systemd-cryptenroll: add string aliases for tpm2 PCRs

Fixes #26697. RFE.

1 files changed, 27 insertions, 0 deletions

diff --git a/src/shared/tpm2-util.h b/src/shared/tpm2-util.h
index 6a3aea8519..6634e2d242 100644
--- a/src/shared/tpm2-util.h
+++ b/src/shared/tpm2-util.h
@@ -202,6 +202,31 @@ typedef enum Tpm2Support {
         TPM2_SUPPORT_FULL      = TPM2_SUPPORT_FIRMWARE|TPM2_SUPPORT_DRIVER|TPM2_SUPPORT_SYSTEM|TPM2_SUPPORT_SUBSYSTEM,
 } Tpm2Support;
 
+typedef enum PcrIndex {
+/* The following names for PCRs 0…7 are based on the names in the "TCG PC Client Specific Platform Firmware Profile Specification" (https://trustedcomputinggroup.org/resource/pc-client-specific-platform-firmware-profile-specification/) */
+   PCR_PLATFORM_CODE       = 0,
+        PCR_PLATFORM_CONFIG     = 1,
+        PCR_EXTERNAL_CODE       = 2,
+        PCR_EXTERNAL_CONFIG     = 3,
+        PCR_BOOT_LOADER_CODE    = 4,
+        PCR_BOOT_LOADER_CONFIG  = 5,
+        PCR_SECURE_BOOT_POLICY  = 7,
+/* The following names for PCRs 9…15 are based on the "Linux TPM PCR Registry"
+(https://uapi-group.org/specifications/specs/linux_tpm_pcr_registry/) */
+        PCR_KERNEL_INITRD       = 9,
+        PCR_IMA                 = 10,
+        PCR_KERNEL_BOOT         = 11,
+        PCR_KERNEL_CONFIG       = 12,
+        PCR_SYSEXTS             = 13,
+        PCR_SHIM_POLICY         = 14,
+        PCR_SYSTEM_IDENTITY     = 15,
+/* As per "TCG PC Client Specific Platform Firmware Profile Specification" again, see above */
+        PCR_DEBUG               = 16,
+        PCR_APPLICATION_SUPPORT = 23,
+        _PCR_INDEX_MAX_DEFINED  = TPM2_PCRS_MAX,
+        _PCR_INDEX_INVALID      = -EINVAL,
+} PcrIndex;
+
 Tpm2Support tpm2_support(void);
 
 int tpm2_parse_pcr_argument(const char *arg, uint32_t *mask);
@@ -214,3 +239,5 @@ int tpm2_util_pbkdf2_hmac_sha256(const void *pass,
                     const void *salt,
                     size_t saltlen,
                     uint8_t res[static SHA256_DIGEST_SIZE]);
+
+int pcr_index_from_string(const char *s);