mirror of
https://github.com/systemd/systemd.git
synced 2024-12-22 17:35:35 +03:00
measure: introduce support for a new ".profile" section
This introduces the concept, and makes sure systemd-measure covers it. See a later commit for details on the new section.
This commit is contained in:
parent
c334b9912a
commit
0f0bed8be6
@ -76,9 +76,9 @@
|
||||
kernel image consisting of the components specified with <option>--linux=</option>,
|
||||
<option>--osrel=</option>, <option>--cmdline=</option>, <option>--initrd=</option>,
|
||||
<option>--ucode=</option>, <option>--splash=</option>, <option>--dtb=</option>,
|
||||
<option>--uname=</option>, <option>--sbat=</option>, <option>--pcrpkey=</option> see below. Only
|
||||
<option>--linux=</option> is mandatory. (Alternatively, specify <option>--current</option> to use the
|
||||
current values of PCR register 11 instead.)</para>
|
||||
<option>--uname=</option>, <option>--sbat=</option>, <option>--pcrpkey=</option>,
|
||||
<option>--profile=</option>, see below. Only <option>--linux=</option> is mandatory. (Alternatively,
|
||||
specify <option>--current</option> to use the current values of PCR register 11 instead.)</para>
|
||||
|
||||
<xi:include href="version-info.xml" xpointer="v252"/>
|
||||
</listitem>
|
||||
@ -124,6 +124,7 @@
|
||||
<term><option>--uname=<replaceable>PATH</replaceable></option></term>
|
||||
<term><option>--sbat=<replaceable>PATH</replaceable></option></term>
|
||||
<term><option>--pcrpkey=<replaceable>PATH</replaceable></option></term>
|
||||
<term><option>--profile=<replaceable>PATH</replaceable></option></term>
|
||||
|
||||
<listitem><para>When used with the <command>calculate</command> or <command>sign</command> verb,
|
||||
configures the files to read the unified kernel image components from. Each option corresponds with
|
||||
@ -131,7 +132,10 @@
|
||||
the path to the ELF kernel file that the unified PE kernel will wrap. All switches except
|
||||
<option>--linux=</option> are optional. Each option may be used at most once.</para>
|
||||
|
||||
<xi:include href="version-info.xml" xpointer="v252"/></listitem>
|
||||
<xi:include href="version-info.xml" xpointer="v252"/>
|
||||
|
||||
<para id="v257">With the exception of <option>--profile=</option>, which has been added in version
|
||||
257.</para></listitem>
|
||||
</varlistentry>
|
||||
|
||||
<varlistentry>
|
||||
|
@ -100,6 +100,7 @@ static int help(int argc, char *argv[], void *userdata) {
|
||||
" --uname=PATH Path to 'uname -r' file %7$s .uname\n"
|
||||
" --sbat=PATH Path to SBAT file %7$s .sbat\n"
|
||||
" --pcrpkey=PATH Path to public key for PCR signatures %7$s .pcrpkey\n"
|
||||
" --profile=PATH Path to profile file %7$s .profile\n"
|
||||
"\nSee the %2$s for details.\n",
|
||||
program_invocation_short_name,
|
||||
link,
|
||||
@ -142,8 +143,9 @@ static int parse_argv(int argc, char *argv[]) {
|
||||
ARG_UNAME,
|
||||
ARG_SBAT,
|
||||
_ARG_PCRSIG, /* the .pcrsig section is not input for signing, hence not actually an argument here */
|
||||
ARG_PCRPKEY,
|
||||
_ARG_SECTION_LAST,
|
||||
ARG_PCRPKEY = _ARG_SECTION_LAST,
|
||||
ARG_PROFILE = _ARG_SECTION_LAST,
|
||||
ARG_BANK,
|
||||
ARG_PRIVATE_KEY,
|
||||
ARG_PRIVATE_KEY_SOURCE,
|
||||
@ -169,6 +171,7 @@ static int parse_argv(int argc, char *argv[]) {
|
||||
{ "uname", required_argument, NULL, ARG_UNAME },
|
||||
{ "sbat", required_argument, NULL, ARG_SBAT },
|
||||
{ "pcrpkey", required_argument, NULL, ARG_PCRPKEY },
|
||||
{ "profile", required_argument, NULL, ARG_PROFILE },
|
||||
{ "current", no_argument, NULL, 'c' },
|
||||
{ "bank", required_argument, NULL, ARG_BANK },
|
||||
{ "tpm2-device", required_argument, NULL, ARG_TPM2_DEVICE },
|
||||
@ -188,7 +191,7 @@ static int parse_argv(int argc, char *argv[]) {
|
||||
assert(argv);
|
||||
|
||||
/* Make sure the arguments list and the section list, stays in sync */
|
||||
//assert_cc(_ARG_SECTION_FIRST + _UNIFIED_SECTION_MAX == _ARG_SECTION_LAST + 1);
|
||||
assert_cc(_ARG_SECTION_FIRST + _UNIFIED_SECTION_MAX == _ARG_SECTION_LAST + 1);
|
||||
|
||||
while ((c = getopt_long(argc, argv, "hjc", options, NULL)) >= 0)
|
||||
switch (c) {
|
||||
|
@ -568,3 +568,4 @@ file-hierarchy.xml /refsect1[title="Home Directory"]/variablelist/varlistentry[t
|
||||
file-hierarchy.xml /refsect1[title="Home Directory"]/variablelist/varlistentry[term="~/.local/lib/arch-id/"]
|
||||
file-hierarchy.xml /refsect1[title="Home Directory"]/variablelist/varlistentry[term="~/.local/share/"]
|
||||
file-hierarchy.xml /refsect1[title="Home Directory"]/variablelist/varlistentry[term="~/.local/state/"]
|
||||
systemd-measure.xml /refsect1[title="Options"]/variablelist/varlistentry[term="--linux=PATH"]
|
||||
|
Loading…
Reference in New Issue
Block a user