1 files changed, 9 insertions, 29 deletions

diff --git a/src/boot/pcrphase.c b/src/boot/pcrphase.c
index 70c919b0f5..003e0b8ad8 100644
--- a/src/boot/pcrphase.c
+++ b/src/boot/pcrphase.c
@@ -9,15 +9,14 @@
 #include "blockdev-util.h"
 #include "build.h"
 #include "chase-symlinks.h"
+#include "efi-loader.h"
 #include "efivars.h"
-#include "env-util.h"
 #include "escape.h"
 #include "fd-util.h"
 #include "main-func.h"
 #include "mountpoint-util.h"
 #include "openssl-util.h"
 #include "parse-argument.h"
-#include "parse-util.h"
 #include "pretty-print.h"
 #include "tpm-pcr.h"
 #include "tpm2-util.h"
@@ -241,9 +240,9 @@ static int get_file_system_word(
 }
 
 static int run(int argc, char *argv[]) {
-        _cleanup_free_ char *joined = NULL, *pcr_string = NULL, *word = NULL;
         _cleanup_(tpm2_context_destroy) struct tpm2_context c = {};
-        unsigned target_pcr_nr, efi_pcr_nr;
+        _cleanup_free_ char *joined = NULL, *word = NULL;
+        unsigned target_pcr_nr;
         size_t length;
         int r;
 
@@ -334,32 +333,13 @@ static int run(int argc, char *argv[]) {
 
         length = strlen(word);
 
-        int b = getenv_bool("SYSTEMD_PCRPHASE_STUB_VERIFY");
-        if (b < 0 && b != -ENXIO)
-                log_warning_errno(b, "Unable to parse $SYSTEMD_PCRPHASE_STUB_VERIFY value, ignoring.");
-
         /* Skip logic if sd-stub is not used, after all PCR 11 might have a very different purpose then. */
-        r = efi_get_variable_string(EFI_LOADER_VARIABLE(StubPcrKernelImage), &pcr_string);
-        if (r == -ENOENT) {
-                if (b != 0) {
-                        log_info("Kernel stub did not measure kernel image into PCR %u, skipping measurement.", TPM_PCR_INDEX_KERNEL_IMAGE);
-                        return EXIT_SUCCESS;
-                } else
-                        log_notice("Kernel stub did not measure kernel image into PCR %u, but told to measure anyway, hence proceeding.", TPM_PCR_INDEX_KERNEL_IMAGE);
-        } else if (r < 0)
-                return log_error_errno(r, "Failed to read StubPcrKernelImage EFI variable: %m");
-        else {
-                /* Let's validate that the stub announced PCR 11 as we expected. */
-                r = safe_atou(pcr_string, &efi_pcr_nr);
-                if (r < 0)
-                        return log_error_errno(r, "Failed to parse StubPcrKernelImage EFI variable: %s", pcr_string);
-                if (efi_pcr_nr != TPM_PCR_INDEX_KERNEL_IMAGE) {
-                        if (b != 0)
-                                return log_error_errno(SYNTHETIC_ERRNO(EREMOTE), "Kernel stub measured kernel image into PCR %u, which is different than expected %u.", efi_pcr_nr, TPM_PCR_INDEX_KERNEL_IMAGE);
-                        else
-                                log_notice("Kernel stub measured kernel image into PCR %u, which is different than expected %u, but told to measure anyway, hence proceeding.", efi_pcr_nr, TPM_PCR_INDEX_KERNEL_IMAGE);
-                } else
-                        log_debug("Kernel stub reported same PCR %u as we want to use, proceeding.", TPM_PCR_INDEX_KERNEL_IMAGE);
+        r = efi_stub_measured();
+        if (r < 0)
+                return log_error_errno(r, "Failed to detect if we are running on a kernel image with TPM measurement enabled: %m");
+        if (r == 0) {
+                log_info("Kernel stub did not measure kernel image into PCR %u, skipping userspace measurement, too.", TPM_PCR_INDEX_KERNEL_IMAGE);
+                return EXIT_SUCCESS;
         }
 
         r = dlopen_tpm2();