shaba/systemd
1
0
Fork 0
mirror of https://github.com/systemd/systemd.git synced 2025-01-09 01:18:19 +03:00
Code

repart: Add roothash to output of all verity siblings

Browse Source 
This can be used to match verity partitions together using the repart
JSON output.
This commit is contained in:
Daan De Meyer 2023-01-25 15:56:30 +01:00 committed by Luca Boccassi
parent 37aabb488e
commit 2ecc7a5bca
2 changed files with 13 additions and 6 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
src/partition/repart.c
View File

@ -2471,8 +2471,10 @@ static int context_dump_partitions(Context *context) {
if (p->new_padding != UINT64_MAX)
sum_padding += p->new_padding;
if (p->verity == VERITY_HASH) {
rh = p->roothash ? hexmem(p->roothash, p->roothash_size) : strdup("TBD");
if (p->verity != VERITY_OFF) {
Partition *hp = p->verity == VERITY_HASH ? p : p->siblings[VERITY_HASH];
rh = hp->roothash ? hexmem(hp->roothash, hp->roothash_size) : strdup("TBD");
if (!rh)
return log_oom();
}

13
test/units/testsuite-58.sh
View File

@ -819,7 +819,12 @@ EOF
--certificate="$defs/verity.crt" \
"$imgs/verity")
roothash=$(jq -r ".[] | select(.type == \"root-${architecture}-verity\") | .roothash" <<< "$output")
drh=$(jq -r ".[] | select(.type == \"root-${architecture}\") | .roothash" <<< "$output")
hrh=$(jq -r ".[] | select(.type == \"root-${architecture}-verity\") | .roothash" <<< "$output")
srh=$(jq -r ".[] | select(.type == \"root-${architecture}-verity-sig\") | .roothash" <<< "$output")
assert_eq "$drh" "$hrh"
assert_eq "$hrh" "$srh"
# Check that we can dissect, mount and unmount a repart verity image. (and that the image UUID is deterministic)
@ -828,9 +833,9 @@ EOF
return
fi
systemd-dissect "$imgs/verity" --root-hash "$roothash"
systemd-dissect "$imgs/verity" --root-hash "$roothash" --json=short | grep -q '"imageUuid":"1d2ce291-7cce-4f7d-bc83-fdb49ad74ebd"'
systemd-dissect "$imgs/verity" --root-hash "$roothash" -M "$imgs/mnt"
systemd-dissect "$imgs/verity" --root-hash "$drh"
systemd-dissect "$imgs/verity" --root-hash "$drh" --json=short | grep -q '"imageUuid":"1d2ce291-7cce-4f7d-bc83-fdb49ad74ebd"'
systemd-dissect "$imgs/verity" --root-hash "$drh" -M "$imgs/mnt"
systemd-dissect -U "$imgs/mnt"
}