shaba/systemd
1
0
Fork 0
mirror of https://github.com/systemd/systemd.git synced 2025-01-05 13:18:06 +03:00
Code
The systemd System and Service Manager
70,551 Commits 4 Branches 398 Tags 552 MiB
C 89.2%
Python 5.3%
Shell 4.1%
Meson 1.2%
7ff0e0a5e0
Go to file
Mikko Ylinen 7ff0e0a5e0 efi: Add EFI CC measurement protocol to stub 
In confidential computing, a virtual firmware may support measurement and
event log based upon the hardware Trusted Execution Environment (TEE)
capability.

The UEFI specification defines an interface between the virtual guest OS
and virtual firmware as EFI_CC_MEASUREMENT_PROTOCOL. The (vendor specific)
measurements are captured in the CC eventlog that follows the TCG2 format.

OVMF virtual firmware has the EFI_CC_MEASUREMENT_PROTOCOL support for
Intel Trust Domain Extensions (TDX). Intel TDX has 4 runtime measurement
registers (RTMR) defined as:

RTMR[0] for TDVF configuration
RTMR[1] for the TD OS loader and kernel
RTMR[2] for the OS application
RTMR[3] reserved for special usage only

The RTMR to PCR mappings are defined in the UEFI Spec 2.10 Section 38.4.1
as follows:

TPM PCR Index | CC Measurement Register Index | TDX-measurement register
------------------------------------------------------------------------
0             |   0                           |   MRTD
1, 7          |   1                           |   RTMR[0]
2-6           |   2                           |   RTMR[1]
8-15          |   3                           |   RTMR[2]

The CC measurement eventlog is currently exposed as a raw CCEL ACPI table
by the guest OS and the events can be replayed to check log matches with
the RTMR values.

Add EFI CC measurement protocol to stub to get the UKI components measured
and included in the remote attestation reports when vTPMs are not available.
2024-01-24 21:30:12 +00:00
.clusterfuzzlite ci: unpin CFLite 2022-04-26 09:13:57 +00:00
.github Merge pull request #30972 from mrc0mmand/ci-unit-tests-ukify 2024-01-17 11:46:45 +00:00
.semaphore test: use 'until' instead of 'while !' 2023-09-06 19:54:29 +01:00
catalog portable: log structured message when attach/detach succeeds 2024-01-19 17:03:04 +01:00
coccinelle cocci: merge mfree.cocci and mfree_return.cocci (#30838) 2024-01-09 12:24:37 +09:00
docs Remove a few references to dracut 2024-01-24 17:54:38 +01:00
factory man: don't suggest using pam_unix.so's use_authtok switch 2024-01-17 23:59:05 +00:00
hwdb.d hwdb: ieee1394-unit-function: adjustment of entries with device attributes available in Linux v6.8 2024-01-24 19:37:09 +09:00
LICENSES LICENSES/README.md: fix syntax 2023-07-08 22:33:53 +00:00
man Make RestartPreventExitStatus= documentation resemble SuccessExitStatus= 2024-01-24 18:00:53 +01:00
mime mime: also add magic-based mime type rules for our other binary files 2024-01-17 22:52:19 +01:00
mkosi.conf.d Update to mkosi v19 2023-11-28 19:54:58 +01:00
mkosi.images mkosi: install libip4tc2 in debian/ubuntu 2024-01-24 19:58:07 +00:00
modprobe.d modprobe: set 'ifb numifbs=0' to avoid autocreating ifb0 2024-01-12 23:24:54 +00:00
network network: fix 6rd tunnel link section name 2024-01-12 21:42:04 +00:00
po po: Translated using Weblate (Indonesian) 2024-01-22 10:15:22 +01:00
presets preset: add some alphabetical sorting 2024-01-23 19:57:23 +00:00
rules.d Fix systemd-backlight ignoring numbered kbd_backlight entries 2024-01-22 22:03:35 +00:00
shell-completion nspawn: optionally tint the background color of a container 2024-01-23 16:45:37 +01:00
src efi: Add EFI CC measurement protocol to stub 2024-01-24 21:30:12 +00:00
sysctl.d sysctl.d: Fix pid_max comment 2023-10-31 13:07:49 +01:00
sysusers.d Revert "sysusers.d: create the user for systemd-journal-upload.service" 2023-12-04 19:44:10 +01:00
test Merge pull request #31003 from enr0n/skip-test-when-apparmor-restricts-userns 2024-01-24 09:58:07 +01:00
tmpfiles.d ssh-proxy: add ssh ProxyCommand tool that can connect to AF_UNIX + AF_VSOCK sockets 2024-01-11 16:05:20 +01:00
tools man: suffix signals with () 2024-01-23 16:27:50 +01:00
units unit: systemd-creds.socket is statically enabled, hence drop [Install] 2024-01-24 01:31:13 +08:00
xorg xorg/50-systemd-user: add a full license header 2021-10-01 14:45:00 +02:00
.clang-format clang-format: Adjust style of pointers 2022-05-30 04:00:54 +09:00
.ctags editors: Prevent ctags from following symlinks 2019-02-15 11:01:20 -08:00
.dir-locals.el scripts: use 4 space indentation 2019-04-12 08:30:31 +02:00
.editorconfig editorconfig: add NEWS whitespace configuration 2023-10-26 22:41:03 +01:00
.gitattributes Mark all base64 files as generated 2023-08-16 12:49:45 +02:00
.gitignore Update to mkosi v19 2023-11-28 19:54:58 +01:00
.mailmap mailmap: "reduce contributor count by 13" 2023-08-16 12:49:42 +02:00
.packit.yml packit: use the closest matching tag for the checked out revision 2024-01-23 18:15:13 +01:00
.pylintrc Add .pylintrc to globally suppress warnings we don't really care about 2023-08-10 18:13:29 +02:00
.vimrc vimrc: explicitly set shiftwidth for the C file type 2023-09-18 13:11:45 +02:00
.ycm_extra_conf.py ycm: add doc string for all the functions in configuration file 2017-11-29 13:21:49 -07:00
configure configure: update meson invocation 2023-07-29 14:08:06 +02:00
LICENSE.GPL2 relicense to LGPLv2.1 (with exceptions) 2012-04-12 00:24:39 +02:00
LICENSE.LGPL2.1 licence: remove references to old FSF address 2012-12-17 11:41:31 +01:00
Makefile tree-wide: add spdx header on all scripts and helpers 2021-01-28 09:55:35 +01:00
meson_options.txt ssh-proxy: add ssh ProxyCommand tool that can connect to AF_UNIX + AF_VSOCK sockets 2024-01-11 16:05:20 +01:00
meson.build meson: disable -Wnonnull-compare 2024-01-17 12:45:39 +01:00
mkosi.conf mkosi: Build a directory image by default 2024-01-12 16:19:48 +01:00
mkosi.kernel.config mkosi: Don't disable CONFIG_USB 2023-09-06 12:58:30 +02:00
NEWS networkd: support proxy_arp_pvlan sysctl 2023-12-24 03:40:03 +09:00
README Remove a few references to dracut 2024-01-24 17:54:38 +01:00
README.md README.md: irc:// URLs are not rendered as links by markdown on Github 2023-12-06 22:23:16 +01:00
TODO update TODO 2024-01-11 22:44:13 +01:00

README.md

Systemd

System and Service Manager

Semaphore CI 2.0 Build Status
Coverity Scan Status
OSS-Fuzz Status
CIFuzz
CII Best Practices
CentOS CI - CentOS 8
CentOS CI - Arch
CentOS CI - Arch (sanitizers)
Fossies codespell report
Weblate
Coverage Status
Packaging status
OpenSSF Scorecard

Details

Most documentation is available on systemd's web site.

Assorted, older, general information about systemd can be found in the systemd Wiki.

Information about build requirements is provided in the README file.

Consult our NEWS file for information about what's new in the most recent systemd versions.

Please see the Code Map for information about this repository's layout and content.

Please see the Hacking guide for information on how to hack on systemd and test your modifications.

Please see our Contribution Guidelines for more information about filing GitHub Issues and posting GitHub Pull Requests.

When preparing patches for systemd, please follow our Coding Style Guidelines.

If you are looking for support, please contact our mailing list, join our IRC channel #systemd on libera.chat or Matrix channel

Stable branches with backported patches are available in the stable repo.