diff options
| author | Daan De Meyer <daan.j.demeyer@gmail.com> | 2024-10-01 10:15:15 +0200 |
|---|---|---|
| committer | Daan De Meyer <daan.j.demeyer@gmail.com> | 2024-10-03 23:15:32 +0200 |
| commit | 71f11a8f4c0fb50c5ff170db6ddc89e626cdc202 (patch) | |
| tree | 428feb71cdf9f979f765abe9bf93e6a6b4bf41dc /src/ukify/ukify.py | |
| parent | Merge pull request #34590 from poettering/file-hier-removals (diff) | |
| download | systemd-71f11a8f4c0fb50c5ff170db6ddc89e626cdc202.tar.xz systemd-71f11a8f4c0fb50c5ff170db6ddc89e626cdc202.zip | |
Revert "ukify: introduce new --measure-base= switch"
This reverts commit bc3e2c5a5774ae7b212817d04e04abccf30088ae.
Diffstat (limited to 'src/ukify/ukify.py')
| -rwxr-xr-x | src/ukify/ukify.py | 71 |
1 files changed, 6 insertions, 65 deletions
diff --git a/src/ukify/ukify.py b/src/ukify/ukify.py index 55c40164ae..1a8c9507ee 100755 --- a/src/ukify/ukify.py +++ b/src/ukify/ukify.py @@ -503,14 +503,6 @@ def pe_strip_section_name(name): def call_systemd_measure(uki, opts): - - if not opts.measure and not opts.pcr_private_keys: - return - - measure_sections = ('.linux', '.osrel', '.cmdline', '.initrd', - '.ucode', '.splash', '.dtb', '.uname', - '.sbat', '.pcrpkey', '.profile') - measure_tool = find_tool('systemd-measure', '/usr/lib/systemd/systemd-measure', opts=opts) @@ -519,60 +511,15 @@ def call_systemd_measure(uki, opts): # PCR measurement - to_measure = [] - tflist = [] - - # First, pick up the sections we shall measure now */ - for s in uki.sections: - if not s.measure: - continue - - if s.content is not None: - to_measure.append(f"--{s.name.removeprefix('.')}={s.content}") - else: - raise ValueError(f"Don't know how to measure section {s.name}"); - - # And now iterate through the base profile and measure what we haven't measured above - if opts.measure_base is not None: - pe = pefile.PE(opts.measure_base, fast_load=True) - - # Find matching PE section in base image - for base_section in pe.sections: - name = pe_strip_section_name(base_section.Name) - - # If we reach the first .profile section the base is over - if name == ".profile": - break - - # Only some sections are measured - if name not in measure_sections: - continue - - # Check if this is a section we already covered above - already_covered = False - for s in uki.sections: - if s.measure and name == s.name: - already_covered = True - break; - - if already_covered: - continue - - # Split out section and use as base - tf = tempfile.NamedTemporaryFile() - tf.write(base_section.get_data(length=base_section.Misc_VirtualSize)) - tf.flush() - tflist.append(tf) - - to_measure.append(f"--{name.removeprefix('.')}={tf.name}") - if opts.measure: pp_groups = opts.phase_path_groups or [] cmd = [ measure_tool, 'calculate', - *to_measure, + *(f"--{s.name.removeprefix('.')}={s.content}" + for s in uki.sections + if s.measure), *(f'--bank={bank}' for bank in banks), # For measurement, the keys are not relevant, so we can lump all the phase paths @@ -592,7 +539,9 @@ def call_systemd_measure(uki, opts): cmd = [ measure_tool, 'sign', - *to_measure, + *(f"--{s.name.removeprefix('.')}={s.content}" + for s in uki.sections + if s.measure), *(f'--bank={bank}' for bank in banks), ] @@ -1482,14 +1431,6 @@ CONFIG_ITEMS = [ ), ConfigItem( - '--measure-base', - metavar = 'UKI', - type = pathlib.Path, - help = 'path to existing UKI file whose relevant sections shall be used as base for PCR11 prediction', - config_key = 'UKI/MeasureBase', - ), - - ConfigItem( '--pcr-banks', metavar = 'BANKā¦', type = parse_banks, |