53 lines
1.8 KiB
Diff
53 lines
1.8 KiB
Diff
From a40d8506ac5bdbb9e3abaadf7768e9f98fcda99c Mon Sep 17 00:00:00 2001
|
|
From: Zhang Tianxing <zhangtianxing3@huawei.com>
|
|
Date: Sat, 8 May 2021 10:09:35 +0800
|
|
Subject: [PATCH] fix duplicated kernel parameters
|
|
|
|
In script setup_grub2, when set "measurement+appraisal", there are some
|
|
duplicated common kernel parameters. This patch fixes the issue by using
|
|
a common variable.
|
|
|
|
Conflict:NA
|
|
Reference:
|
|
|
|
Signed-off-by: Zhang Tianxing <zhangtianxing3@huawei.com>
|
|
---
|
|
scripts/setup_grub2 | 17 ++++++++---------
|
|
1 file changed, 8 insertions(+), 9 deletions(-)
|
|
|
|
diff --git a/scripts/setup_grub2 b/scripts/setup_grub2
|
|
index e785ef2..2ed628b 100755
|
|
--- a/scripts/setup_grub2
|
|
+++ b/scripts/setup_grub2
|
|
@@ -31,20 +31,19 @@ fi
|
|
|
|
. /etc/os-release
|
|
|
|
-opts_measurement='ima_template=ima-sig ima_policy=\\\"exec_tcb\\\" initramtmpfs
|
|
- ima_hash=sha256 ima_digest_list_pcr=11'
|
|
-opts_appraisal='ima_template=ima-sig
|
|
- ima_policy=\\\"appraise_exec_tcb|appraise_exec_immutable\\\" initramtmpfs
|
|
- ima_hash=sha256 ima_appraise=enforce-evm evm=x509 evm=complete
|
|
- ima_appraise_digest_list=digest'
|
|
+opts_common='ima_template=ima-sig initramtmpfs ima_hash=sha256 integrity=1'
|
|
+opts_measurement='ima_policy=\\\"exec_tcb\\\" ima_digest_list_pcr=11'
|
|
+opts_appraisal='ima_policy=\\\"appraise_exec_tcb|appraise_exec_immutable\\\"
|
|
+ ima_appraise=enforce-evm ima_appraise_digest_list=digest evm=x509
|
|
+ evm=complete'
|
|
opts=""
|
|
|
|
if [ "$1" = "measurement" ]; then
|
|
- opts="$opts_measurement"
|
|
+ opts="$opts_common $opts_measurement"
|
|
elif [ "$1" = "appraisal" ]; then
|
|
- opts="$opts_appraisal"
|
|
+ opts="$opts_common $opts_appraisal"
|
|
elif [ "$1" = "measurement+appraisal" ]; then
|
|
- opts="$opts_measurement $opts_appraisal"
|
|
+ opts="$opts_common $opts_measurement $opts_appraisal"
|
|
else
|
|
echo "Unknown feature $1"
|
|
exit 1
|
|
--
|
|
2.23.0
|