diff options
| author |   Lennart Poettering <lennart@poettering.net> | 2023-11-15 12:11:08 +0100 |
|---|---|---|
| committer | Lennart Poettering <lennart@poettering.net> | 2023-11-15 13:36:46 +0100 |
| commit | 4bec24075184c9dad68ffcc7c99e8487e09e978a (patch) | |
| tree | d3f75de02aecd0479bf72cac7c11443c8ffb1e67 | |
| parent | fuzz: don't panic without a C++ compiler (diff) | |
| download | systemd-4bec24075184c9dad68ffcc7c99e8487e09e978a.tar.xz systemd-4bec24075184c9dad68ffcc7c99e8487e09e978a.zip | |
boot: measure config first, only then parse
Fixes: #30026
| -rw-r--r-- | src/boot/efi/boot.c | 5 |
1 files changed, 4 insertions, 1 deletions
diff --git a/src/boot/efi/boot.c b/src/boot/efi/boot.c index 7b17088b085..5c0f0ab10a7 100644 --- a/src/boot/efi/boot.c +++ b/src/boot/efi/boot.c @@ -1566,7 +1566,7 @@ static void config_load_defaults(Config *config, EFI_FILE *root_dir) { err = file_read(root_dir, u"\\loader\\loader.conf", 0, 0, &content, &content_size); if (err == EFI_SUCCESS) { - config_defaults_load_from_file(config, content); + /* First, measure. */ err = tpm_log_tagged_event( TPM2_PCR_BOOT_LOADER_CONFIG, POINTER_TO_PHYSICAL_ADDRESS(content), @@ -1576,6 +1576,9 @@ static void config_load_defaults(Config *config, EFI_FILE *root_dir) { /* ret_measured= */ NULL); if (err != EFI_SUCCESS) log_error_status(err, "Error measuring loader.conf into TPM: %m"); + + /* Then: parse */ + config_defaults_load_from_file(config, content); } err = efivar_get_timeout(u"LoaderConfigTimeout", &config->timeout_sec_efivar); |