ukify: add --pcrsig and --join-pcrsig arguments to append offline signature

Add a build parameter to take an existing UKI and attach a .pcrsig section
to it. This allows one to create a UKI with a .pcrpkey section with
--policy-digest to get the json output from sd-measure, sign the digest
offline, and attach the .pcrsig section with the signature later.

Author: bluca

man/ukify.xml

@@ -269,6 +269,20 @@
           <xi:include href="version-info.xml" xpointer="v258"/></listitem>
         </varlistentry>
 
+        <varlistentry>
+          <term><option>--join-pcrsig=<replaceable>PATH</replaceable></option></term>
+          <term><option>--pcrsig=<replaceable>TEXT</replaceable>|<replaceable>@PATH</replaceable></option></term>
+
+          <listitem><para><option>--join-pcrsig=</option> takes a path to an existing PE file containing a
+          previously built UKI. <option>--pcrsig=</option> takes a path to an existing pcrsig JSON blob, or
+          a verbatim inline blob. They must be used together, and without specifying any other UKI section
+          parameters. <command>ukify</command> will attach the pcrsig JSON blob to the UKI. This is useful
+          in combination with <option>--policy-digest</option> to create a UKI and then sign the TPM2 policy
+          digests offline.</para>
+
+          <xi:include href="version-info.xml" xpointer="v258"/></listitem>
+        </varlistentry>
+
         <varlistentry>
           <term><option>--tools=<replaceable>DIRS</replaceable></option></term>
 
@@ -839,6 +853,56 @@ ID=factory-reset' \
       <para>The resulting UKI <filename>base-with-profile-0-1-2.efi</filename> will now contain three profiles.</para>
     </example>
 
+    <example>
+      <title>Offline signing of pcrsig section</title>
+
+      <para>First, create a UKI and save the PCR JSON blob:</para>
+
+      <programlisting>$ ukify build \
+      --linux=/lib/modules/6.0.9-300.fc37.x86_64/vmlinuz \
+      --initrd=/some/path/initramfs-6.0.9-300.fc37.x86_64.img \
+      --cmdline='quiet rw' \
+      --pcr-public-key=tpm2-pcr-public-key-initrd.pem \
+      --policy-digest \
+      --json=short \
+      --output=base.efi >base.pcrs
+</programlisting>
+
+      <para>Then, sign the PCR digests offline and insert them in the JSON blob:</para>
+
+      <programlisting>#!/usr/bin/python3
+import base64, json, subprocess
+
+priv_key = '/home/zbyszek/src/systemd/tpm2-pcr-private.pem'
+base_file = 'base.pcrs'
+
+base = json.load(open(base_file))
+
+for bank,policies in base.items():
+    for policy in policies:
+        pol = base64.b16decode(policy['pol'].upper())
+        call = subprocess.run(['openssl', 'dgst', f'-{bank}', '-sign', priv_key],
+                              input=pol,
+                              check=True,
+                              capture_output=True)
+        sig = base64.b64encode(call.stdout).decode()
+        policy['sig'] = sig
+
+print(json.dumps(base))
+</programlisting>
+
+      <para>Finally, attach the updated JSON blob to the UKI:</para>
+
+      <programlisting>$ ukify build \
+      --join-pcrsig=base.efi \
+      [email protected] \
+      --json=short \
+      --output=base-signed.efi
+</programlisting>
+
+      <para>The resulting UKI <filename>base-signed.efi</filename> will now contain the signed PCR digests.</para>
+    </example>
+
   </refsect1>
 
   <refsect1>

src/ukify/test/test_ukify.py

@@ -891,5 +891,70 @@ def test_key_cert_generation(tmp_path):
     assert 'Certificate' in out
     assert re.search(r'Issuer: CN\s?=\s?SecureBoot signing key on host', out)
 
+@pytest.mark.skipif(not slow_tests, reason='slow')
+def test_join_pcrsig(capsys, kernel_initrd, tmp_path):
+    if kernel_initrd is None:
+        pytest.skip('linux+initrd not found')
+    try:
+        systemd_measure()
+    except ValueError:
+        pytest.skip('systemd-measure not found')
+
+    ourdir = pathlib.Path(__file__).parent
+    pub = unbase64(ourdir / 'example.tpm2-pcr-public.pem.base64')
+
+    output = tmp_path / 'basic.efi'
+    args = [
+        'build',
+        *kernel_initrd,
+        f'--output={output}',
+        f'--pcr-public-key={pub.name}',
+        '--json=short',
+        '--policy-digest',
+    ] + arg_tools
+    opts = ukify.parse_args(args)
+    try:
+        ukify.check_inputs(opts)
+    except OSError as e:
+        pytest.skip(str(e))
+
+    ukify.make_uki(opts)
+    pcrs = json.loads(capsys.readouterr().out)
+    for bank, sigs in pcrs.items():
+        for sig in sigs:
+            sig['sig'] = 'a' * int(bank[3:])
+
+    opts = ukify.parse_args(['inspect', str(output)])
+    ukify.inspect_sections(opts)
+    text = capsys.readouterr().out
+    assert re.search(r'\.pcrpkey', text, re.MULTILINE)
+    assert re.search(r'\.pcrsig', text, re.MULTILINE)
+    assert not re.search(r'"sig":', text, re.MULTILINE)
+
+    output_sig = tmp_path / 'pcrsig.efi'
+    args = [
+        'build',
+        f'--output={output_sig}',
+        f'--join-pcrsig={output}',
+        f'--pcrsig={json.dumps(pcrs)}',
+        '--json=short',
+    ] + arg_tools
+    opts = ukify.parse_args(args)
+    try:
+        ukify.check_inputs(opts)
+    except OSError as e:
+        pytest.skip(str(e))
+
+    ukify.make_uki(opts)
+
+    opts = ukify.parse_args(['inspect', str(output_sig)])
+    ukify.inspect_sections(opts)
+    text = capsys.readouterr().out
+    assert re.search(r'\.pcrpkey', text, re.MULTILINE)
+    assert re.search(r'\.pcrsig', text, re.MULTILINE)
+    assert re.search(r'"sig":', text, re.MULTILINE)
+
+    shutil.rmtree(tmp_path)
+
 if __name__ == '__main__':
     sys.exit(pytest.main(sys.argv))