agent: add UUID option environment

When agent_uuid in keylime.conf is set to 'environment' the agent tries to use the value of the environment variable 'KEYLIME_AGENT_UUID' as the UUID. Signed-off-by: Thore Sommer <mail@thson.de>
keylime · Dec 13, 2021 · 2bd4428 · 2bd4428
1 parent d92a228
commit 2bd4428
Show file tree

Hide file tree

Showing 2 changed files with 12 additions and 0 deletions.
diff --git a/keylime.conf b/keylime.conf
@@ -68,6 +68,8 @@ extract_payload_zip = True
 # If you set this to "generate", Keylime will create a random UUID.
 # If you set this to "hash_ek", Keylime will set the UUID to the result
 # of 'SHA256(public EK in PEM format)'.
+# If you set this to "environment", Keylime will use the value of the
+# environment variable "KEYLIME_AGENT_UUID" as UUID.
 # If you set this to "dmidecode", Keylime will use the UUID from
 # 'dmidecode -s system-uuid'.
 # If you set this to "hostname", Keylime will use the full qualified domain

diff --git a/keylime/keylime_agent.py b/keylime/keylime_agent.py
@@ -543,6 +543,16 @@ def main():
             raise RuntimeError("The UUID returned from dmidecode is invalid: %s" % e)  # pylint: disable=raise-missing-from
     elif agent_uuid == 'hostname':
         agent_uuid = socket.getfqdn()
+    elif agent_uuid == 'environment':
+        agent_uuid = os.getenv("KEYLIME_AGENT_UUID", None)
+        if agent_uuid is None:
+            raise RuntimeError("Env variable KEYLIME_AGENT_UUID is empty, but agent_uuid is set to 'environment'")
+        try:
+            uuid.UUID(agent_uuid)
+        except ValueError as e:
+            raise RuntimeError(
+                "The UUID specified with KEYLIME_AGENT_UUID is invalid: %s" % e)  # pylint: disable=raise-missing-from
+
     if config.STUB_VTPM and config.TPM_CANNED_VALUES is not None:
         # Use canned values for stubbing
         jsonIn = config.TPM_CANNED_VALUES