From a40d8506ac5bdbb9e3abaadf7768e9f98fcda99c Mon Sep 17 00:00:00 2001 From: Zhang Tianxing Date: Sat, 8 May 2021 10:09:35 +0800 Subject: [PATCH] fix duplicated kernel parameters In script setup_grub2, when set "measurement+appraisal", there are some duplicated common kernel parameters. This patch fixes the issue by using a common variable. Conflict:NA Reference: Signed-off-by: Zhang Tianxing --- scripts/setup_grub2 | 17 ++++++++--------- 1 file changed, 8 insertions(+), 9 deletions(-) diff --git a/scripts/setup_grub2 b/scripts/setup_grub2 index e785ef2..2ed628b 100755 --- a/scripts/setup_grub2 +++ b/scripts/setup_grub2 @@ -31,20 +31,19 @@ fi . /etc/os-release -opts_measurement='ima_template=ima-sig ima_policy=\\\"exec_tcb\\\" initramtmpfs - ima_hash=sha256 ima_digest_list_pcr=11' -opts_appraisal='ima_template=ima-sig - ima_policy=\\\"appraise_exec_tcb|appraise_exec_immutable\\\" initramtmpfs - ima_hash=sha256 ima_appraise=enforce-evm evm=x509 evm=complete - ima_appraise_digest_list=digest' +opts_common='ima_template=ima-sig initramtmpfs ima_hash=sha256 integrity=1' +opts_measurement='ima_policy=\\\"exec_tcb\\\" ima_digest_list_pcr=11' +opts_appraisal='ima_policy=\\\"appraise_exec_tcb|appraise_exec_immutable\\\" + ima_appraise=enforce-evm ima_appraise_digest_list=digest evm=x509 + evm=complete' opts="" if [ "$1" = "measurement" ]; then - opts="$opts_measurement" + opts="$opts_common $opts_measurement" elif [ "$1" = "appraisal" ]; then - opts="$opts_appraisal" + opts="$opts_common $opts_appraisal" elif [ "$1" = "measurement+appraisal" ]; then - opts="$opts_measurement $opts_appraisal" + opts="$opts_common $opts_measurement $opts_appraisal" else echo "Unknown feature $1" exit 1 -- 2.23.0