image: measure uki sections uname and sbat for systemd >= 254

2025-04-20 23:36:29 -04:00 · 2024-05-13 11:47:57 +02:00 · 2024-05-13 11:47:57 +02:00 · 3a32776419
commit 3a32776419
parent 58d3430f74
2 changed files with 24 additions and 25 deletions
--- a/image/measured-boot/extract/extract.go
+++ b/image/measured-boot/extract/extract.go
@ -90,9 +90,8 @@ var ukiSections = []string{
 	".initrd",
 	".splash",
 	".dtb",
-	// uanme and sbat will be added in systemd-stub >= 254
-	// ".uname",
-	// ".sbat",
+	".uname",
+	".sbat",
 	".pcrsig",
 	".pcrkey",
 }
--- a/image/measured-boot/extract/extract_test.go
+++ b/image/measured-boot/extract/extract_test.go
@ -114,6 +114,26 @@ func TestPeFileSectionDigests(t *testing.T) {
 			},
 			Measure: true, MeasureOrder: 5,
 		},
+		{
+			Name: ".uname", Size: 0x22,
+			Digest: [32]uint8{
+				0x32, 0xd5, 0x9d, 0x99, 0x0e, 0x9c, 0x1f, 0x7d,
+				0xa5, 0x54, 0xcb, 0x88, 0x8e, 0x32, 0x38, 0xac,
+				0x61, 0x93, 0xe5, 0xe7, 0x23, 0x0f, 0x99, 0xb1,
+				0x97, 0x13, 0x8d, 0xd7, 0x23, 0xc0, 0xeb, 0xb6,
+			},
+			Measure: true, MeasureOrder: 6,
+		},
+		{
+			Name: ".sbat", Size: 0x10,
+			Digest: [32]uint8{
+				0x66, 0x30, 0xfb, 0x7d, 0x5b, 0xaf, 0x9d, 0x6c,
+				0xd5, 0x1c, 0x9a, 0xc9, 0x54, 0x10, 0xe6, 0x8a,
+				0xa3, 0xfe, 0xdb, 0x4a, 0xdd, 0xd4, 0x2b, 0x34,
+				0x0e, 0x47, 0x11, 0xe2, 0x3c, 0xcc, 0xd4, 0xb2,
+			},
+			Measure: true, MeasureOrder: 7,
+		},
 		{
 			Name: ".pcrkey",
 			Size: 0x12,
@ -123,7 +143,7 @@ func TestPeFileSectionDigests(t *testing.T) {
 				0x69, 0xd0, 0x86, 0xa6, 0xd6, 0x7d, 0x5f, 0xee,
 				0x88, 0xdb, 0x21, 0x90, 0xc4, 0xa7, 0x07, 0x26,
 			},
-			Measure: true, MeasureOrder: 7,
+			Measure: true, MeasureOrder: 9,
 		},
 		{
 			Name: ".data",
@ -181,16 +201,6 @@ func TestPeFileSectionDigests(t *testing.T) {
 			},
 			Measure: false, MeasureOrder: -1,
 		},
-		{
-			Name: ".sbat", Size: 0x10,
-			Digest: [32]uint8{
-				0x66, 0x30, 0xfb, 0x7d, 0x5b, 0xaf, 0x9d, 0x6c,
-				0xd5, 0x1c, 0x9a, 0xc9, 0x54, 0x10, 0xe6, 0x8a,
-				0xa3, 0xfe, 0xdb, 0x4a, 0xdd, 0xd4, 0x2b, 0x34,
-				0x0e, 0x47, 0x11, 0xe2, 0x3c, 0xcc, 0xd4, 0xb2,
-			},
-			Measure: false, MeasureOrder: -1,
-		},
 		{
 			Name: ".sdmagic", Size: 0x2d,
 			Digest: [32]uint8{
@ -211,16 +221,6 @@ func TestPeFileSectionDigests(t *testing.T) {
 			},
 			Measure: false, MeasureOrder: -1,
 		},
-		{
-			Name: ".uname", Size: 0x22,
-			Digest: [32]uint8{
-				0x32, 0xd5, 0x9d, 0x99, 0x0e, 0x9c, 0x1f, 0x7d,
-				0xa5, 0x54, 0xcb, 0x88, 0x8e, 0x32, 0x38, 0xac,
-				0x61, 0x93, 0xe5, 0xe7, 0x23, 0x0f, 0x99, 0xb1,
-				0x97, 0x13, 0x8d, 0xd7, 0x23, 0xc0, 0xeb, 0xb6,
-			},
-			Measure: false, MeasureOrder: -1,
-		},
 		{
 			Name: ".pcrsig", Size: 0x216,
 			Digest: [32]uint8{
@ -229,7 +229,7 @@ func TestPeFileSectionDigests(t *testing.T) {
 				0xb8, 0x13, 0xb5, 0x31, 0xb0, 0x56, 0x3e, 0x91,
 				0x20, 0x55, 0x6c, 0xf7, 0x25, 0x01, 0xa3, 0x26,
 			},
-			Measure: false, MeasureOrder: 6,
+			Measure: false, MeasureOrder: 8,
 		},
 	}, sectionDigests)