[tboot-devel] PATCH 3/5: grub2: Allow addition of policy data in grub.cfg

Wed, 24 Feb 2016 06:06:32 -0800 

Allow user to set GRUB_TBOOT_POLICY_DATA to a file name
in /etc/default/grub-tboot. If nonempty and found, the file
will be added to the tboot section in grub.cfg.

This is necessary to support list policy for tboot.


# HG changeset patch
# User Martin Wilck <martin.wi...@ts.fujitsu.com>
# Date 1456317879 -3600
#      Wed Feb 24 13:44:39 2016 +0100
# Branch mw-001
# Node ID dd6d0b5f2fc9e242701f2c9c4caf6066dfd32e80
# Parent  cfcea2044adf6bb226b23082a117687feb108f0c
grub2: Allow addition of policy data in grub.cfg

Allow user to set GRUB_TBOOT_POLICY_DATA to a file name
in /etc/default/grub-tboot. If nonempty and found, the file
will be added to the tboot section in grub.cfg.

This is necessary to support list policy for tboot.

diff -r cfcea2044adf -r dd6d0b5f2fc9 tboot/20_linux_tboot
--- a/tboot/20_linux_tboot	Wed Feb 24 12:41:47 2016 +0100
+++ b/tboot/20_linux_tboot	Wed Feb 24 13:44:39 2016 +0100
@@ -36,10 +36,13 @@
 # (empty values are treated as if the variables were unset).
 [ -z "${GRUB_CMDLINE_TBOOT}" ] && unset GRUB_CMDLINE_TBOOT
 [ -z "${GRUB_CMDLINE_LINUX_TBOOT}" ] && unset GRUB_CMDLINE_LINUX_TBOOT
+[ -z "${GRUB_TBOOT_POLICY_DATA}" ] && unset GRUB_TBOOT_POLICY_DATA
 # Command line for tboot itself
 : ${GRUB_CMDLINE_TBOOT='logging=serial,memory,vga'}
 # Linux kernel parameters to append for tboot
 : ${GRUB_CMDLINE_LINUX_TBOOT='intel_iommu=on'}
+# Base name of LCP policy data file for list policy
+: ${GRUB_TBOOT_POLICY_DATA=''}
 
 # VGA logging is not supported in UEFI environment
 if [ -d /sys/firmware/efi ]; then
@@ -148,6 +151,13 @@
 EOF
     done
   fi
+  if test -n "${poldata_file}" ; then
+    message="$(gettext_printf "Loading tboot policy data file ${poldata_file} ...")"
+    cat << EOF
+	echo	'$message'
+	${mb_mod_directive} ${rel_dirname}/${poldata_file}
+EOF
+  fi
   cat << EOF
 }
 EOF
@@ -165,6 +175,13 @@
         basename=$(basename $i)
         if grub_file_is_not_garbage "$i" ; then echo -n "$basename " ; fi
       done`
+if [ -n "${GRUB_TBOOT_POLICY_DATA}" ]; then
+  if grub_file_is_not_garbage "/boot/${GRUB_TBOOT_POLICY_DATA}"; then
+    poldata_file=${GRUB_TBOOT_POLICY_DATA}
+  else
+    echo "ERROR in $0: GRUB_TBOOT_POLICY_DATA=${GRUB_TBOOT_POLICY_DATA} not found in /boot, check ${sysconfdir}/default/grub-tboot" >&2
+  fi
+fi
 prepare_boot_cache=
 
 while [ "x${tboot_list}" != "x" ] && [ "x$linux_list" != "x" ] ; do
diff -r cfcea2044adf -r dd6d0b5f2fc9 tboot/20_linux_xen_tboot
--- a/tboot/20_linux_xen_tboot	Wed Feb 24 12:41:47 2016 +0100
+++ b/tboot/20_linux_xen_tboot	Wed Feb 24 13:44:39 2016 +0100
@@ -37,12 +37,15 @@
 [ -z "${GRUB_CMDLINE_TBOOT}" ] && unset GRUB_CMDLINE_TBOOT
 [ -z "${GRUB_CMDLINE_XEN_TBOOT}" ] && unset GRUB_CMDLINE_XEN_TBOOT
 [ -z "${GRUB_CMDLINE_LINUX_XEN_TBOOT}" ] && unset GRUB_CMDLINE_LINUX_XEN_TBOOT
+[ -z "${GRUB_TBOOT_POLICY_DATA}" ] && unset GRUB_TBOOT_POLICY_DATA
 # Command line for tboot itself
 : ${GRUB_CMDLINE_TBOOT='logging=serial,memory,vga'}
 # Xen parameters to append for tboot
 : ${GRUB_CMDLINE_XEN_TBOOT=''}
 # Linux kernel parameters to append for tboot + Xen
 : ${GRUB_CMDLINE_LINUX_XEN_TBOOT=''}
+# Base name of LCP policy data file for list policy
+: ${GRUB_TBOOT_POLICY_DATA=''}
 
 export TEXTDOMAIN=grub
 export TEXTDOMAINDIR=${prefix}/share/locale
@@ -141,6 +144,13 @@
 EOF
     done
   fi
+  if test -n "${poldata_file}" ; then
+    message="$(gettext_printf "Loading tboot policy data file ${poldata_file} ...")"
+    cat << EOF
+	echo	'$message'
+	module  ${rel_dirname}/${poldata_file}
+EOF
+  fi
   cat << EOF
 }
 EOF
@@ -174,6 +184,13 @@
         basename=$(basename $i)
         if grub_file_is_not_garbage "$i" ; then echo -n "$basename " ; fi
       done`
+if [ -n "${GRUB_TBOOT_POLICY_DATA}" ]; then
+  if grub_file_is_not_garbage "/boot/${GRUB_TBOOT_POLICY_DATA}"; then
+    poldata_file=${GRUB_TBOOT_POLICY_DATA}
+  else
+    echo "ERROR in $0: GRUB_TBOOT_POLICY_DATA=${GRUB_TBOOT_POLICY_DATA} not found in /boot, check ${sysconfdir}/default/grub-tboot" >&2
+  fi
+fi
 prepare_boot_cache=
 
 while [ "x${xen_list}" != "x" ] ; do

------------------------------------------------------------------------------
Site24x7 APM Insight: Get Deep Visibility into Application Performance
APM + Mobile APM + RUM: Monitor 3 App instances at just $35/Month
Monitor end-to-end web transactions and take corrective actions now
Troubleshoot faster and improve end-user experience. Signup Now!
http://pubads.g.doubleclick.net/gampad/clk?id=272487151&iu=/4140
_______________________________________________
tboot-devel mailing list
tboot-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/tboot-devel

Reply via email to