From 46c5a1383a1b269edc7304bc9fe44e2600b431de Mon Sep 17 00:00:00 2001 From: Lennart Poettering Date: Thu, 24 Aug 2023 11:22:01 +0200 Subject: [PATCH] fundemental: split out UKI defines into its own header The UKI sections have little to do with the PCRs, hence give them their own header. --- src/boot/efi/stub.c | 1 + src/boot/measure.c | 1 + src/fundamental/meson.build | 2 +- src/fundamental/tpm-pcr.h | 24 ------------------------ src/fundamental/{tpm-pcr.c => uki.c} | 2 +- src/fundamental/uki.h | 28 ++++++++++++++++++++++++++++ 6 files changed, 32 insertions(+), 26 deletions(-) rename src/fundamental/{tpm-pcr.c => uki.c} (96%) create mode 100644 src/fundamental/uki.h diff --git a/src/boot/efi/stub.c b/src/boot/efi/stub.c index c2eb81d92b4..8d3a10601f8 100644 --- a/src/boot/efi/stub.c +++ b/src/boot/efi/stub.c @@ -14,6 +14,7 @@ #include "shim.h" #include "splash.h" #include "tpm-pcr.h" +#include "uki.h" #include "util.h" #include "version.h" #include "vmm.h" diff --git a/src/boot/measure.c b/src/boot/measure.c index 393d8dab11f..abd562f72e9 100644 --- a/src/boot/measure.c +++ b/src/boot/measure.c @@ -20,6 +20,7 @@ #include "terminal-util.h" #include "tpm-pcr.h" #include "tpm2-util.h" +#include "uki.h" #include "verbs.h" /* Tool for pre-calculating expected TPM PCR values based on measured resources. This is intended to be used diff --git a/src/fundamental/meson.build b/src/fundamental/meson.build index a55a5faa53f..b7ca6cf10ee 100644 --- a/src/fundamental/meson.build +++ b/src/fundamental/meson.build @@ -7,5 +7,5 @@ fundamental_sources = files( 'efivars-fundamental.c', 'sha256.c', 'string-util-fundamental.c', - 'tpm-pcr.c', + 'uki.c', ) diff --git a/src/fundamental/tpm-pcr.h b/src/fundamental/tpm-pcr.h index cb786e95981..57befdf83b1 100644 --- a/src/fundamental/tpm-pcr.h +++ b/src/fundamental/tpm-pcr.h @@ -43,27 +43,3 @@ enum { TPM2_PCR_DEBUG = 16, TPM2_PCR_APPLICATION_SUPPORT = 23, }; - -/* List of PE sections that have special meaning for us in unified kernels. This is the canonical order in - * which we measure the sections into TPM PCR 11 (see above). PLEASE DO NOT REORDER! */ -typedef enum UnifiedSection { - UNIFIED_SECTION_LINUX, - UNIFIED_SECTION_OSREL, - UNIFIED_SECTION_CMDLINE, - UNIFIED_SECTION_INITRD, - UNIFIED_SECTION_SPLASH, - UNIFIED_SECTION_DTB, - UNIFIED_SECTION_UNAME, - UNIFIED_SECTION_SBAT, - UNIFIED_SECTION_PCRSIG, - UNIFIED_SECTION_PCRPKEY, - _UNIFIED_SECTION_MAX, -} UnifiedSection; - -extern const char* const unified_sections[_UNIFIED_SECTION_MAX + 1]; - -static inline bool unified_section_measure(UnifiedSection section) { - /* Don't include the PCR signature in the PCR measurements, since they sign the expected result of - * the measurement, and hence shouldn't be input to it. */ - return section >= 0 && section < _UNIFIED_SECTION_MAX && section != UNIFIED_SECTION_PCRSIG; -} diff --git a/src/fundamental/tpm-pcr.c b/src/fundamental/uki.c similarity index 96% rename from src/fundamental/tpm-pcr.c rename to src/fundamental/uki.c index 2f7e9b428d4..ec37d74e035 100644 --- a/src/fundamental/tpm-pcr.c +++ b/src/fundamental/uki.c @@ -2,7 +2,7 @@ #include -#include "tpm-pcr.h" +#include "uki.h" const char* const unified_sections[_UNIFIED_SECTION_MAX + 1] = { [UNIFIED_SECTION_LINUX] = ".linux", diff --git a/src/fundamental/uki.h b/src/fundamental/uki.h new file mode 100644 index 00000000000..ffa960f01b4 --- /dev/null +++ b/src/fundamental/uki.h @@ -0,0 +1,28 @@ +/* SPDX-License-Identifier: LGPL-2.1-or-later */ +#pragma once + +#include "macro-fundamental.h" + +/* List of PE sections that have special meaning for us in unified kernels. This is the canonical order in + * which we measure the sections into TPM PCR 11. PLEASE DO NOT REORDER! */ +typedef enum UnifiedSection { + UNIFIED_SECTION_LINUX, + UNIFIED_SECTION_OSREL, + UNIFIED_SECTION_CMDLINE, + UNIFIED_SECTION_INITRD, + UNIFIED_SECTION_SPLASH, + UNIFIED_SECTION_DTB, + UNIFIED_SECTION_UNAME, + UNIFIED_SECTION_SBAT, + UNIFIED_SECTION_PCRSIG, + UNIFIED_SECTION_PCRPKEY, + _UNIFIED_SECTION_MAX, +} UnifiedSection; + +extern const char* const unified_sections[_UNIFIED_SECTION_MAX + 1]; + +static inline bool unified_section_measure(UnifiedSection section) { + /* Don't include the PCR signature in the PCR measurements, since they sign the expected result of + * the measurement, and hence shouldn't be input to it. */ + return section >= 0 && section < _UNIFIED_SECTION_MAX && section != UNIFIED_SECTION_PCRSIG; +}