Allow user to set GRUB_TBOOT_POLICY_DATA to a file name
in /etc/default/grub-tboot. If nonempty and found, the file
will be added to the tboot section in grub.cfg.
This is necessary to support list policy for tboot.
# HG changeset patch
# User Martin Wilck <martin.wi...@ts.fujitsu.com>
# Date 1456317879 -3600
# Wed Feb 24 13:44:39 2016 +0100
# Branch mw-001
# Node ID dd6d0b5f2fc9e242701f2c9c4caf6066dfd32e80
# Parent cfcea2044adf6bb226b23082a117687feb108f0c
grub2: Allow addition of policy data in grub.cfg
Allow user to set GRUB_TBOOT_POLICY_DATA to a file name
in /etc/default/grub-tboot. If nonempty and found, the file
will be added to the tboot section in grub.cfg.
This is necessary to support list policy for tboot.
diff -r cfcea2044adf -r dd6d0b5f2fc9 tboot/20_linux_tboot
--- a/tboot/20_linux_tboot Wed Feb 24 12:41:47 2016 +0100
+++ b/tboot/20_linux_tboot Wed Feb 24 13:44:39 2016 +0100
@@ -36,10 +36,13 @@
# (empty values are treated as if the variables were unset).
[ -z "${GRUB_CMDLINE_TBOOT}" ] && unset GRUB_CMDLINE_TBOOT
[ -z "${GRUB_CMDLINE_LINUX_TBOOT}" ] && unset GRUB_CMDLINE_LINUX_TBOOT
+[ -z "${GRUB_TBOOT_POLICY_DATA}" ] && unset GRUB_TBOOT_POLICY_DATA
# Command line for tboot itself
: ${GRUB_CMDLINE_TBOOT='logging=serial,memory,vga'}
# Linux kernel parameters to append for tboot
: ${GRUB_CMDLINE_LINUX_TBOOT='intel_iommu=on'}
+# Base name of LCP policy data file for list policy
+: ${GRUB_TBOOT_POLICY_DATA=''}
# VGA logging is not supported in UEFI environment
if [ -d /sys/firmware/efi ]; then
@@ -148,6 +151,13 @@
EOF
done
fi
+ if test -n "${poldata_file}" ; then
+ message="$(gettext_printf "Loading tboot policy data file ${poldata_file} ...")"
+ cat << EOF
+ echo '$message'
+ ${mb_mod_directive} ${rel_dirname}/${poldata_file}
+EOF
+ fi
cat << EOF
}
EOF
@@ -165,6 +175,13 @@
basename=$(basename $i)
if grub_file_is_not_garbage "$i" ; then echo -n "$basename " ; fi
done`
+if [ -n "${GRUB_TBOOT_POLICY_DATA}" ]; then
+ if grub_file_is_not_garbage "/boot/${GRUB_TBOOT_POLICY_DATA}"; then
+ poldata_file=${GRUB_TBOOT_POLICY_DATA}
+ else
+ echo "ERROR in $0: GRUB_TBOOT_POLICY_DATA=${GRUB_TBOOT_POLICY_DATA} not found in /boot, check ${sysconfdir}/default/grub-tboot" >&2
+ fi
+fi
prepare_boot_cache=
while [ "x${tboot_list}" != "x" ] && [ "x$linux_list" != "x" ] ; do
diff -r cfcea2044adf -r dd6d0b5f2fc9 tboot/20_linux_xen_tboot
--- a/tboot/20_linux_xen_tboot Wed Feb 24 12:41:47 2016 +0100
+++ b/tboot/20_linux_xen_tboot Wed Feb 24 13:44:39 2016 +0100
@@ -37,12 +37,15 @@
[ -z "${GRUB_CMDLINE_TBOOT}" ] && unset GRUB_CMDLINE_TBOOT
[ -z "${GRUB_CMDLINE_XEN_TBOOT}" ] && unset GRUB_CMDLINE_XEN_TBOOT
[ -z "${GRUB_CMDLINE_LINUX_XEN_TBOOT}" ] && unset GRUB_CMDLINE_LINUX_XEN_TBOOT
+[ -z "${GRUB_TBOOT_POLICY_DATA}" ] && unset GRUB_TBOOT_POLICY_DATA
# Command line for tboot itself
: ${GRUB_CMDLINE_TBOOT='logging=serial,memory,vga'}
# Xen parameters to append for tboot
: ${GRUB_CMDLINE_XEN_TBOOT=''}
# Linux kernel parameters to append for tboot + Xen
: ${GRUB_CMDLINE_LINUX_XEN_TBOOT=''}
+# Base name of LCP policy data file for list policy
+: ${GRUB_TBOOT_POLICY_DATA=''}
export TEXTDOMAIN=grub
export TEXTDOMAINDIR=${prefix}/share/locale
@@ -141,6 +144,13 @@
EOF
done
fi
+ if test -n "${poldata_file}" ; then
+ message="$(gettext_printf "Loading tboot policy data file ${poldata_file} ...")"
+ cat << EOF
+ echo '$message'
+ module ${rel_dirname}/${poldata_file}
+EOF
+ fi
cat << EOF
}
EOF
@@ -174,6 +184,13 @@
basename=$(basename $i)
if grub_file_is_not_garbage "$i" ; then echo -n "$basename " ; fi
done`
+if [ -n "${GRUB_TBOOT_POLICY_DATA}" ]; then
+ if grub_file_is_not_garbage "/boot/${GRUB_TBOOT_POLICY_DATA}"; then
+ poldata_file=${GRUB_TBOOT_POLICY_DATA}
+ else
+ echo "ERROR in $0: GRUB_TBOOT_POLICY_DATA=${GRUB_TBOOT_POLICY_DATA} not found in /boot, check ${sysconfdir}/default/grub-tboot" >&2
+ fi
+fi
prepare_boot_cache=
while [ "x${xen_list}" != "x" ] ; do
------------------------------------------------------------------------------
Site24x7 APM Insight: Get Deep Visibility into Application Performance
APM + Mobile APM + RUM: Monitor 3 App instances at just $35/Month
Monitor end-to-end web transactions and take corrective actions now
Troubleshoot faster and improve end-user experience. Signup Now!
http://pubads.g.doubleclick.net/gampad/clk?id=272487151&iu=/4140
_______________________________________________
tboot-devel mailing list
tboot-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/tboot-devel