Accepting request 1152283 from home:aplanas:branches:Base:System

- Remove fix_efi_measure.patch - Add fix_efi_measure_and_shim.patch (bsc#1219807) OBS-URL: https://build.opensuse.org/request/show/1152283 OBS-URL: https://build.opensuse.org/package/show/Base:System/pcr-oracle?expand=0&rev=25
2024-03-01 13:08:43 +00:00 · 2024-03-01 13:08:43 +00:00 · 9228f7c5da
commit 9228f7c5da
parent d02e4f852b
4 changed files with 421 additions and 215 deletions
--- a/fix_efi_measure.patch
+++ b/fix_efi_measure.patch
@ -1,213 +0,0 @@
-From 9489d98463a596ec8e4ba9f1f4a2b2af91c0968b Mon Sep 17 00:00:00 2001
-From: Alberto Planas <aplanas@suse.com>
-Date: Wed, 10 Jan 2024 15:32:07 +0100
-Subject: [PATCH 1/6] Print the measured kernel
-
-The debug output can be missleading, as print information about the
-current event log, but not about the measured element, that can be
-different as in the kernel case.
-
-Signed-off-by: Alberto Planas <aplanas@suse.com>
---
- src/efi-application.c | 6 ++++++
- 1 file changed, 6 insertions(+)
-
-diff --git a/src/efi-application.c b/src/efi-application.c
-index 3e80083..2fd33ec 100644
--- a/src/efi-application.c
-+++ b/src/efi-application.c
-@@ -292,6 +292,12 @@ __tpm_event_efi_bsa_rehash(const tpm_event_t *ev, const tpm_parsed_event_t *pars
- 
- 	/* The next boot can have a different kernel */
- 	if (sdb_is_kernel(evspec->efi_application) && ctx->boot_entry) {
-+		/* TODO: the parsed data type did not change, so all
-+		 * the description correspond to the current event
-+		 * log, and not the asset that has been measured.  The
-+		 * debug output can then be missleading.
-+		 */
-+		debug("Measuring %s\n", ctx->boot_entry->image_path);
- 		new_application = ctx->boot_entry->image_path;
- 		if (new_application) {
- 			evspec_clone = *evspec;
-
-From d8d97a3c233e326e0b1836b77fa08f483ea8f410 Mon Sep 17 00:00:00 2001
-From: Alberto Planas <aplanas@suse.com>
-Date: Wed, 10 Jan 2024 15:51:45 +0100
-Subject: [PATCH 2/6] Rename variable to cmdline
-
-Signed-off-by: Alberto Planas <aplanas@suse.com>
---
- src/eventlog.c | 15 ++++++++-------
- 1 file changed, 8 insertions(+), 7 deletions(-)
-
-diff --git a/src/eventlog.c b/src/eventlog.c
-index 4277d42..377f4d6 100644
--- a/src/eventlog.c
-+++ b/src/eventlog.c
-@@ -790,8 +790,8 @@ static const tpm_evdigest_t *
- __tpm_event_systemd_rehash(const tpm_event_t *ev, const tpm_parsed_event_t *parsed, tpm_event_log_rehash_ctx_t *ctx)
- {
- 	const uapi_boot_entry_t *boot_entry = ctx->boot_entry;
-	char initrd[2048];
-	char initrd_utf16[4096];
-+	char cmdline[2048];
-+	char cmdline_utf16[4096];
- 	unsigned int len;
- 
- 	/* If no --next-kernel option was given, do not rehash anything */
-@@ -804,15 +804,16 @@ __tpm_event_systemd_rehash(const tpm_event_t *ev, const tpm_parsed_event_t *pars
- 	}
- 
- 	debug("Next boot entry expected from: %s %s\n", boot_entry->title, boot_entry->version? : "");
-	snprintf(initrd, sizeof(initrd), "initrd=%s %s",
-+	snprintf(cmdline, sizeof(cmdline), "initrd=%s %s",
- 			path_unix2dos(boot_entry->initrd_path),
- 			boot_entry->options? : "");
-+	debug("Measuring Kernel command line: %s\n", cmdline);
- 
-	len = (strlen(initrd) + 1) << 1;
-	assert(len <= sizeof(initrd_utf16));
-	__convert_to_utf16le(initrd, strlen(initrd) + 1, initrd_utf16, len);
-+	len = (strlen(cmdline) + 1) << 1;
-+	assert(len <= sizeof(cmdline_utf16));
-+	__convert_to_utf16le(cmdline, strlen(cmdline) + 1, cmdline_utf16, len);
- 
-	return digest_compute(ctx->algo, initrd_utf16, len);
-+	return digest_compute(ctx->algo, cmdline_utf16, len);
- }
- 
- /*
-
-From 4f8e3f4760ff7fe97df1e6af569d049e30f3ee06 Mon Sep 17 00:00:00 2001
-From: Alberto Planas <aplanas@suse.com>
-Date: Wed, 10 Jan 2024 15:55:41 +0100
-Subject: [PATCH 3/6] Add debug output for initrd
-
-Signed-off-by: Alberto Planas <aplanas@suse.com>
---
- src/eventlog.c | 1 +
- 1 file changed, 1 insertion(+)
-
-diff --git a/src/eventlog.c b/src/eventlog.c
-index 377f4d6..3574a4d 100644
--- a/src/eventlog.c
-+++ b/src/eventlog.c
-@@ -877,6 +877,7 @@ __tpm_event_tag_initrd_rehash(const tpm_event_t *ev, const tpm_parsed_event_t *p
- 	}
- 
- 	debug("Next boot entry expected from: %s %s\n", boot_entry->title, boot_entry->version? : "");
-+	debug("Measuring initrd: %s\n", boot_entry->initrd_path);
- 	return runtime_digest_efi_file(ctx->algo, boot_entry->initrd_path);
- }
- 
-
-From 90ee8dab9d972b741bc0c27a04a872afbecdef82 Mon Sep 17 00:00:00 2001
-From: Alberto Planas <aplanas@suse.com>
-Date: Wed, 10 Jan 2024 18:54:04 +0100
-Subject: [PATCH 4/6] Add debug output during extension
-
-Signed-off-by: Alberto Planas <aplanas@suse.com>
---
- src/oracle.c | 1 +
- 1 file changed, 1 insertion(+)
-
-diff --git a/src/oracle.c b/src/oracle.c
-index 1cafafc..0afd910 100644
--- a/src/oracle.c
-+++ b/src/oracle.c
-@@ -366,6 +366,7 @@ pcr_bank_extend_register(tpm_pcr_bank_t *bank, unsigned int pcr_index, const tpm
- static void
- predictor_extend_hash(struct predictor *pred, unsigned int pcr_index, const tpm_evdigest_t *d)
- {
-+	debug("Extend PCR#%d: %s\n", pcr_index, digest_print(d));
- 	pcr_bank_extend_register(&pred->prediction, pcr_index, d);
- }
- 
-
-From 5133fe6f3c00a41aee362a51621a278dd472497e Mon Sep 17 00:00:00 2001
-From: Alberto Planas <aplanas@suse.com>
-Date: Thu, 11 Jan 2024 14:09:03 +0100
-Subject: [PATCH 5/6] Update the EFI image info before rehash
-
-If the new EFI image is in a new place, the image information stored in
-the parsed event should be updated, so the rehash will use this
-information instead of the one from the event log.
-
-Signed-off-by: Alberto Planas <aplanas@suse.com>
---
- src/efi-application.c | 8 ++++----
- 1 file changed, 4 insertions(+), 4 deletions(-)
-
-diff --git a/src/efi-application.c b/src/efi-application.c
-index 2fd33ec..842bca6 100644
--- a/src/efi-application.c
-+++ b/src/efi-application.c
-@@ -40,7 +40,7 @@
-  */
- static const tpm_evdigest_t *	__tpm_event_efi_bsa_rehash(const tpm_event_t *, const tpm_parsed_event_t *, tpm_event_log_rehash_ctx_t *);
- static bool			__tpm_event_efi_bsa_extract_location(tpm_parsed_event_t *parsed);
-static bool			__tpm_event_efi_bsa_inspect_image(tpm_parsed_event_t *parsed);
-+static bool			__tpm_event_efi_bsa_inspect_image(struct efi_bsa_event *evspec);
- 
- static void
- __tpm_event_efi_bsa_destroy(tpm_parsed_event_t *parsed)
-@@ -111,7 +111,7 @@ __tpm_event_parse_efi_bsa(tpm_event_t *ev, tpm_parsed_event_t *parsed, buffer_t
- 			assign_string(&ctx->efi_partition, evspec->efi_partition);
- 		else
- 			assign_string(&evspec->efi_partition, ctx->efi_partition);
-		__tpm_event_efi_bsa_inspect_image(parsed);
-+		__tpm_event_efi_bsa_inspect_image(evspec);
- 	}
- 
- 	return true;
-@@ -150,9 +150,8 @@ __tpm_event_efi_bsa_extract_location(tpm_parsed_event_t *parsed)
- }
- 
- static bool
-__tpm_event_efi_bsa_inspect_image(tpm_parsed_event_t *parsed)
-+__tpm_event_efi_bsa_inspect_image(struct efi_bsa_event *evspec)
- {
-        struct efi_bsa_event *evspec = &parsed->efi_bsa_event;
- 	char path[PATH_MAX];
- 	const char *display_name;
- 	buffer_t *img_data;
-@@ -302,6 +301,7 @@ __tpm_event_efi_bsa_rehash(const tpm_event_t *ev, const tpm_parsed_event_t *pars
- 		if (new_application) {
- 			evspec_clone = *evspec;
- 			evspec_clone.efi_application = strdup(new_application);
-+			__tpm_event_efi_bsa_inspect_image(&evspec_clone);
- 			evspec = &evspec_clone;
- 		}
- 	}
-
-From 93cbe02ca05297c638b1ac7f32b3da3a6cd2f684 Mon Sep 17 00:00:00 2001
-From: Alberto Planas <aplanas@suse.com>
-Date: Thu, 11 Jan 2024 14:35:07 +0100
-Subject: [PATCH 6/6] Bump version to 0.5.5
-
-Signed-off-by: Alberto Planas <aplanas@suse.com>
---
- configure         | 2 +-
- microconf/version | 2 +-
- 2 files changed, 2 insertions(+), 2 deletions(-)
-
-diff --git a/configure b/configure
-index 1dccbdc..854cc0a 100755
--- a/configure
-+++ b/configure
-@@ -12,7 +12,7 @@
- # Invoke with --help for a description of options
- #
- # microconf:begin
-# version 0.5.4
-+# version 0.5.5
- # require libtss2
- # require json
- # disable debug-authenticode
-diff --git a/microconf/version b/microconf/version
-index 7e913d9..591473f 100644
--- a/microconf/version
-+++ b/microconf/version
-@@ -1 +1 @@
-uc_version=0.5.4
-+uc_version=0.5.5
--- a/fix_efi_measure_and_shim.patch
+++ b/fix_efi_measure_and_shim.patch
@ -0,0 +1,412 @@
+From 9489d98463a596ec8e4ba9f1f4a2b2af91c0968b Mon Sep 17 00:00:00 2001
+From: Alberto Planas <aplanas@suse.com>
+Date: Wed, 10 Jan 2024 15:32:07 +0100
+Subject: [PATCH 1/8] Print the measured kernel
+
+The debug output can be missleading, as print information about the
+current event log, but not about the measured element, that can be
+different as in the kernel case.
+
+Signed-off-by: Alberto Planas <aplanas@suse.com>
+---
+ src/efi-application.c | 6 ++++++
+ 1 file changed, 6 insertions(+)
+
+diff --git a/src/efi-application.c b/src/efi-application.c
+index 3e80083..2fd33ec 100644
+--- a/src/efi-application.c
+++ b/src/efi-application.c
+@@ -292,6 +292,12 @@ __tpm_event_efi_bsa_rehash(const tpm_event_t *ev, const tpm_parsed_event_t *pars
+ 
+ 	/* The next boot can have a different kernel */
+ 	if (sdb_is_kernel(evspec->efi_application) && ctx->boot_entry) {
+		/* TODO: the parsed data type did not change, so all
+		 * the description correspond to the current event
+		 * log, and not the asset that has been measured.  The
+		 * debug output can then be missleading.
+		 */
+		debug("Measuring %s\n", ctx->boot_entry->image_path);
+ 		new_application = ctx->boot_entry->image_path;
+ 		if (new_application) {
+ 			evspec_clone = *evspec;
+
+From d8d97a3c233e326e0b1836b77fa08f483ea8f410 Mon Sep 17 00:00:00 2001
+From: Alberto Planas <aplanas@suse.com>
+Date: Wed, 10 Jan 2024 15:51:45 +0100
+Subject: [PATCH 2/8] Rename variable to cmdline
+
+Signed-off-by: Alberto Planas <aplanas@suse.com>
+---
+ src/eventlog.c | 15 ++++++++-------
+ 1 file changed, 8 insertions(+), 7 deletions(-)
+
+diff --git a/src/eventlog.c b/src/eventlog.c
+index 4277d42..377f4d6 100644
+--- a/src/eventlog.c
+++ b/src/eventlog.c
+@@ -790,8 +790,8 @@ static const tpm_evdigest_t *
+ __tpm_event_systemd_rehash(const tpm_event_t *ev, const tpm_parsed_event_t *parsed, tpm_event_log_rehash_ctx_t *ctx)
+ {
+ 	const uapi_boot_entry_t *boot_entry = ctx->boot_entry;
+-	char initrd[2048];
+-	char initrd_utf16[4096];
+	char cmdline[2048];
+	char cmdline_utf16[4096];
+ 	unsigned int len;
+ 
+ 	/* If no --next-kernel option was given, do not rehash anything */
+@@ -804,15 +804,16 @@ __tpm_event_systemd_rehash(const tpm_event_t *ev, const tpm_parsed_event_t *pars
+ 	}
+ 
+ 	debug("Next boot entry expected from: %s %s\n", boot_entry->title, boot_entry->version? : "");
+-	snprintf(initrd, sizeof(initrd), "initrd=%s %s",
+	snprintf(cmdline, sizeof(cmdline), "initrd=%s %s",
+ 			path_unix2dos(boot_entry->initrd_path),
+ 			boot_entry->options? : "");
+	debug("Measuring Kernel command line: %s\n", cmdline);
+ 
+-	len = (strlen(initrd) + 1) << 1;
+-	assert(len <= sizeof(initrd_utf16));
+-	__convert_to_utf16le(initrd, strlen(initrd) + 1, initrd_utf16, len);
+	len = (strlen(cmdline) + 1) << 1;
+	assert(len <= sizeof(cmdline_utf16));
+	__convert_to_utf16le(cmdline, strlen(cmdline) + 1, cmdline_utf16, len);
+ 
+-	return digest_compute(ctx->algo, initrd_utf16, len);
+	return digest_compute(ctx->algo, cmdline_utf16, len);
+ }
+ 
+ /*
+
+From 4f8e3f4760ff7fe97df1e6af569d049e30f3ee06 Mon Sep 17 00:00:00 2001
+From: Alberto Planas <aplanas@suse.com>
+Date: Wed, 10 Jan 2024 15:55:41 +0100
+Subject: [PATCH 3/8] Add debug output for initrd
+
+Signed-off-by: Alberto Planas <aplanas@suse.com>
+---
+ src/eventlog.c | 1 +
+ 1 file changed, 1 insertion(+)
+
+diff --git a/src/eventlog.c b/src/eventlog.c
+index 377f4d6..3574a4d 100644
+--- a/src/eventlog.c
+++ b/src/eventlog.c
+@@ -877,6 +877,7 @@ __tpm_event_tag_initrd_rehash(const tpm_event_t *ev, const tpm_parsed_event_t *p
+ 	}
+ 
+ 	debug("Next boot entry expected from: %s %s\n", boot_entry->title, boot_entry->version? : "");
+	debug("Measuring initrd: %s\n", boot_entry->initrd_path);
+ 	return runtime_digest_efi_file(ctx->algo, boot_entry->initrd_path);
+ }
+ 
+
+From 90ee8dab9d972b741bc0c27a04a872afbecdef82 Mon Sep 17 00:00:00 2001
+From: Alberto Planas <aplanas@suse.com>
+Date: Wed, 10 Jan 2024 18:54:04 +0100
+Subject: [PATCH 4/8] Add debug output during extension
+
+Signed-off-by: Alberto Planas <aplanas@suse.com>
+---
+ src/oracle.c | 1 +
+ 1 file changed, 1 insertion(+)
+
+diff --git a/src/oracle.c b/src/oracle.c
+index 1cafafc..0afd910 100644
+--- a/src/oracle.c
+++ b/src/oracle.c
+@@ -366,6 +366,7 @@ pcr_bank_extend_register(tpm_pcr_bank_t *bank, unsigned int pcr_index, const tpm
+ static void
+ predictor_extend_hash(struct predictor *pred, unsigned int pcr_index, const tpm_evdigest_t *d)
+ {
+	debug("Extend PCR#%d: %s\n", pcr_index, digest_print(d));
+ 	pcr_bank_extend_register(&pred->prediction, pcr_index, d);
+ }
+ 
+
+From 5133fe6f3c00a41aee362a51621a278dd472497e Mon Sep 17 00:00:00 2001
+From: Alberto Planas <aplanas@suse.com>
+Date: Thu, 11 Jan 2024 14:09:03 +0100
+Subject: [PATCH 5/8] Update the EFI image info before rehash
+
+If the new EFI image is in a new place, the image information stored in
+the parsed event should be updated, so the rehash will use this
+information instead of the one from the event log.
+
+Signed-off-by: Alberto Planas <aplanas@suse.com>
+---
+ src/efi-application.c | 8 ++++----
+ 1 file changed, 4 insertions(+), 4 deletions(-)
+
+diff --git a/src/efi-application.c b/src/efi-application.c
+index 2fd33ec..842bca6 100644
+--- a/src/efi-application.c
+++ b/src/efi-application.c
+@@ -40,7 +40,7 @@
+  */
+ static const tpm_evdigest_t *	__tpm_event_efi_bsa_rehash(const tpm_event_t *, const tpm_parsed_event_t *, tpm_event_log_rehash_ctx_t *);
+ static bool			__tpm_event_efi_bsa_extract_location(tpm_parsed_event_t *parsed);
+-static bool			__tpm_event_efi_bsa_inspect_image(tpm_parsed_event_t *parsed);
+static bool			__tpm_event_efi_bsa_inspect_image(struct efi_bsa_event *evspec);
+ 
+ static void
+ __tpm_event_efi_bsa_destroy(tpm_parsed_event_t *parsed)
+@@ -111,7 +111,7 @@ __tpm_event_parse_efi_bsa(tpm_event_t *ev, tpm_parsed_event_t *parsed, buffer_t
+ 			assign_string(&ctx->efi_partition, evspec->efi_partition);
+ 		else
+ 			assign_string(&evspec->efi_partition, ctx->efi_partition);
+-		__tpm_event_efi_bsa_inspect_image(parsed);
+		__tpm_event_efi_bsa_inspect_image(evspec);
+ 	}
+ 
+ 	return true;
+@@ -150,9 +150,8 @@ __tpm_event_efi_bsa_extract_location(tpm_parsed_event_t *parsed)
+ }
+ 
+ static bool
+-__tpm_event_efi_bsa_inspect_image(tpm_parsed_event_t *parsed)
+__tpm_event_efi_bsa_inspect_image(struct efi_bsa_event *evspec)
+ {
+-        struct efi_bsa_event *evspec = &parsed->efi_bsa_event;
+ 	char path[PATH_MAX];
+ 	const char *display_name;
+ 	buffer_t *img_data;
+@@ -302,6 +301,7 @@ __tpm_event_efi_bsa_rehash(const tpm_event_t *ev, const tpm_parsed_event_t *pars
+ 		if (new_application) {
+ 			evspec_clone = *evspec;
+ 			evspec_clone.efi_application = strdup(new_application);
+			__tpm_event_efi_bsa_inspect_image(&evspec_clone);
+ 			evspec = &evspec_clone;
+ 		}
+ 	}
+
+From 93cbe02ca05297c638b1ac7f32b3da3a6cd2f684 Mon Sep 17 00:00:00 2001
+From: Alberto Planas <aplanas@suse.com>
+Date: Thu, 11 Jan 2024 14:35:07 +0100
+Subject: [PATCH 6/8] Bump version to 0.5.5
+
+Signed-off-by: Alberto Planas <aplanas@suse.com>
+---
+ configure         | 2 +-
+ microconf/version | 2 +-
+ 2 files changed, 2 insertions(+), 2 deletions(-)
+
+diff --git a/configure b/configure
+index 1dccbdc..854cc0a 100755
+--- a/configure
+++ b/configure
+@@ -12,7 +12,7 @@
+ # Invoke with --help for a description of options
+ #
+ # microconf:begin
+-# version 0.5.4
+# version 0.5.5
+ # require libtss2
+ # require json
+ # disable debug-authenticode
+diff --git a/microconf/version b/microconf/version
+index 7e913d9..591473f 100644
+--- a/microconf/version
+++ b/microconf/version
+@@ -1 +1 @@
+-uc_version=0.5.4
+uc_version=0.5.5
+
+From e622620a8de5eaf499265adf6c5e8d2ecdaa295b Mon Sep 17 00:00:00 2001
+From: Alberto Planas <aplanas@suse.com>
+Date: Mon, 26 Feb 2024 13:34:13 +0100
+Subject: [PATCH 7/8] Add secure boot detector
+
+Signed-off-by: Alberto Planas <aplanas@suse.com>
+---
+ Makefile.in       |  3 ++-
+ src/eventlog.h    |  2 ++
+ src/secure_boot.c | 44 ++++++++++++++++++++++++++++++++++++++++++++
+ 3 files changed, 48 insertions(+), 1 deletion(-)
+ create mode 100644 src/secure_boot.c
+
+diff --git a/Makefile.in b/Makefile.in
+index 02a915b..9698253 100644
+--- a/Makefile.in
+++ b/Makefile.in
+@@ -34,7 +34,8 @@ ORACLE_SRCS	= oracle.c \
+ 		  store.c \
+ 		  util.c \
+ 		  sd-boot.c \
+-		  uapi.c
+		  uapi.c \
+		  secure_boot.c
+ ORACLE_OBJS	= $(addprefix build/,$(patsubst %.c,%.o,$(ORACLE_SRCS)))
+ 
+ all: $(TOOLS) $(MANPAGES)
+diff --git a/src/eventlog.h b/src/eventlog.h
+index 3741b58..8af5eb0 100644
+--- a/src/eventlog.h
+++ b/src/eventlog.h
+@@ -323,4 +323,6 @@ extern bool			shim_variable_name_valid(const char *name);
+ extern const char *		shim_variable_get_rtname(const char *name);
+ extern const char *		shim_variable_get_full_rtname(const char *name);
+ 
+extern bool			secure_boot_enabled();
+
+ #endif /* EVENTLOG_H */
+diff --git a/src/secure_boot.c b/src/secure_boot.c
+new file mode 100644
+index 0000000..215baa6
+--- /dev/null
+++ b/src/secure_boot.c
+@@ -0,0 +1,44 @@
+/*
+ *   Copyright (C) 2023 SUSE LLC
+ *
+ *   This program is free software; you can redistribute it and/or modify
+ *   it under the terms of the GNU General Public License as published by
+ *   the Free Software Foundation; either version 2 of the License, or
+ *   (at your option) any later version.
+ *
+ *   This program is distributed in the hope that it will be useful,
+ *   but WITHOUT ANY WARRANTY; without even the implied warranty of
+ *   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ *   GNU General Public License for more details.
+ *
+ *   You should have received a copy of the GNU General Public License
+ *   along with this program; if not, write to the Free Software
+ *   Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
+ *
+ * Written by Alberto Planas <aplanas@suse.com>
+ */
+
+#include <stdio.h>
+#include "bufparser.h"
+#include "runtime.h"
+
+#define SECURE_BOOT_EFIVAR_NAME	"SecureBoot-8be4df61-93ca-11d2-aa0d-00e098032b8c"
+
+
+bool
+secure_boot_enabled()
+{
+	buffer_t *data;
+	uint8_t enabled;
+
+	data = runtime_read_efi_variable(SECURE_BOOT_EFIVAR_NAME);
+	if (data == NULL) {
+		return false;
+	}
+
+	if (!buffer_get_u8(data,  &enabled)) {
+		 return false;
+	}
+
+	return enabled == 1;
+}
+
+From 211502ec5cac7e252f8af251ee34872f7adae9ca Mon Sep 17 00:00:00 2001
+From: Alberto Planas <aplanas@suse.com>
+Date: Mon, 26 Feb 2024 14:52:37 +0100
+Subject: [PATCH 8/8] Detect when device path is missing for kernel
+
+Signed-off-by: Alberto Planas <aplanas@suse.com>
+---
+ src/efi-application.c | 48 ++++++++++++++++++++++++++++++++++++++++---
+ src/sd-boot.c         |  3 +++
+ 2 files changed, 48 insertions(+), 3 deletions(-)
+
+diff --git a/src/efi-application.c b/src/efi-application.c
+index 842bca6..1f434fc 100644
+--- a/src/efi-application.c
+++ b/src/efi-application.c
+@@ -42,6 +42,8 @@ static const tpm_evdigest_t *	__tpm_event_efi_bsa_rehash(const tpm_event_t *, co
+ static bool			__tpm_event_efi_bsa_extract_location(tpm_parsed_event_t *parsed);
+ static bool			__tpm_event_efi_bsa_inspect_image(struct efi_bsa_event *evspec);
+ 
+static bool			__is_shim_issue(const tpm_event_t *ev, const struct efi_bsa_event *evspec);
+
+ static void
+ __tpm_event_efi_bsa_destroy(tpm_parsed_event_t *parsed)
+ {
+@@ -114,6 +116,15 @@ __tpm_event_parse_efi_bsa(tpm_event_t *ev, tpm_parsed_event_t *parsed, buffer_t
+ 		__tpm_event_efi_bsa_inspect_image(evspec);
+ 	}
+ 
+	/* When the shim issue is present the efi_application will be
+	 * empty.  The binary path will be reconstructed with the
+	 * --next-kernel parameter, but to generate the full path the
+	 * `efi_partition` is needed.
+	 */
+	if (__is_shim_issue(ev, evspec))
+		assign_string(&evspec->efi_partition, ctx->efi_partition);
+
+
+ 	return true;
+ }
+ 
+@@ -273,6 +284,31 @@ efi_application_extract_signer(const tpm_parsed_event_t *parsed)
+ 	return authenticode_get_signer(evspec->img_info);
+ }
+ 
+static bool __is_shim_issue(const tpm_event_t *ev, const struct efi_bsa_event *evspec)
+{
+	/* When secure boot is enabled and shim is installed,
+	 * systemd-boot installs some security overrides that will
+	 * delegate into shim (via shim_validate from systemd-boot)
+	 * the validation of the kernel signature.
+	 *
+	 * The shim_validate function receives the device path from
+	 * the firmware, and is used to load the kernel into memory.
+	 * At the end call shim_verify from shim, but pass only the
+	 * buffer with the loaded image.
+	 *
+	 * The net result is that the event log
+	 * EV_EFI_BOOT_SERVICES_APPLICATION registered by shim_verify
+	 * will not contain the device path that pcr-oracle requires
+	 * to rehash the binary.
+	 *
+	 * So far only the kernel is presenting this issue (when
+	 * systemd-boot is used, GRUB2 needs to be evaluated), so this
+	 * can be detected if there is an event registered in PCR 4
+	 * without path.
+	 */
+	return (secure_boot_enabled() && ev->pcr_index == 4 && !evspec->efi_application);
+}
+
+ static const tpm_evdigest_t *
+ __tpm_event_efi_bsa_rehash(const tpm_event_t *ev, const tpm_parsed_event_t *parsed, tpm_event_log_rehash_ctx_t *ctx)
+ {
+@@ -284,13 +320,19 @@ __tpm_event_efi_bsa_rehash(const tpm_event_t *ev, const tpm_parsed_event_t *pars
+ 	 * We're not yet prepared to handle these, so we hope the user doesn't mess with them, and
+ 	 * return the original digest from the event log.
+ 	 */
+-	if (!evspec->efi_application) {
+-		debug("Unable to locate boot service application - probably not a file\n");
+	if (!evspec->efi_application && !(__is_shim_issue(ev, evspec) && ctx->boot_entry)) {
+		if (__is_shim_issue(ev, evspec) && !ctx->boot_entry)
+			debug("Unable to locate boot service application - missing device path because shim issue");
+		else
+			debug("Unable to locate boot service application - probably not a file\n");
+ 		return tpm_event_get_digest(ev, ctx->algo);
+ 	}
+ 
+ 	/* The next boot can have a different kernel */
+-	if (sdb_is_kernel(evspec->efi_application) && ctx->boot_entry) {
+	if ((sdb_is_kernel(evspec->efi_application) || __is_shim_issue(ev, evspec)) && ctx->boot_entry) {
+		if (__is_shim_issue(ev, evspec))
+			debug("Empty device path for the kernel - building one based on next kernel\n");
+
+ 		/* TODO: the parsed data type did not change, so all
+ 		 * the description correspond to the current event
+ 		 * log, and not the asset that has been measured.  The
+diff --git a/src/sd-boot.c b/src/sd-boot.c
+index cbdaa49..ede2569 100644
+--- a/src/sd-boot.c
+++ b/src/sd-boot.c
+@@ -138,6 +138,9 @@ sdb_is_kernel(const char *application)
+ 	char *path_copy;
+ 	int found = 0;
+ 
+	if (!application)
+		return false;
+
+ 	match = get_valid_kernel_entry_tokens();
+ 	path_copy = strdup(application);
+ 
--- a/pcr-oracle.changes
+++ b/pcr-oracle.changes
@ -1,3 +1,9 @@
+-------------------------------------------------------------------
+Mon Feb 26 15:14:37 UTC 2024 - Alberto Planas Dominguez <aplanas@suse.com>
+
+- Remove fix_efi_measure.patch
+- Add fix_efi_measure_and_shim.patch (bsc#1219807)
+
 -------------------------------------------------------------------
 Tue Feb 20 18:16:53 UTC 2024 - Alberto Planas Dominguez <aplanas@suse.com>

--- a/pcr-oracle.spec
+++ b/pcr-oracle.spec
@ -25,8 +25,9 @@ License:        GPL-2.0-only
 Group:          System/Boot
 URL:            https://github.com/okirch/pcr-oracle
 Source:         %{name}-%{version}.tar.xz
-# PATCH-FIX-UPSTREAM fix_efi_measure.patch gh#okirch/pcr-oracle!47
-Patch0:         fix_efi_measure.patch
+# PATCH-FIX-UPSTREAM fix_efi_measure_and_shim.patch gh#okirch/pcr-oracle!47
+# PATCH-FIX-UPSTREAM fix_efi_measure_and_shim.patch gh#okirch/pcr-oracle!51
+Patch0:         fix_efi_measure_and_shim.patch
 # PATCH-FIX-UPSTREAM fix_loader_conf.patch gh#okirch/pcr-oracle!50
 Patch1:         fix_loader_conf.patch
 BuildRequires:  libopenssl-devel >= 0.9.8