efi-loader: rename efi_stub_measured() → efi_measured_uki()

Let's say "uki" rather than "stub", since that is just too generic, and we shouldn't limit us to our own stub anyway, but generally define a concept of a "measured UKI", which is a UKI that measures its part to PCR 11. This is mostly preparation for exposing this check to the user via ConditionSecurity=.
2026-03-06 15:02:31 -08:00 · 2023-09-27 11:50:14 +02:00
parent 0ba8374bb8
commit be8f478c0f
6 changed files with 7 additions and 7 deletions
--- a/src/cryptsetup/cryptsetup.c
+++ b/src/cryptsetup/cryptsetup.c
@@ -823,7 +823,7 @@ static int measure_volume_key(
                return 0;
        }

-        r = efi_stub_measured(LOG_WARNING);
+        r = efi_measured_uki(LOG_WARNING);
        if (r < 0)
                return r;
        if (r == 0) {
--- a/src/fstab-generator/fstab-generator.c
+++ b/src/fstab-generator/fstab-generator.c
@@ -650,7 +650,7 @@ static int add_mount(
        }

        if (flags & MOUNT_PCRFS) {
-                r = efi_stub_measured(LOG_WARNING);
+                r = efi_measured_uki(LOG_WARNING);
                if (r == 0)
                        log_debug("Kernel stub did not measure kernel image into PCR, skipping userspace measurement, too.");
                else if (r > 0) {
--- a/src/gpt-auto-generator/gpt-auto-generator.c
+++ b/src/gpt-auto-generator/gpt-auto-generator.c
@@ -106,7 +106,7 @@ static int add_cryptsetup(
                 * assignment, under the assumption that people who are fine to use sd-stub with its PCR
                 * assignments are also OK with our PCR 15 use here. */

-                r = efi_stub_measured(LOG_WARNING);
+                r = efi_measured_uki(LOG_WARNING);
                if (r == 0)
                        log_debug("Will not measure volume key of volume '%s', not booted via systemd-stub with measurements enabled.", id);
                else if (r > 0) {
--- a/src/pcrextend/pcrextend.c
+++ b/src/pcrextend/pcrextend.c
@@ -351,7 +351,7 @@ static int run(int argc, char *argv[]) {
        length = strlen(word);

        /* Skip logic if sd-stub is not used, after all PCR 11 might have a very different purpose then. */
-        r = efi_stub_measured(LOG_ERR);
+        r = efi_measured_uki(LOG_ERR);
        if (r < 0)
                return r;
        if (r == 0) {
--- a/src/shared/efi-loader.c
+++ b/src/shared/efi-loader.c
@@ -238,7 +238,7 @@ int efi_stub_get_features(uint64_t *ret) {
        return 0;
 }

-int efi_stub_measured(int log_level) {
+int efi_measured_uki(int log_level) {
        _cleanup_free_ char *pcr_string = NULL;
        unsigned pcr_nr;
        int r;
--- a/src/shared/efi-loader.h
+++ b/src/shared/efi-loader.h
@@ -18,7 +18,7 @@ int efi_loader_get_entries(char ***ret);
 int efi_loader_get_features(uint64_t *ret);
 int efi_stub_get_features(uint64_t *ret);

-int efi_stub_measured(int log_level);
+int efi_measured_uki(int log_level);

 int efi_loader_get_config_timeout_one_shot(usec_t *ret);
 int efi_loader_update_entry_one_shot_cache(char **cache, struct stat *cache_stat);
@@ -45,7 +45,7 @@ static inline int efi_stub_get_features(uint64_t *ret) {
        return -EOPNOTSUPP;
 }

-static inline int efi_stub_measured(int log_level) {
+static inline int efi_measured_uki(int log_level) {
        return log_full_errno(log_level, SYNTHETIC_ERRNO(EOPNOTSUPP),
                              "Compiled without support for EFI");
 }