diff options
| author | Gaël PORTAY <gael.portay@collabora.com> | 2020-12-25 09:08:05 +0100 |
|---|---|---|
| committer | Gaël PORTAY <gael.portay@rtone.fr> | 2023-04-13 05:15:17 +0200 |
| commit | 14de7ef914167ed08af6c0fb283e91f25e68b60f (patch) | |
| tree | c6ea8f367406e99bea75e23509f876fee2eb3f98 /src/veritysetup | |
| parent | pid1: fix coredump_filter setting (diff) | |
| download | systemd-14de7ef914167ed08af6c0fb283e91f25e68b60f.tar.xz systemd-14de7ef914167ed08af6c0fb283e91f25e68b60f.zip | |
veritysetup: add support for hash-offset option
The verity parameter hash_area_offset allows to locate the superblock in
the hash device. It can be used to have a single device which contains
both data and hashes.
This adds the option hash-offset=BYTES (sixth argument) which is the
equivalent of the option --hash-offset in the veritysetup world.
See `veritysetup(8)` for more details.
Diffstat (limited to 'src/veritysetup')
| -rw-r--r-- | src/veritysetup/veritysetup.c | 19 |
1 files changed, 17 insertions, 2 deletions
diff --git a/src/veritysetup/veritysetup.c b/src/veritysetup/veritysetup.c index ae497b02ee..e1b0e00e42 100644 --- a/src/veritysetup/veritysetup.c +++ b/src/veritysetup/veritysetup.c @@ -10,12 +10,14 @@ #include "hexdecoct.h" #include "log.h" #include "main-func.h" +#include "parse-util.h" #include "path-util.h" #include "pretty-print.h" #include "process-util.h" #include "string-util.h" #include "terminal-util.h" +static uint64_t arg_hash_offset = 0; static uint32_t arg_activate_flags = CRYPT_ACTIVATE_READONLY; static char *arg_root_hash_signature = NULL; @@ -104,7 +106,17 @@ static int parse_options(const char *options) { else if (streq(word, "panic-on-corruption")) arg_activate_flags |= CRYPT_ACTIVATE_PANIC_ON_CORRUPTION; #endif - else if ((val = startswith(word, "root-hash-signature="))) { + else if ((val = startswith(word, "hash-offset="))) { + uint64_t off; + + r = parse_size(val, 1024, &off); + if (r < 0) + return log_error_errno(r, "Failed to parse offset '%s': %m", word); + if (off % 512 != 0) + return log_error_errno(SYNTHETIC_ERRNO(EINVAL), "hash-offset= expects a 512-byte aligned value."); + + arg_hash_offset = off; + } else if ((val = startswith(word, "root-hash-signature="))) { r = save_roothashsig_option(val, /* strict= */ true); if (r < 0) return r; @@ -138,6 +150,7 @@ static int run(int argc, char *argv[]) { if (streq(verb, "attach")) { const char *volume, *data_device, *verity_device, *root_hash, *options; _cleanup_free_ void *m = NULL; + struct crypt_params_verity p = {}; crypt_status_info status; size_t l; @@ -173,9 +186,11 @@ static int run(int argc, char *argv[]) { r = parse_options(options); if (r < 0) return log_error_errno(r, "Failed to parse options: %m"); + + p.hash_area_offset = arg_hash_offset; } - r = crypt_load(cd, CRYPT_VERITY, NULL); + r = crypt_load(cd, CRYPT_VERITY, &p); if (r < 0) return log_error_errno(r, "Failed to load verity superblock: %m"); |