diff options
| author | Lennart Poettering <lennart@poettering.net> | 2022-08-17 17:28:05 +0200 |
|---|---|---|
| committer | Lennart Poettering <lennart@poettering.net> | 2022-09-08 16:34:27 +0200 |
| commit | 6a0779cbf9b4d45a64e6beb0fb3892835f4f2905 (patch) | |
| tree | 082958b2e28f9626c935f91bbcb6d7397a1dfa6c /src/shared/tpm2-util.c | |
| parent | d9b5841d40996d42a05b7d6f1adf7a7517966262 (diff) | |
| download | systemd-6a0779cbf9b4d45a64e6beb0fb3892835f4f2905.tar.gz | |
creds-util: hook up new signed PCR policies
Diffstat (limited to 'src/shared/tpm2-util.c')
| -rw-r--r-- | src/shared/tpm2-util.c | 46 |
1 files changed, 46 insertions, 0 deletions
diff --git a/src/shared/tpm2-util.c b/src/shared/tpm2-util.c index 1546bb02f9..aef0603855 100644 --- a/src/shared/tpm2-util.c +++ b/src/shared/tpm2-util.c @@ -9,9 +9,11 @@ #if HAVE_TPM2 #include "alloc-util.h" +#include "def.h" #include "dirent-util.h" #include "dlfcn-util.h" #include "fd-util.h" +#include "fileio.h" #include "format-table.h" #include "fs-util.h" #include "hexdecoct.h" @@ -1955,3 +1957,47 @@ int tpm2_parse_pcr_argument(const char *arg, uint32_t *mask) { return 0; } + +int tpm2_load_pcr_signature(const char *path, JsonVariant **ret) { + _cleanup_free_ char *discovered_path = NULL; + _cleanup_fclose_ FILE *f = NULL; + int r; + + /* Tries to load a JSON PCR signature file. Takes an absolute path, a simple file name or NULL. In + * the latter two cases searches in /etc/, /usr/lib/, /run/, as usual. */ + + if (!path) + path = "tpm2-pcr-signature.json"; + + r = search_and_fopen(path, "re", NULL, (const char**) CONF_PATHS_STRV("systemd"), &f, &discovered_path); + if (r < 0) + return log_debug_errno(r, "Failed to find TPM PCR signature file '%s': %m", path); + + r = json_parse_file(f, discovered_path, 0, ret, NULL, NULL); + if (r < 0) + return log_debug_errno(r, "Failed to parse TPM PCR signature JSON object '%s': %m", discovered_path); + + return 0; +} + +int tpm2_load_pcr_public_key(const char *path, void **ret_pubkey, size_t *ret_pubkey_size) { + _cleanup_free_ char *discovered_path = NULL; + _cleanup_fclose_ FILE *f = NULL; + int r; + + /* Tries to load a PCR public key file. Takes an absolute path, a simple file name or NULL. In the + * latter two cases searches in /etc/, /usr/lib/, /run/, as usual. */ + + if (!path) + path = "tpm2-pcr-public-key.pem"; + + r = search_and_fopen(path, "re", NULL, (const char**) CONF_PATHS_STRV("systemd"), &f, &discovered_path); + if (r < 0) + return log_debug_errno(r, "Failed to find TPM PCR public key file '%s': %m", path); + + r = read_full_stream(f, (char**) ret_pubkey, ret_pubkey_size); + if (r < 0) + return log_debug_errno(r, "Failed to load TPM PCR public key PEM file '%s': %m", discovered_path); + + return 0; +} |