From 763028a16cb54582823fedaba5d3ba8432e1c0ed Mon Sep 17 00:00:00 2001
From: anonymix007 <48598263+anonymix007@users.noreply.github.com>
Date: Wed, 4 Sep 2024 14:40:18 +0300
Subject: [PATCH] measure: introduce support for a .hwids section
---
man/systemd-measure.xml | 5 +++--
src/boot/measure.c | 5 ++++-
src/fundamental/uki.c | 1 +
src/fundamental/uki.h | 1 +
4 files changed, 9 insertions(+), 3 deletions(-)
diff --git a/man/systemd-measure.xml b/man/systemd-measure.xml
index 71983ffe00..a21b2dcecc 100644
--- a/man/systemd-measure.xml
+++ b/man/systemd-measure.xml
@@ -77,7 +77,7 @@
, , ,
, , ,
, , ,
- , see below. Only is mandatory. (Alternatively,
+ , , see below. Only is mandatory. (Alternatively,
specify to use the current values of PCR register 11 instead.)
@@ -125,6 +125,7 @@
+
When used with the calculate or sign verb,
configures the files to read the unified kernel image components from. Each option corresponds with
@@ -134,7 +135,7 @@
- With the exception of , which has been added in version
+ With the exception of and , which have been added in version
257.
diff --git a/src/boot/measure.c b/src/boot/measure.c
index 3c409f8bd9..65fe2c7cdf 100644
--- a/src/boot/measure.c
+++ b/src/boot/measure.c
@@ -103,6 +103,7 @@ static int help(int argc, char *argv[], void *userdata) {
" --sbat=PATH Path to SBAT file %7$s .sbat\n"
" --pcrpkey=PATH Path to public key for PCR signatures %7$s .pcrpkey\n"
" --profile=PATH Path to profile file %7$s .profile\n"
+ " --hwids=PATH Path to HWIDs file %7$s .hwids\n"
"\nSee the %2$s for details.\n",
program_invocation_short_name,
link,
@@ -146,8 +147,9 @@ static int parse_argv(int argc, char *argv[]) {
ARG_SBAT,
_ARG_PCRSIG, /* the .pcrsig section is not input for signing, hence not actually an argument here */
ARG_PCRPKEY,
+ ARG_PROFILE,
_ARG_SECTION_LAST,
- ARG_PROFILE = _ARG_SECTION_LAST,
+ ARG_HWIDS = _ARG_SECTION_LAST,
ARG_BANK,
ARG_PRIVATE_KEY,
ARG_PRIVATE_KEY_SOURCE,
@@ -174,6 +176,7 @@ static int parse_argv(int argc, char *argv[]) {
{ "sbat", required_argument, NULL, ARG_SBAT },
{ "pcrpkey", required_argument, NULL, ARG_PCRPKEY },
{ "profile", required_argument, NULL, ARG_PROFILE },
+ { "hwids", required_argument, NULL, ARG_HWIDS },
{ "current", no_argument, NULL, 'c' },
{ "bank", required_argument, NULL, ARG_BANK },
{ "tpm2-device", required_argument, NULL, ARG_TPM2_DEVICE },
diff --git a/src/fundamental/uki.c b/src/fundamental/uki.c
index da5da1cf10..bb4f6e480d 100644
--- a/src/fundamental/uki.c
+++ b/src/fundamental/uki.c
@@ -21,5 +21,6 @@ const char* const unified_sections[_UNIFIED_SECTION_MAX + 1] = {
[UNIFIED_SECTION_PCRSIG] = ".pcrsig",
[UNIFIED_SECTION_PCRPKEY] = ".pcrpkey",
[UNIFIED_SECTION_PROFILE] = ".profile",
+ [UNIFIED_SECTION_HWIDS] = ".hwids",
NULL,
};
diff --git a/src/fundamental/uki.h b/src/fundamental/uki.h
index e7c59100e1..fe5a08bf7c 100644
--- a/src/fundamental/uki.h
+++ b/src/fundamental/uki.h
@@ -18,6 +18,7 @@ typedef enum UnifiedSection {
UNIFIED_SECTION_PCRSIG,
UNIFIED_SECTION_PCRPKEY,
UNIFIED_SECTION_PROFILE,
+ UNIFIED_SECTION_HWIDS,
_UNIFIED_SECTION_MAX,
} UnifiedSection;