You can not select more than 25 topics
Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
81 lines
3.1 KiB
81 lines
3.1 KiB
10 months ago
|
From 5b5e0f56ac9f9f2633735fc62d4b19b4105cea41 Mon Sep 17 00:00:00 2001
|
||
|
From: Lennart Poettering <lennart@poettering.net>
|
||
|
Date: Thu, 22 Jun 2023 16:26:15 +0200
|
||
|
Subject: [PATCH] tpm2-util: look for tpm2-pcr-signature.json directly in
|
||
|
/.extra/
|
||
|
|
||
|
So far we relied on tmpfiles.d to copy tpm2-pcr-signature.json from
|
||
|
/.extra/ into /run/systemd/. This is racy however if cryptsetup runs too
|
||
|
early, and we cannot unconditionally run it after tmpfiles completed.
|
||
|
|
||
|
hence, let's teach cryptsetup to directly look for the file in /.extra/,
|
||
|
in order to simplify this, and remove the race. But do so only in the
|
||
|
initrd (as only there /.extra/ is a concept).
|
||
|
|
||
|
We generally prefer looking in /run/systemd/, since things are under
|
||
|
user control then. In the regular system we exclusively want that
|
||
|
userspace looks there.
|
||
|
|
||
|
Fixes: #26490
|
||
|
(cherry picked from commit 6270b2e67edbe5c9ac164fc3f2f1cd1d7832fcd8)
|
||
|
|
||
|
Related: RHEL-16182
|
||
|
---
|
||
|
src/shared/tpm2-util.c | 20 ++++++++++++++++++--
|
||
|
1 file changed, 18 insertions(+), 2 deletions(-)
|
||
|
|
||
|
diff --git a/src/shared/tpm2-util.c b/src/shared/tpm2-util.c
|
||
|
index df1f7b8340..944bf91019 100644
|
||
|
--- a/src/shared/tpm2-util.c
|
||
|
+++ b/src/shared/tpm2-util.c
|
||
|
@@ -15,6 +15,7 @@
|
||
|
#include "hmac.h"
|
||
|
#include "lockfile-util.h"
|
||
|
#include "memory-util.h"
|
||
|
+#include "nulstr-util.h"
|
||
|
#include "parse-util.h"
|
||
|
#include "random-util.h"
|
||
|
#include "sha256.h"
|
||
|
@@ -23,6 +24,7 @@
|
||
|
#include "string-table.h"
|
||
|
#include "time-util.h"
|
||
|
#include "tpm2-util.h"
|
||
|
+#include "util.h"
|
||
|
#include "virt.h"
|
||
|
|
||
|
#if HAVE_TPM2
|
||
|
@@ -4964,6 +4966,7 @@ int tpm2_parse_pcr_argument_to_mask(const char *arg, uint32_t *ret_mask) {
|
||
|
}
|
||
|
|
||
|
int tpm2_load_pcr_signature(const char *path, JsonVariant **ret) {
|
||
|
+ _cleanup_strv_free_ char **search = NULL;
|
||
|
_cleanup_free_ char *discovered_path = NULL;
|
||
|
_cleanup_fclose_ FILE *f = NULL;
|
||
|
int r;
|
||
|
@@ -4971,10 +4974,23 @@ int tpm2_load_pcr_signature(const char *path, JsonVariant **ret) {
|
||
|
/* Tries to load a JSON PCR signature file. Takes an absolute path, a simple file name or NULL. In
|
||
|
* the latter two cases searches in /etc/, /usr/lib/, /run/, as usual. */
|
||
|
|
||
|
- if (!path)
|
||
|
+ search = strv_split_nulstr(CONF_PATHS_NULSTR("systemd"));
|
||
|
+ if (!search)
|
||
|
+ return log_oom();
|
||
|
+
|
||
|
+ if (!path) {
|
||
|
+ /* If no path is specified, then look for "tpm2-pcr-signature.json" automatically. Also, in
|
||
|
+ * this case include /.extra/ in the search path, but only in this case, and if we run in the
|
||
|
+ * initrd. We don't want to be too eager here, after all /.extra/ is untrusted territory. */
|
||
|
+
|
||
|
path = "tpm2-pcr-signature.json";
|
||
|
|
||
|
- r = search_and_fopen(path, "re", NULL, (const char**) CONF_PATHS_STRV("systemd"), &f, &discovered_path);
|
||
|
+ if (in_initrd())
|
||
|
+ if (strv_extend(&search, "/.extra") < 0)
|
||
|
+ return log_oom();
|
||
|
+ }
|
||
|
+
|
||
|
+ r = search_and_fopen(path, "re", NULL, (const char**) search, &f, &discovered_path);
|
||
|
if (r < 0)
|
||
|
return log_debug_errno(r, "Failed to find TPM PCR signature file '%s': %m", path);
|
||
|
|