shaba/systemd-stable
1
1
Fork 0
mirror of https://github.com/systemd/systemd-stable.git synced 2025-01-13 13:17:43 +03:00
Code

dissect: add new helper verity_settings_data_covers()

Browse Source 
This function checks if the external verity data referenced in
VeritySettings covers the specified partition (indicated via
designator).

Right now, we'll use that at one place, but in a later commit in more.
This commit is contained in:
Lennart Poettering 2022-11-30 18:44:06 +01:00 committed by Luca Boccassi
parent d90b03f80d
commit c2534821dc
2 changed files with 10 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

7
src/shared/dissect-image.c
View File

@ -513,13 +513,10 @@ static int dissect_image(
m->encrypted = streq_ptr(fstype, "crypto_LUKS");
m->has_verity = verity && verity->data_path;
m->verity_ready = m->has_verity &&
verity->root_hash &&
(verity->designator < 0 || verity->designator == PARTITION_ROOT);
m->verity_ready = verity_settings_data_covers(verity, PARTITION_ROOT);
m->has_verity_sig = false; /* signature not embedded, must be specified */
m->verity_sig_ready = m->verity_ready &&
verity->root_hash_sig;
m->verity_sig_ready = m->verity_ready && verity->root_hash_sig;
m->image_uuid = uuid;

8
src/shared/dissect-image.h
View File

@ -166,6 +166,14 @@ int dissected_image_relinquish(DissectedImage *m);
int verity_settings_load(VeritySettings *verity, const char *image, const char *root_hash_path, const char *root_hash_sig_path);
void verity_settings_done(VeritySettings *verity);
static inline bool verity_settings_data_covers(const VeritySettings *verity, PartitionDesignator d) {
/* Returns true if the verity settings contain sufficient information to cover the specified partition */
return verity &&
((d >= 0 && verity->designator == d) || (d == PARTITION_ROOT && verity->designator < 0)) &&
verity->root_hash &&
verity->data_path;
}
int dissected_image_load_verity_sig_partition(DissectedImage *m, int fd, VeritySettings *verity);
bool dissected_image_verity_candidate(const DissectedImage *image, PartitionDesignator d);