morgan/systemd
1
0
Fork 0
mirror of https://github.com/morgan9e/systemd synced 2026-04-14 08:25:20 +09:00
Code Issues Packages Projects Releases Wiki Activity

pcrextend: allow setting the event type for the event log on the command line

Browse Source 
This makes the tool more powerful as we can invoke it for any type of
measurement correctly
This commit is contained in:
Lennart Poettering
2025-11-13 14:46:24 +01:00
parent d70296bb56
commit 86dc140b9f
2 changed files with 30 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

11
man/systemd-pcrphase.service.xml
View File

@@ -240,6 +240,17 @@
<xi:include href="version-info.xml" xpointer="v253"/></listitem>
</varlistentry>
<varlistentry>
<term><option>--event-type=</option></term>
<listitem><para>Set the event log event type for this measurement. Pass <literal>help</literal> for a
list of currently defined identifiers. Defaults to an appropriate value for
<option>--machine-id</option>, <option>--product-id</option>, <option>--file-system=</option>, and
otherwise to <literal>phase</literal>.</para>
<xi:include href="version-info.xml" xpointer="v259"/></listitem>
</varlistentry>
<xi:include href="standard-options.xml" xpointer="help" />
<xi:include href="standard-options.xml" xpointer="version" />

20
src/pcrextend/pcrextend.c
View File

@@ -15,6 +15,7 @@
#include "parse-argument.h"
#include "pcrextend-util.h"
#include "pretty-print.h"
#include "string-table.h"
#include "string-util.h"
#include "strv.h"
#include "tpm2-pcr.h"
@@ -32,6 +33,7 @@ static unsigned arg_pcr_index = UINT_MAX;
static char *arg_nvpcr_name = NULL;
static bool arg_varlink = false;
static bool arg_early = false;
static Tpm2UserspaceEventType arg_event_type = _TPM2_USERSPACE_EVENT_TYPE_INVALID;
STATIC_DESTRUCTOR_REGISTER(arg_banks, strv_freep);
STATIC_DESTRUCTOR_REGISTER(arg_tpm2_device, freep);
@@ -65,6 +67,7 @@ static int help(int argc, char *argv[], void *userdata) {
" --machine-id Measure machine ID into PCR 15\n"
" --product-id Measure SMBIOS product ID into NvPCR 'hardware'\n"
" --early Run in early boot mode, without access to /var/\n"
" --event-type=TYPE Event type to include in the event log\n"
"\nSee the %2$s for details.\n",
program_invocation_short_name,
link,
@@ -88,6 +91,7 @@ static int parse_argv(int argc, char *argv[]) {
ARG_MACHINE_ID,
ARG_PRODUCT_ID,
ARG_EARLY,
ARG_EVENT_TYPE,
};
static const struct option options[] = {
@@ -102,6 +106,7 @@ static int parse_argv(int argc, char *argv[]) {
{ "machine-id", no_argument, NULL, ARG_MACHINE_ID },
{ "product-id", no_argument, NULL, ARG_PRODUCT_ID },
{ "early", no_argument, NULL, ARG_EARLY },
{ "event-type", required_argument, NULL, ARG_EVENT_TYPE },
{}
};
@@ -189,6 +194,15 @@ static int parse_argv(int argc, char *argv[]) {
arg_early = true;
break;
case ARG_EVENT_TYPE:
if (streq(optarg, "help"))
return DUMP_STRING_TABLE(tpm2_userspace_event_type, Tpm2UserspaceEventType, _TPM2_USERSPACE_EVENT_TYPE_MAX);
arg_event_type = tpm2_userspace_event_type_from_string(optarg);
if (arg_event_type < 0)
return log_error_errno(arg_event_type, "Failed to parse --event-type= argument: %s", optarg);
break;
case '?':
return -EINVAL;
@@ -446,7 +460,7 @@ static int vl_server(void) {
static int run(int argc, char *argv[]) {
_cleanup_free_ char *word = NULL;
Tpm2UserspaceEventType event;
Tpm2UserspaceEventType event = _TPM2_USERSPACE_EVENT_TYPE_INVALID;
int r;
log_setup();
@@ -506,6 +520,10 @@ static int run(int argc, char *argv[]) {
event = TPM2_EVENT_PHASE;
}
/* Override with explicitly configured event type */
if (arg_event_type >= 0)
event = arg_event_type;
if (arg_graceful && !tpm2_is_fully_supported()) {
log_notice("No complete TPM2 support detected, exiting gracefully.");
return EXIT_SUCCESS;