From 763028a16cb54582823fedaba5d3ba8432e1c0ed Mon Sep 17 00:00:00 2001
From: anonymix007 <48598263+anonymix007@users.noreply.github.com>
Date: Wed, 4 Sep 2024 14:40:18 +0300
Subject: measure: introduce support for a .hwids section

---
 man/systemd-measure.xml | 5 +++--
 1 file changed, 3 insertions(+), 2 deletions(-)

(limited to 'man')

diff --git a/man/systemd-measure.xml b/man/systemd-measure.xml
index 71983ffe00..a21b2dcecc 100644
--- a/man/systemd-measure.xml
+++ b/man/systemd-measure.xml
@@ -77,7 +77,7 @@
         <option>--osrel=</option>, <option>--cmdline=</option>, <option>--initrd=</option>,
         <option>--ucode=</option>, <option>--splash=</option>, <option>--dtb=</option>,
         <option>--uname=</option>, <option>--sbat=</option>, <option>--pcrpkey=</option>,
-        <option>--profile=</option>, see below.  Only <option>--linux=</option> is mandatory. (Alternatively,
+        <option>--profile=</option>, <option>--hwids=</option>, see below.  Only <option>--linux=</option> is mandatory. (Alternatively,
         specify <option>--current</option> to use the current values of PCR register 11 instead.)</para>
 
         <xi:include href="version-info.xml" xpointer="v252"/>
@@ -125,6 +125,7 @@
         <term><option>--sbat=<replaceable>PATH</replaceable></option></term>
         <term><option>--pcrpkey=<replaceable>PATH</replaceable></option></term>
         <term><option>--profile=<replaceable>PATH</replaceable></option></term>
+        <term><option>--hwids=<replaceable>PATH</replaceable></option></term>
 
         <listitem><para>When used with the <command>calculate</command> or <command>sign</command> verb,
         configures the files to read the unified kernel image components from. Each option corresponds with
@@ -134,7 +135,7 @@
 
         <xi:include href="version-info.xml" xpointer="v252"/>
 
-        <para id="v257">With the exception of <option>--profile=</option>, which has been added in version
+        <para id="v257">With the exception of <option>--profile=</option> and <option>--hwids=</option>, which have been added in version
         257.</para></listitem>
       </varlistentry>
 
-- 
cgit v1.2.3


From 4c0b7f425024923f37c7e571fa563f602e8bf369 Mon Sep 17 00:00:00 2001
From: anonymix007 <48598263+anonymix007@users.noreply.github.com>
Date: Tue, 22 Oct 2024 14:40:57 +0300
Subject: measure: Introduce .dtbauto support

---
 man/systemd-measure.xml | 5 +++--
 src/boot/measure.c      | 6 ++++--
 2 files changed, 7 insertions(+), 4 deletions(-)

(limited to 'man')

diff --git a/man/systemd-measure.xml b/man/systemd-measure.xml
index a21b2dcecc..69b9db59bb 100644
--- a/man/systemd-measure.xml
+++ b/man/systemd-measure.xml
@@ -77,7 +77,7 @@
         <option>--osrel=</option>, <option>--cmdline=</option>, <option>--initrd=</option>,
         <option>--ucode=</option>, <option>--splash=</option>, <option>--dtb=</option>,
         <option>--uname=</option>, <option>--sbat=</option>, <option>--pcrpkey=</option>,
-        <option>--profile=</option>, <option>--hwids=</option>, see below.  Only <option>--linux=</option> is mandatory. (Alternatively,
+        <option>--profile=</option>, <option>--dtbauto=</option>, <option>--hwids=</option>, see below.  Only <option>--linux=</option> is mandatory. (Alternatively,
         specify <option>--current</option> to use the current values of PCR register 11 instead.)</para>
 
         <xi:include href="version-info.xml" xpointer="v252"/>
@@ -125,6 +125,7 @@
         <term><option>--sbat=<replaceable>PATH</replaceable></option></term>
         <term><option>--pcrpkey=<replaceable>PATH</replaceable></option></term>
         <term><option>--profile=<replaceable>PATH</replaceable></option></term>
+        <term><option>--dtbauto=<replaceable>PATH</replaceable></option></term>
         <term><option>--hwids=<replaceable>PATH</replaceable></option></term>
 
         <listitem><para>When used with the <command>calculate</command> or <command>sign</command> verb,
@@ -135,7 +136,7 @@
 
         <xi:include href="version-info.xml" xpointer="v252"/>
 
-        <para id="v257">With the exception of <option>--profile=</option> and <option>--hwids=</option>, which have been added in version
+        <para id="v257">With the exception of <option>--profile=</option>, <option>--dtbauto=</option> and <option>--hwids=</option>, which have been added in version
         257.</para></listitem>
       </varlistentry>
 
diff --git a/src/boot/measure.c b/src/boot/measure.c
index eece58f43f..9e6295b9da 100644
--- a/src/boot/measure.c
+++ b/src/boot/measure.c
@@ -148,8 +148,9 @@ static int parse_argv(int argc, char *argv[]) {
                 _ARG_PCRSIG, /* the .pcrsig section is not input for signing, hence not actually an argument here */
                 ARG_PCRPKEY,
                 ARG_PROFILE,
+                ARG_HWIDS,
                 _ARG_SECTION_LAST,
-                ARG_HWIDS = _ARG_SECTION_LAST,
+                ARG_DTBAUTO = _ARG_SECTION_LAST,
                 ARG_BANK,
                 ARG_PRIVATE_KEY,
                 ARG_PRIVATE_KEY_SOURCE,
@@ -172,6 +173,7 @@ static int parse_argv(int argc, char *argv[]) {
                 { "ucode",              required_argument, NULL, ARG_UCODE              },
                 { "splash",             required_argument, NULL, ARG_SPLASH             },
                 { "dtb",                required_argument, NULL, ARG_DTB                },
+                { "dtbauto",            required_argument, NULL, ARG_DTBAUTO            },
                 { "uname",              required_argument, NULL, ARG_UNAME              },
                 { "sbat",               required_argument, NULL, ARG_SBAT               },
                 { "pcrpkey",            required_argument, NULL, ARG_PCRPKEY            },
@@ -196,7 +198,7 @@ static int parse_argv(int argc, char *argv[]) {
         assert(argv);
 
         /* Make sure the arguments list and the section list, stays in sync */
-        // assert_cc(_ARG_SECTION_FIRST + _UNIFIED_SECTION_MAX == _ARG_SECTION_LAST + 1);
+        assert_cc(_ARG_SECTION_FIRST + _UNIFIED_SECTION_MAX == _ARG_SECTION_LAST + 1);
 
         while ((c = getopt_long(argc, argv, "hjc", options, NULL)) >= 0)
                 switch (c) {
-- 
cgit v1.2.3


From 73b1fbc777a85b7e9e960b0076e6cd52c4e3bdbd Mon Sep 17 00:00:00 2001
From: anonymix007 <48598263+anonymix007@users.noreply.github.com>
Date: Tue, 22 Oct 2024 15:07:15 +0300
Subject: man: Document stub behaviour for .hwids and .dtbauto sections

---
 man/systemd-stub.xml | 14 ++++++++++++++
 1 file changed, 14 insertions(+)

(limited to 'man')

diff --git a/man/systemd-stub.xml b/man/systemd-stub.xml
index 439d999c64..6625fca91e 100644
--- a/man/systemd-stub.xml
+++ b/man/systemd-stub.xml
@@ -79,6 +79,20 @@
 
       <listitem><para>A <literal>.dtb</literal> section with a compiled binary DeviceTree.</para></listitem>
 
+      <listitem><para>Zero or more <literal>.dtbauto</literal> sections. Stub will always try to find first matching one.
+      Matching process extracts first <varname>compatible</varname> string from <literal>.dtbauto</literal>
+      section and compares it with the first Devicetree's <varname>compatible</varname> string supplied by
+      the firmware in configuration tables. If firmware does not provide Devicetree, matching with
+      <varname>.hwids</varname>  section will be used instead. Stub will use SMBIOS data to calculate hardware
+      IDs of the machine (as per <ulink url="https://learn.microsoft.com/en-us/windows-hardware/drivers/install/specifying-hardware-ids-for-a-computer">specification</ulink>),
+      then it will proceed to trying to find any of them in <literal>.hwids</literal> section and will use first
+      matching entry's <varname>compatible</varname>  as a search key among the <literal>.dtbauto</literal>
+      entries, in a similar fashion as the use of <varname>compatible</varname> string read from the firmware
+      provided Devicetree was described before. First matching <literal>.dtbauto</literal> section will be
+      loaded and will override <varname>.dtb</varname> if present.</para></listitem>
+
+      <listitem><para>A <literal>.hwids</literal> section with hardware IDs of the machines to match Devicetrees (refer to <literal>.dtbauto</literal> section description).</para></listitem>
+
       <listitem><para>A <literal>.uname</literal> section with the kernel version information, i.e. the
       output of <command>uname -r</command> for the kernel included in the <literal>.linux</literal>
       section.</para></listitem>
-- 
cgit v1.2.3