dissect-image: load embedded verity signature info from image

This adds support for actually using embedded signature data from partitions.
author: Lennart Poettering <lennart@poettering.net> 2021-09-09 13:46:01 +0200
committer: Lennart Poettering <lennart@poettering.net> 2021-09-28 17:02:54 +0200
commit: 88b3300fdc64d5320fb50d0f369d3fc0885e15e8 (patch)
tree: d392ab269b32c6611bf663f75ed70e4c2b3f39e5 /src/sysext
parent: 8ee9615e10f449dcabbd5e27c960c26857943832 (diff)
download: systemd-88b3300fdc64d5320fb50d0f369d3fc0885e15e8.tar.gz
1 files changed, 7 insertions, 0 deletions
diff --git a/src/sysext/sysext.c b/src/sysext/sysext.c
index f15d4dd61d..67112c4e14 100644
--- a/src/sysext/sysext.c
+++ b/src/sysext/sysext.c
@@ -540,6 +540,13 @@ static int merge_subprocess(Hashmap *images, const char *workspace) {
                         if (r < 0)
                                 return r;
 
+                        r = dissected_image_load_verity_sig_partition(
+                                        m,
+                                        d->fd,
+                                        &verity_settings);
+                        if (r < 0)
+                                return r;
+
                         r = dissected_image_decrypt_interactively(
                                         m, NULL,
                                         &verity_settings,
author	Lennart Poettering <lennart@poettering.net>	2021-09-09 13:46:01 +0200
committer	Lennart Poettering <lennart@poettering.net>	2021-09-28 17:02:54 +0200
commit	88b3300fdc64d5320fb50d0f369d3fc0885e15e8 (patch)
tree	d392ab269b32c6611bf663f75ed70e4c2b3f39e5 /src/sysext
parent	8ee9615e10f449dcabbd5e27c960c26857943832 (diff)
download	systemd-88b3300fdc64d5320fb50d0f369d3fc0885e15e8.tar.gz