morgan/systemd
1
0
Fork 0
mirror of https://github.com/morgan9e/systemd synced 2026-04-15 00:47:10 +09:00
Code Issues Packages Projects Releases Wiki Activity

pcrlock: process components outside of location window properly

Browse Source 
So far, when we tried to match a component to eent log entries we
skipped those components if they were outside of our location window.
That however is too aggressive, since it means any components that are
already in the logs, but outside of the location window will be
considered unrecognized in the logs, and thus removed from the PCR
policy.

Change things around: always try to match up all components, regardless
if inside the location window or outside, but then make it non-fatal we
can't find a component outside of the location window.

Fixes: #36079
This commit is contained in:
Lennart Poettering
2025-07-03 13:50:46 +02:00
committed by Luca Boccassi
parent 144ea281f3
commit 95b58ed32e
1 changed files with 15 additions and 11 deletions
Download Patch File Download Diff File Expand all files Collapse all files

26
src/pcrlock/pcrlock.c
View File

@@ -1946,15 +1946,6 @@ static int event_log_map_components(EventLog *el) {
unsigned n_matching = 0, n_empty = 0;
EventLogComponent *c = *cc;
if (arg_location_end && strcmp(c->id, arg_location_end) > 0) {
n_skipped++;
if (!strextend_with_separator(&skipped_ids, ", ", c->id))
return log_oom();
continue;
}
assert(c->n_variants > 0);
FOREACH_ARRAY(ii, c->variants, c->n_variants) {
@@ -1978,20 +1969,33 @@ static int event_log_map_components(EventLog *el) {
}
if (n_matching + n_empty == 0) {
bool skip = true;
if (arg_location_start && strcmp(c->id, arg_location_start) >= 0)
log_info("Didn't find component '%s' in event log, assuming system hasn't reached it yet.", c->id);
else {
else if (arg_location_end && strcmp(c->id, arg_location_end) > 0) {
log_info("Didn't find component '%s' in event log, but irrelevant for location window, ignoring.", c->id);
} else {
log_notice("Couldn't find component '%s' in event log.", c->id);
el->n_missing_components++;
el->missing_component_pcrs |= event_log_component_pcrs(c);
skip = false;
}
if (skip) {
n_skipped++;
if (!strextend_with_separator(&skipped_ids, ", ", c->id))
return log_oom();
}
} else if (n_matching > 1)
log_debug("Found %u possible variants of component '%s' in event log (%s). Proceeding.", n_matching, c->id, matching_ids);
}
if (n_skipped > 0)
log_notice("Skipped %u components after location '%s' (%s).", n_skipped, arg_location_end, skipped_ids);
log_notice("Skipped %u components (%s).", n_skipped, skipped_ids);
if (el->n_missing_components > 0)
log_notice("Unable to recognize %zu components in event log.", el->n_missing_components);