rancher/immucore
1
0
Fork 0
mirror of https://github.com/kairos-io/immucore.git synced 2025-05-12 10:10:01 +00:00
Code Issues Packages Projects Releases Wiki Activity

Check both pcrphase and pcrextend ()

Browse Source 
Signed-off-by: Mauro Morales <mauro.morales@spectrocloud.com>
This commit is contained in:
Mauro Morales 2024-04-10 16:39:44 +02:00 committed by GitHub
parent c97a3ae559
commit d8671d1152
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
1 changed files with 21 additions and 6 deletions

27
pkg/state/steps_uki.go
View File

@ -22,6 +22,19 @@ import (
"github.com/spectrocloud-labs/herd"
)
// UKIExtendPCR extends the PCR with the given extension in a graceful way.
func UKIExtendPCR(extension string) (string, error) {
if _, err := os.Stat("/usr/lib/systemd/systemd-pcrphase"); err == nil {
return internalUtils.CommandWithPath(fmt.Sprintf("/usr/lib/systemd/systemd-pcrphase --graceful %s", extension))
}
if _, err := os.Stat("/usr/lib/systemd/systemd-pcrextend"); err == nil {
return internalUtils.CommandWithPath(fmt.Sprintf("/usr/lib/systemd/systemd-pcrextend --graceful %s", extension))
}
return "", fmt.Errorf("no systemd-pcrphase or systemd-pcrextend found")
}
// UKIMountBaseSystem mounts the base system for the UKI boot system
// as when booting in UKI mode we have a blank slate and we need to mount everything
// Make sure we set the directories as MS_SHARED
@ -290,10 +303,11 @@ func (s *State) UkiPivotToSysroot(g *herd.Graph) error {
internalUtils.DropToEmergencyShell()
}
output, pcrErr := internalUtils.CommandWithPath("/usr/lib/systemd/systemd-pcrphase --graceful enter-initrd")
ext := "enter-initrd"
output, pcrErr := UKIExtendPCR(ext)
if pcrErr != nil {
internalUtils.Log.Err(pcrErr).Msg("running systemd-pcrphase")
internalUtils.Log.Debug().Str("out", output).Msg("systemd-pcrphase enter-initrd")
internalUtils.Log.Err(pcrErr).Msg("running systemd-pcrextends")
internalUtils.Log.Debug().Str("ext", ext).Str("out", output).Msg("systemd-pcrextends")
}
pcrErr = os.MkdirAll("/run/systemd", 0755) // #nosec G301 -- Original dir has this permissions
@ -479,10 +493,11 @@ func (s *State) UKIBootInitDagStep(g *herd.Graph) error {
herd.WithCallback(func(_ context.Context) error {
var err error
output, err := internalUtils.CommandWithPath("/usr/lib/systemd/systemd-pcrphase --graceful leave-initrd")
ext := "leave-initrd"
output, err := UKIExtendPCR(ext)
if err != nil {
internalUtils.Log.Err(err).Msg("running systemd-pcrphase")
internalUtils.Log.Debug().Str("out", output).Msg("systemd-pcrphase leave-initrd")
internalUtils.Log.Err(err).Msg("running systemd-pcrextends")
internalUtils.Log.Debug().Str("ext", ext).Str("out", output).Msg("systemd-pcrextends")
internalUtils.DropToEmergencyShell()
}