diff options
| -rw-r--r-- | man/systemd-pcrphase.service.xml | 4 | ||||
| -rw-r--r-- | src/shared/tpm2-util.c | 2 | ||||
| -rwxr-xr-x | test/units/testsuite-70.sh | 10 |
3 files changed, 8 insertions, 8 deletions
diff --git a/man/systemd-pcrphase.service.xml b/man/systemd-pcrphase.service.xml index fe7b58933b..ca037584cf 100644 --- a/man/systemd-pcrphase.service.xml +++ b/man/systemd-pcrphase.service.xml @@ -209,10 +209,10 @@ <variablelist> <varlistentry> - <term><filename>/var/log/systemd/tpm2-measure.log</filename></term> + <term><filename>/run/log/systemd/tpm2-measure.log</filename></term> <listitem><para>Measurements are logged into an event log file maintained in - <filename>/var/log/systemd/tpm2-measure.log</filename>, which contains a <ulink + <filename>/run/log/systemd/tpm2-measure.log</filename>, which contains a <ulink url="https://www.rfc-editor.org/rfc/rfc7464.html">JSON-SEQ</ulink> series of objects that follow the general structure of the <ulink url="https://trustedcomputinggroup.org/resource/canonical-event-log-format/">TCG Common Event Log diff --git a/src/shared/tpm2-util.c b/src/shared/tpm2-util.c index c78d6ae65a..9cab153e45 100644 --- a/src/shared/tpm2-util.c +++ b/src/shared/tpm2-util.c @@ -4305,7 +4305,7 @@ static const char* tpm2_userspace_event_type_table[_TPM2_USERSPACE_EVENT_TYPE_MA DEFINE_STRING_TABLE_LOOKUP(tpm2_userspace_event_type, Tpm2UserspaceEventType); const char *tpm2_userspace_log_path(void) { - return secure_getenv("SYSTEMD_MEASURE_LOG_USERSPACE") ?: "/var/log/systemd/tpm2-measure.log"; + return secure_getenv("SYSTEMD_MEASURE_LOG_USERSPACE") ?: "/run/log/systemd/tpm2-measure.log"; } static int tpm2_userspace_log_open(void) { diff --git a/test/units/testsuite-70.sh b/test/units/testsuite-70.sh index faa9db7cdd..7f7183da08 100755 --- a/test/units/testsuite-70.sh +++ b/test/units/testsuite-70.sh @@ -264,8 +264,8 @@ if [[ -x "$SD_PCREXTEND" ]] && tpm_has_pcr sha256 11 && tpm_has_pcr sha256 15; t rm -f /tmp/oldpcr15 /tmp/newpcr15 # Check that the event log record was properly written: - test "$(jq --seq --slurp '.[0].pcr' < /var/log/systemd/tpm2-measure.log)" == "$(printf '\x1e15')" - test "$(jq --seq --slurp --raw-output '.[0].digests[1].digest' < /var/log/systemd/tpm2-measure.log) *stdin" == "$(echo -n "machine-id:994013bf23864ee7992eab39a96dd3bb" | openssl dgst -hex -sha256 -r)" + test "$(jq --seq --slurp '.[0].pcr' < /run/log/systemd/tpm2-measure.log)" == "$(printf '\x1e15')" + test "$(jq --seq --slurp --raw-output '.[0].digests[1].digest' < /run/log/systemd/tpm2-measure.log) *stdin" == "$(echo -n "machine-id:994013bf23864ee7992eab39a96dd3bb" | openssl dgst -hex -sha256 -r)" # And similar for the boot phase measurement into PCR 11 tpm2_pcrread sha256:11 -Q -o /tmp/oldpcr11 @@ -276,10 +276,10 @@ if [[ -x "$SD_PCREXTEND" ]] && tpm_has_pcr sha256 11 && tpm_has_pcr sha256 15; t <(cat /tmp/oldpcr11 <(echo -n "foobar" | openssl dgst -binary -sha256) | openssl dgst -binary -sha256) # Check the event log for the 2nd record - jq --seq --slurp < /var/log/systemd/tpm2-measure.log + jq --seq --slurp < /run/log/systemd/tpm2-measure.log - test "$(jq --seq --slurp .[1].pcr < /var/log/systemd/tpm2-measure.log)" == "$(printf '\x1e11')" - test "$(jq --seq --slurp --raw-output .[1].digests[0].digest < /var/log/systemd/tpm2-measure.log) *stdin" == "$(echo -n "foobar" | openssl dgst -hex -sha256 -r)" + test "$(jq --seq --slurp .[1].pcr < /run/log/systemd/tpm2-measure.log)" == "$(printf '\x1e11')" + test "$(jq --seq --slurp --raw-output .[1].digests[0].digest < /run/log/systemd/tpm2-measure.log) *stdin" == "$(echo -n "foobar" | openssl dgst -hex -sha256 -r)" rm -f /tmp/oldpcr11 /tmp/newpcr11 else |