diff options
| author | Gaël PORTAY <gael.portay@collabora.com> | 2020-11-05 13:37:43 -0500 |
|---|---|---|
| committer | Gaël PORTAY <gael.portay@collabora.com> | 2021-01-14 19:23:37 -0500 |
| commit | cb0198a13c26fe990ffc9f3e6a471036fdb43d1d (patch) | |
| tree | 015f633972214032d125a0b777d51b9091dd6c80 | |
| parent | e2ebc406ac78cb57612ce5c5d590018572d71df1 (diff) | |
| download | systemd-cb0198a13c26fe990ffc9f3e6a471036fdb43d1d.tar.gz | |
veritysetup: add support for dm-verity options
This patch allows controlling the behaviour of dm-verity by reusing the
fifth argument that was used to set the roothash signature.
That argument is now a comma-separated list of dm-verity options in the
given format: option[=value]. The option is the name of the long option
in the world of veritysetup.
See `veritysetup(8)` for more details.
Note: The former ROOTHASHSIG the positional argument is now deprecated
in favour of the option root-hash-signature=(base64:SIG|FILE). However,
the previous format is maintained and a warning is logged.
| -rw-r--r-- | src/veritysetup/veritysetup.c | 107 |
1 files changed, 100 insertions, 7 deletions
diff --git a/src/veritysetup/veritysetup.c b/src/veritysetup/veritysetup.c index 9b8bca11f2..1b9d4710fe 100644 --- a/src/veritysetup/veritysetup.c +++ b/src/veritysetup/veritysetup.c @@ -18,10 +18,13 @@ static char *arg_root_hash = NULL; static char *arg_data_what = NULL; static char *arg_hash_what = NULL; +static uint32_t arg_activate_flags = CRYPT_ACTIVATE_READONLY; +static char *arg_root_hash_signature = NULL; STATIC_DESTRUCTOR_REGISTER(arg_root_hash, freep); STATIC_DESTRUCTOR_REGISTER(arg_data_what, freep); STATIC_DESTRUCTOR_REGISTER(arg_hash_what, freep); +STATIC_DESTRUCTOR_REGISTER(arg_root_hash_signature, freep); static int help(void) { _cleanup_free_ char *link = NULL; @@ -31,7 +34,7 @@ static int help(void) { if (r < 0) return log_oom(); - printf("%s attach VOLUME DATADEVICE HASHDEVICE ROOTHASH [ROOTHASHSIG]\n" + printf("%s attach VOLUME DATADEVICE HASHDEVICE ROOTHASH [OPTIONS]\n" "%s detach VOLUME\n\n" "Attaches or detaches an integrity protected block device.\n" "\nSee the %s for details.\n" @@ -43,6 +46,90 @@ static int help(void) { return 0; } +static int looks_like_roothashsig(const char *option) { + const char *val; + int r; + + if (path_is_absolute(option)) { + + r = free_and_strdup(&arg_root_hash_signature, option); + if (r < 0) + return log_oom(); + + return 1; + } + + val = startswith(option, "base64:"); + if (val) { + + r = free_and_strdup(&arg_root_hash_signature, val); + if (r < 0) + return log_oom(); + + return 1; + } + + return 0; +} + +static int parse_options(const char *options) { + int r; + + /* backward compatibility with the obsolete ROOTHASHSIG positional argument */ + r = looks_like_roothashsig(options); + if (r < 0) + return r; + if (r == 1) { + log_warning("Usage of ROOTHASHSIG positional argument is deprecated. " + "Please use the option root-hash-signature=%s instead.", options); + return 0; + } + + for (;;) { + _cleanup_free_ char *word = NULL; + char *val; + + r = extract_first_word(&options, &word, ",", EXTRACT_DONT_COALESCE_SEPARATORS | EXTRACT_UNESCAPE_SEPARATORS); + if (r < 0) + return log_error_errno(r, "Failed to parse options: %m"); + if (r == 0) + break; + + if (isempty(word)) + continue; + else if (streq(word, "ignore-corruption")) + arg_activate_flags |= CRYPT_ACTIVATE_IGNORE_CORRUPTION; + else if (streq(word, "restart-on-corruption")) + arg_activate_flags |= CRYPT_ACTIVATE_RESTART_ON_CORRUPTION; + else if (streq(word, "ignore-zero-blocks")) + arg_activate_flags |= CRYPT_ACTIVATE_IGNORE_ZERO_BLOCKS; +#ifdef CRYPT_ACTIVATE_CHECK_AT_MOST_ONCE + else if (streq(word, "check-at-most-once")) + arg_activate_flags |= CRYPT_ACTIVATE_CHECK_AT_MOST_ONCE; +#endif +#ifdef CRYPT_ACTIVATE_PANIC_ON_CORRUPTION + else if (streq(word, "panic-on-corruption")) + arg_activate_flags |= CRYPT_ACTIVATE_PANIC_ON_CORRUPTION; +#endif + else if ((val = startswith(word, "root-hash-signature="))) { + + r = looks_like_roothashsig(val); + if (r < 0) + return r; + if (r == 0) + return log_error_errno(SYNTHETIC_ERRNO(EINVAL), "root-hash-signature expects either full path to signature file or " + "base64 string encoding signature prefixed by base64:."); + + r = free_and_strdup(&arg_root_hash_signature, val); + if (r < 0) + return log_oom(); + } else + log_warning("Encountered unknown option '%s', ignoring.", word); + } + + return r; +} + static int run(int argc, char *argv[]) { _cleanup_(crypt_freep) struct crypt_device *cd = NULL; int r; @@ -81,6 +168,12 @@ static int run(int argc, char *argv[]) { return 0; } + if (argc > 6) { + r = parse_options(argv[6]); + if (r < 0) + return log_error_errno(r, "Failed to parse options: %m"); + } + r = crypt_load(cd, CRYPT_VERITY, NULL); if (r < 0) return log_error_errno(r, "Failed to load verity superblock: %m"); @@ -89,19 +182,19 @@ static int run(int argc, char *argv[]) { if (r < 0) return log_error_errno(r, "Failed to configure data device: %m"); - if (argc > 6) { + if (arg_root_hash_signature && *arg_root_hash_signature) { #if HAVE_CRYPT_ACTIVATE_BY_SIGNED_KEY _cleanup_free_ char *hash_sig = NULL; size_t hash_sig_size; char *value; - if ((value = startswith(argv[6], "base64:"))) { + if ((value = startswith(arg_root_hash_signature, "base64:"))) { r = unbase64mem(value, strlen(value), (void *)&hash_sig, &hash_sig_size); if (r < 0) - return log_error_errno(r, "Failed to parse root hash signature '%s': %m", argv[6]); + return log_error_errno(r, "Failed to parse root hash signature '%s': %m", arg_root_hash_signature); } else { r = read_full_file_full( - AT_FDCWD, argv[6], UINT64_MAX, SIZE_MAX, + AT_FDCWD, arg_root_hash_signature, UINT64_MAX, SIZE_MAX, READ_FULL_FILE_CONNECT_SOCKET, NULL, &hash_sig, &hash_sig_size); @@ -109,12 +202,12 @@ static int run(int argc, char *argv[]) { return log_error_errno(r, "Failed to read root hash signature: %m"); } - r = crypt_activate_by_signed_key(cd, argv[2], m, l, hash_sig, hash_sig_size, CRYPT_ACTIVATE_READONLY); + r = crypt_activate_by_signed_key(cd, argv[2], m, l, hash_sig, hash_sig_size, arg_activate_flags); #else return log_error_errno(SYNTHETIC_ERRNO(EOPNOTSUPP), "activation of verity device with signature %s requested, but not supported by cryptsetup due to missing crypt_activate_by_signed_key()", argv[6]); #endif } else - r = crypt_activate_by_volume_key(cd, argv[2], m, l, CRYPT_ACTIVATE_READONLY); + r = crypt_activate_by_volume_key(cd, argv[2], m, l, arg_activate_flags); if (r < 0) return log_error_errno(r, "Failed to set up verity device: %m"); |