Merge pull request #295 from chrisccoulson/efi-add-kernel-config-profile

efi: add WithKernelConfigProfile option to AddPCRProfile. This replaces the separate calls to AddSystemdStubProfile and tpm2.AddSnapModelProfile, which are now deprecated and will be removed in a follow-up PR.
canonical · Apr 15, 2024 · 21595ba · 21595ba
2 parents fbea4da + 427c0f7
commit 21595ba
Show file tree

Hide file tree

Showing 15 changed files with 469 additions and 109 deletions.
diff --git a/efi/efi.go b/efi/efi.go
@@ -22,4 +22,5 @@ package efi
 const (
 	bootManagerCodePCR = 4 // Boot Manager Code and Boot Attempts PCR
 	secureBootPCR      = 7 // Secure Boot Policy Measurements PCR
+	kernelConfigPCR    = 12
 )
diff --git a/efi/efi_test.go b/efi/efi_test.go
@@ -77,22 +77,29 @@ type mockPcrBranchEvent struct {
 
 type mockPcrBranchContext struct {
 	PcrProfileContext
+	params LoadParams
 	vars   VarReadWriter
 	fc     *FwContext
 	sc     *ShimContext
 	events []*mockPcrBranchEvent
 }
 
-func newMockPcrBranchContext(pc PcrProfileContext, vars VarReadWriter) *mockPcrBranchContext {
+func newMockPcrBranchContext(pc PcrProfileContext, params *LoadParams, vars VarReadWriter) *mockPcrBranchContext {
+	if params == nil {
+		params = new(LoadParams)
+	}
 	return &mockPcrBranchContext{
 		PcrProfileContext: pc,
+		params:            *params,
 		vars:              vars,
 		fc:                new(FwContext),
 		sc:                new(ShimContext),
 	}
 }
 
-func (*mockPcrBranchContext) Params() *LoadParams { return nil }
+func (c *mockPcrBranchContext) Params() *LoadParams {
+	return &c.params
+}
 
 func (c *mockPcrBranchContext) Vars() VarReadWriter {
 	return c.vars

diff --git a/efi/export_test.go b/efi/export_test.go
@@ -28,6 +28,7 @@ import (
 const (
 	BootManagerCodeProfile                     = bootManagerCodeProfile
 	GrubChainloaderUsesShimProtocol            = grubChainloaderUsesShimProtocol
+	KernelConfigProfile                        = kernelConfigProfile
 	SecureBootPolicyProfile                    = secureBootPolicyProfile
 	ShimFixVariableAuthorityEventsMatchSpec    = shimFixVariableAuthorityEventsMatchSpec
 	ShimHasSbatRevocationManagement            = shimHasSbatRevocationManagement

diff --git a/efi/fw_load_handler.go b/efi/fw_load_handler.go
@@ -197,6 +197,9 @@ func (h *fwLoadHandler) MeasureImageStart(ctx pcrBranchContext) error {
 	if ctx.Flags()&bootManagerCodeProfile > 0 {
 		h.measureBootManagerCodePreOS(ctx)
 	}
+	if ctx.Flags()&kernelConfigProfile > 0 {
+		ctx.ResetPCR(kernelConfigPCR)
+	}
 
 	return nil
 }

diff --git a/efi/fw_load_handler_test.go b/efi/fw_load_handler_test.go
@@ -53,7 +53,7 @@ func (s *fwLoadHandlerSuite) testMeasureImageStart(c *C, data *testFwMeasureImag
 	collector := NewRootVarsCollector(efitest.NewMockHostEnvironment(data.vars, nil))
 	ctx := newMockPcrBranchContext(&mockPcrProfileContext{
 		alg:   data.alg,
-		flags: data.flags}, collector.Next())
+		flags: data.flags}, nil, collector.Next())
 
 	handler := NewFwLoadHandler(efitest.NewLog(c, data.logOptions))
 	c.Check(handler.MeasureImageStart(ctx), IsNil)
@@ -211,7 +211,7 @@ func (s *fwLoadHandlerSuite) TestMeasureImageStartErrBadLog1(c *C) {
 	collector := NewRootVarsCollector(efitest.NewMockHostEnvironment(makeMockVars(c, withMsSecureBootConfig()), nil))
 	ctx := newMockPcrBranchContext(&mockPcrProfileContext{
 		alg:   tpm2.HashAlgorithmSHA256,
-		flags: SecureBootPolicyProfile}, collector.Next())
+		flags: SecureBootPolicyProfile}, nil, collector.Next())
 
 	log := efitest.NewLog(c, &efitest.LogOptions{Algorithms: []tpm2.HashAlgorithmId{tpm2.HashAlgorithmSHA256, tpm2.HashAlgorithmSHA1}})
 	for i, event := range log.Events {
@@ -234,7 +234,7 @@ func (s *fwLoadHandlerSuite) TestMeasureImageStartErrBadLog2(c *C) {
 	collector := NewRootVarsCollector(efitest.NewMockHostEnvironment(makeMockVars(c, withMsSecureBootConfig()), nil))
 	ctx := newMockPcrBranchContext(&mockPcrProfileContext{
 		alg:   tpm2.HashAlgorithmSHA256,
-		flags: SecureBootPolicyProfile}, collector.Next())
+		flags: SecureBootPolicyProfile}, nil, collector.Next())
 
 	log := efitest.NewLog(c, &efitest.LogOptions{Algorithms: []tpm2.HashAlgorithmId{tpm2.HashAlgorithmSHA256, tpm2.HashAlgorithmSHA1}})
 	for i, event := range log.Events {
@@ -260,7 +260,7 @@ func (s *fwLoadHandlerSuite) TestMeasureImageStartErrBadLog3(c *C) {
 	collector := NewRootVarsCollector(efitest.NewMockHostEnvironment(makeMockVars(c, withMsSecureBootConfig()), nil))
 	ctx := newMockPcrBranchContext(&mockPcrProfileContext{
 		alg:   tpm2.HashAlgorithmSHA256,
-		flags: SecureBootPolicyProfile}, collector.Next())
+		flags: SecureBootPolicyProfile}, nil, collector.Next())
 
 	log := efitest.NewLog(c, &efitest.LogOptions{Algorithms: []tpm2.HashAlgorithmId{tpm2.HashAlgorithmSHA256, tpm2.HashAlgorithmSHA1}})
 	for i, event := range log.Events {
@@ -286,7 +286,7 @@ func (s *fwLoadHandlerSuite) TestMeasureImageStartErrBadLog4(c *C) {
 	collector := NewRootVarsCollector(efitest.NewMockHostEnvironment(makeMockVars(c, withMsSecureBootConfig()), nil))
 	ctx := newMockPcrBranchContext(&mockPcrProfileContext{
 		alg:   tpm2.HashAlgorithmSHA256,
-		flags: SecureBootPolicyProfile}, collector.Next())
+		flags: SecureBootPolicyProfile}, nil, collector.Next())
 
 	log := efitest.NewLog(c, &efitest.LogOptions{Algorithms: []tpm2.HashAlgorithmId{tpm2.HashAlgorithmSHA256, tpm2.HashAlgorithmSHA1}})
 	for i, event := range log.Events {
@@ -323,7 +323,7 @@ func (s *fwLoadHandlerSuite) testMeasureImageLoad(c *C, data *testFwMeasureImage
 		alg:      data.alg,
 		flags:    data.flags,
 		handlers: s,
-	}, nil)
+	}, nil, nil)
 	if data.fc != nil {
 		ctx.fc = data.fc
 	}

diff --git a/efi/grub_load_handler_test.go b/efi/grub_load_handler_test.go
@@ -44,7 +44,7 @@ func (s *grubLoadHandlerSuite) TestMeasureImageLoadUbuntuUsesShim15_7(c *C) {
 		alg:      tpm2.HashAlgorithmSHA256,
 		flags:    SecureBootPolicyProfile,
 		handlers: s,
-	}, nil)
+	}, nil, nil)
 	ctx.FwContext().Db = &SecureBootDB{
 		Name:     Db,
 		Contents: msDb(c),
@@ -73,7 +73,7 @@ func (s *grubLoadHandlerSuite) TestMeasureImageLoadUbuntuUsesShim15_6(c *C) {
 		alg:      tpm2.HashAlgorithmSHA256,
 		flags:    SecureBootPolicyProfile,
 		handlers: s,
-	}, nil)
+	}, nil, nil)
 	ctx.FwContext().Db = &SecureBootDB{
 		Name:     Db,
 		Contents: msDb(c),
@@ -102,7 +102,7 @@ func (s *grubLoadHandlerSuite) TestMeasureImageLoadNoShim(c *C) {
 		alg:      tpm2.HashAlgorithmSHA256,
 		flags:    SecureBootPolicyProfile,
 		handlers: s,
-	}, nil)
+	}, nil, nil)
 	ctx.FwContext().Db = &SecureBootDB{
 		Name:     Db,
 		Contents: append(msDb(c), efitest.NewSignatureListX509(c, canonicalCACert, testOwnerGuid)),
@@ -131,7 +131,7 @@ func (s *grubLoadHandlerSuite) TestMeasureImageLoadNoShimError(c *C) {
 		alg:      tpm2.HashAlgorithmSHA256,
 		flags:    SecureBootPolicyProfile,
 		handlers: s,
-	}, nil)
+	}, nil, nil)
 	ctx.FwContext().Db = &SecureBootDB{
 		Name:     Db,
 		Contents: msDb(c),

diff --git a/efi/pcr_profile.go b/efi/pcr_profile.go
@@ -135,6 +135,17 @@ func WithBootManagerCodeProfile() PCRProfileOption {
 	return pcrProfileSetFlagsOption(bootManagerCodeProfile)
 }
 
+// WithKernelConfigProfile adds the kernel config profile. This binds a policy to a
+// set of externally supplied commandlines. On Ubuntu Core, this also binds a policy
+// to a set of model assertions and the initrd phase of the boot.
+//
+// Kernel commandlines can be injected into the profile with [KernelCommandlineParams].
+// Snap models can be injected into the profile with [SnapModelParams]. Note that a model
+// assertion is mandatory for profiles that include a UKI for Ubuntu Core.
+func WithKernelConfigProfile() PCRProfileOption {
+	return pcrProfileSetFlagsOption(kernelConfigProfile)
+}
+
 // AddPCRProfile adds a profile defined by the supplied options to the supplied
 // secboot_tpm2.PCRProtectionProfileBranch, using the specified digest algorithm
 // for the PCR digest. The generated profile is defined by the supplied load
@@ -154,6 +165,7 @@ type pcrProfileFlags int
 const (
 	secureBootPolicyProfile pcrProfileFlags = 1 << iota
 	bootManagerCodeProfile
+	kernelConfigProfile
 )
 
 type pcrProfileGenerator struct {