 +106,7 @@ static int parse_argv(int argc, char *argv[]) { { "machine-id", no_argument, NULL, ARG_MACHINE_ID }, { "product-id", no_argument, NULL, ARG_PRODUCT_ID }, { "early", no_argument, NULL, ARG_EARLY }, + { "event-type", required_argument, NULL, ARG_EVENT_TYPE }, {} }; @@ -189,6 +194,15 @@ static int parse_argv(int argc, char *argv[]) { arg_early = true; break; + case ARG_EVENT_TYPE: + if (streq(optarg, "help")) + return DUMP_STRING_TABLE(tpm2_userspace_event_type, Tpm2UserspaceEventType, _TPM2_USERSPACE_EVENT_TYPE_MAX); + + arg_event_type = tpm2_userspace_event_type_from_string(optarg); + if (arg_event_type < 0) + return log_error_errno(arg_event_type, "Failed to parse --event-type= argument: %s", optarg); + break; + case '?': return -EINVAL; @@ -446,7 +460,7 @@ static int vl_server(void) { static int run(int argc, char *argv[]) { _cleanup_free_ char *word = NULL; - Tpm2UserspaceEventType event; + Tpm2UserspaceEventType event = _TPM2_USERSPACE_EVENT_TYPE_INVALID; int r; log_setup(); @@ -506,6 +520,10 @@ static int run(int argc, char *argv[]) { event = TPM2_EVENT_PHASE; } + /* Override with explicitly configured event type */ + if (arg_event_type >= 0) + event = arg_event_type; + if (arg_graceful && !tpm2_is_fully_supported()) { log_notice("No complete TPM2 support detected, exiting gracefully."); return EXIT_SUCCESS; -- 2.47.3