- Change source to the openSUSE project

- Remove patches (merged) + fix-bsc1230316-make-pcr4-hard-requirement.patch + fix-bsc1230316-predict-sbatlevelrt.patch + fix-bsc1230316-predict-sbatlevelrt-sb-off.patch + fix_efi_measure_and_shim.patch + fix-event-reshash-for-cryptouuid.patch + fix_grub_bls_cmdline.patch + fix_grub_bls_entry.patch + fix_loader_conf.patch + fix-testcase-empty-efi-variables.patch + support-ecc-srk.patch OBS-URL: https://build.opensuse.org/package/show/Base:System/pcr-oracle?expand=0&rev=42
2025-04-01 20:04:06 +00:00
commit 8a0f76e4e3
17 changed files with 2407 additions and 0 deletions
--- a/fix_loader_conf.patch
+++ b/fix_loader_conf.patch
@@ -0,0 +1,79 @@
+From c2453df75ecdbc547e4637268dccde5cdc012881 Mon Sep 17 00:00:00 2001
+From: Alberto Planas <aplanas@suse.com>
+Date: Tue, 20 Feb 2024 19:12:08 +0100
+Subject: [PATCH] Measure systemd-boot loader.conf
+
+Since systemd-boot v255 the /loader/loader.conf file can be measured
+under a EV_EVENT_TAG event in PCR#5.
+
+This commit measure the file in the ESP.
+
+Fix #49
+
+Signed-off-by: Alberto Planas <aplanas@suse.com>
+---
+ src/eventlog.c | 18 ++++++++++++++++++
+ src/eventlog.h |  7 +++++--
+ 2 files changed, 23 insertions(+), 2 deletions(-)
+
+diff --git a/src/eventlog.c b/src/eventlog.c
+index 4277d42..2e29b0e 100644
+--- a/src/eventlog.c
+++ b/src/eventlog.c
+@@ -842,6 +842,19 @@ __tpm_event_tag_destroy(tpm_parsed_event_t *parsed)
+ {
+ }
+ 
+static const char *
+__tpm_event_tag_loader_conf_describe(const tpm_parsed_event_t *parsed)
+{
+	return "/loader/loader.conf (measured by systemd-boot)";
+}
+
+static const tpm_evdigest_t *
+__tpm_event_tag_loader_conf_rehash(const tpm_event_t *ev, const tpm_parsed_event_t *parsed, tpm_event_log_rehash_ctx_t *ctx)
+{
+	debug("  re-hashing /loader/loader.conf");
+	return runtime_digest_efi_file(ctx->algo, "/loader/loader.conf");
+}
+
+ static const char *
+ __tpm_event_tag_options_describe(const tpm_parsed_event_t *parsed)
+ {
+@@ -880,6 +893,7 @@ __tpm_event_tag_initrd_rehash(const tpm_event_t *ev, const tpm_parsed_event_t *p
+ }
+ 
+ /*
+ * Generated by systemd-boot (PCR#5), to measure loader.conf
+  * Generated by the kernel (PCR#9), to measure the cmdline and initrd
+  */
+ static bool
+@@ -900,6 +914,10 @@ __tpm_event_parse_tag(tpm_event_t *ev, tpm_parsed_event_t *parsed, buffer_t *bp)
+ 		return false;
+ 
+ 	parsed->destroy = __tpm_event_tag_destroy;
+	if (evspec->event_id == LOADER_CONF_EVENT_TAG_ID) {
+		parsed->rehash = __tpm_event_tag_loader_conf_rehash;
+		parsed->describe = __tpm_event_tag_loader_conf_describe;
+	} else
+ 	if (evspec->event_id == LOAD_OPTIONS_EVENT_TAG_ID) {
+ 		parsed->rehash = __tpm_event_tag_options_rehash;
+ 		parsed->describe = __tpm_event_tag_options_describe;
+diff --git a/src/eventlog.h b/src/eventlog.h
+index 3741b58..d78e3da 100644
+--- a/src/eventlog.h
+++ b/src/eventlog.h
+@@ -96,8 +96,11 @@ enum {
+ };
+ 
+ enum {
+-	LOAD_OPTIONS_EVENT_TAG_ID	     = 0x8F3B22EDU,
+-	INITRD_EVENT_TAG_ID		     = 0x8F3B22ECU,
+	/* systemd-boot */
+	LOADER_CONF_EVENT_TAG_ID             = 0xF5BC582A,
+	/* kernel */
+	LOAD_OPTIONS_EVENT_TAG_ID	     = 0x8F3B22ED,
+	INITRD_EVENT_TAG_ID		     = 0x8F3B22EC,
+ };
+ 
+ #define EFI_DEVICE_PATH_MAX		16