1 /* SPDX-License-Identifier: LGPL-2.1+ */
3 This file is part of systemd.
5 Copyright 2016 Lennart Poettering
7 systemd is free software; you can redistribute it and/or modify it
8 under the terms of the GNU Lesser General Public License as published by
9 the Free Software Foundation; either version 2.1 of the License, or
10 (at your option) any later version.
12 systemd is distributed in the hope that it will be useful, but
13 WITHOUT ANY WARRANTY; without even the implied warranty of
14 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
15 Lesser General Public License for more details.
17 You should have received a copy of the GNU Lesser General Public License
18 along with systemd; If not, see <http://www.gnu.org/licenses/>.
21 #if HAVE_LIBCRYPTSETUP
22 #include <libcryptsetup.h>
24 #define CRYPT_LUKS NULL
27 #include <sys/mount.h>
28 #include <sys/prctl.h>
31 #include "architecture.h"
32 #include "ask-password-api.h"
33 #include "blkid-util.h"
36 #include "dissect-image.h"
41 #include "hexdecoct.h"
42 #include "hostname-util.h"
43 #include "id128-util.h"
44 #include "linux-3.13/dm-ioctl.h"
45 #include "mount-util.h"
46 #include "path-util.h"
47 #include "process-util.h"
48 #include "raw-clone.h"
49 #include "signal-util.h"
50 #include "stat-util.h"
51 #include "stdio-util.h"
52 #include "string-table.h"
53 #include "string-util.h"
55 #include "udev-util.h"
56 #include "xattr-util.h"
58 _unused_
static int probe_filesystem(const char *node
, char **ret_fstype
) {
60 _cleanup_blkid_free_probe_ blkid_probe b
= NULL
;
64 b
= blkid_new_probe_from_filename(node
);
68 blkid_probe_enable_superblocks(b
, 1);
69 blkid_probe_set_superblocks_flags(b
, BLKID_SUBLKS_TYPE
);
72 r
= blkid_do_safeprobe(b
);
73 if (IN_SET(r
, -2, 1)) {
74 log_debug("Failed to identify any partition type on partition %s", node
);
78 return -errno
?: -EIO
;
80 (void) blkid_probe_lookup_value(b
, "TYPE", &fstype
, NULL
);
101 int dissect_image(int fd
, const void *root_hash
, size_t root_hash_size
, DissectImageFlags flags
, DissectedImage
**ret
) {
104 sd_id128_t root_uuid
= SD_ID128_NULL
, verity_uuid
= SD_ID128_NULL
;
105 _cleanup_udev_enumerate_unref_
struct udev_enumerate
*e
= NULL
;
106 bool is_gpt
, is_mbr
, generic_rw
, multiple_generic
= false;
107 _cleanup_udev_device_unref_
struct udev_device
*d
= NULL
;
108 _cleanup_(dissected_image_unrefp
) DissectedImage
*m
= NULL
;
109 _cleanup_blkid_free_probe_ blkid_probe b
= NULL
;
110 _cleanup_udev_unref_
struct udev
*udev
= NULL
;
111 _cleanup_free_
char *generic_node
= NULL
;
112 sd_id128_t generic_uuid
= SD_ID128_NULL
;
113 const char *pttype
= NULL
;
114 struct udev_list_entry
*first
, *item
;
122 assert(root_hash
|| root_hash_size
== 0);
124 /* Probes a disk image, and returns information about what it found in *ret.
126 * Returns -ENOPKG if no suitable partition table or file system could be found.
127 * Returns -EADDRNOTAVAIL if a root hash was specified but no matching root/verity partitions found. */
130 /* If a root hash is supplied, then we use the root partition that has a UUID that match the first
131 * 128bit of the root hash. And we use the verity partition that has a UUID that match the final
134 if (root_hash_size
< sizeof(sd_id128_t
))
137 memcpy(&root_uuid
, root_hash
, sizeof(sd_id128_t
));
138 memcpy(&verity_uuid
, (const uint8_t*) root_hash
+ root_hash_size
- sizeof(sd_id128_t
), sizeof(sd_id128_t
));
140 if (sd_id128_is_null(root_uuid
))
142 if (sd_id128_is_null(verity_uuid
))
146 if (fstat(fd
, &st
) < 0)
149 if (!S_ISBLK(st
.st_mode
))
152 b
= blkid_new_probe();
157 r
= blkid_probe_set_device(b
, fd
, 0, 0);
159 return -errno
?: -ENOMEM
;
161 if ((flags
& DISSECT_IMAGE_GPT_ONLY
) == 0) {
162 /* Look for file system superblocks, unless we only shall look for GPT partition tables */
163 blkid_probe_enable_superblocks(b
, 1);
164 blkid_probe_set_superblocks_flags(b
, BLKID_SUBLKS_TYPE
|BLKID_SUBLKS_USAGE
);
167 blkid_probe_enable_partitions(b
, 1);
168 blkid_probe_set_partitions_flags(b
, BLKID_PARTS_ENTRY_DETAILS
);
171 r
= blkid_do_safeprobe(b
);
172 if (IN_SET(r
, -2, 1)) {
173 log_debug("Failed to identify any partition table.");
177 return -errno
?: -EIO
;
179 m
= new0(DissectedImage
, 1);
183 if (!(flags
& DISSECT_IMAGE_GPT_ONLY
) &&
184 (flags
& DISSECT_IMAGE_REQUIRE_ROOT
)) {
185 const char *usage
= NULL
;
187 (void) blkid_probe_lookup_value(b
, "USAGE", &usage
, NULL
);
188 if (STRPTR_IN_SET(usage
, "filesystem", "crypto")) {
189 _cleanup_free_
char *t
= NULL
, *n
= NULL
;
190 const char *fstype
= NULL
;
192 /* OK, we have found a file system, that's our root partition then. */
193 (void) blkid_probe_lookup_value(b
, "TYPE", &fstype
, NULL
);
201 if (asprintf(&n
, "/dev/block/%u:%u", major(st
.st_rdev
), minor(st
.st_rdev
)) < 0)
204 m
->partitions
[PARTITION_ROOT
] = (DissectedPartition
) {
208 .architecture
= _ARCHITECTURE_INVALID
,
215 m
->encrypted
= streq(fstype
, "crypto_LUKS");
224 (void) blkid_probe_lookup_value(b
, "PTTYPE", &pttype
, NULL
);
228 is_gpt
= streq_ptr(pttype
, "gpt");
229 is_mbr
= streq_ptr(pttype
, "dos");
231 if (!is_gpt
&& ((flags
& DISSECT_IMAGE_GPT_ONLY
) || !is_mbr
))
235 pl
= blkid_probe_get_partitions(b
);
237 return -errno
?: -ENOMEM
;
243 d
= udev_device_new_from_devnum(udev
, 'b', st
.st_rdev
);
251 log_debug("Kernel partitions never appeared.");
255 e
= udev_enumerate_new(udev
);
259 r
= udev_enumerate_add_match_parent(e
, d
);
263 r
= udev_enumerate_scan_devices(e
);
267 /* Count the partitions enumerated by the kernel */
269 first
= udev_enumerate_get_list_entry(e
);
270 udev_list_entry_foreach(item
, first
)
273 /* Count the partitions enumerated by blkid */
274 z
= blkid_partlist_numof_partitions(pl
);
278 log_debug("blkid and kernel partition list do not match.");
284 /* The kernel has probed fewer partitions than blkid? Maybe the kernel prober is still running
285 * or it got EBUSY because udev already opened the device. Let's reprobe the device, which is a
286 * synchronous call that waits until probing is complete. */
292 if (ioctl(fd
, BLKRRPART
, 0) < 0) {
296 struct loop_info64 info
;
298 /* If we are running on a loop device that has partition scanning off,
299 * return an explicit recognizable error about this, so that callers
300 * can generate a proper message explaining the situation. */
302 if (ioctl(fd
, LOOP_GET_STATUS64
, &info
) >= 0 && (info
.lo_flags
& LO_FLAGS_PARTSCAN
) == 0) {
303 log_debug("Device is loop device and partition scanning is off!");
304 return -EPROTONOSUPPORT
;
312 /* If something else has the device open, such as an udev rule, the ioctl will return
313 * EBUSY. Since there's no way to wait until it isn't busy anymore, let's just wait a
314 * bit, and try again.
316 * This is really something they should fix in the kernel! */
318 (void) usleep(50 * USEC_PER_MSEC
);
322 e
= udev_enumerate_unref(e
);
325 first
= udev_enumerate_get_list_entry(e
);
326 udev_list_entry_foreach(item
, first
) {
327 _cleanup_udev_device_unref_
struct udev_device
*q
;
328 unsigned long long pflags
;
330 const char *node
, *sysname
;
334 q
= udev_device_new_from_syspath(udev
, udev_list_entry_get_name(item
));
338 qn
= udev_device_get_devnum(q
);
342 if (st
.st_rdev
== qn
)
345 /* Filter out weird MMC RPMB partitions, which cannot reasonably be read, see
346 * https://github.com/systemd/systemd/issues/5806 */
347 sysname
= udev_device_get_sysname(q
);
348 if (sysname
&& startswith(sysname
, "mmcblk") && endswith(sysname
, "rpmb"))
351 node
= udev_device_get_devnode(q
);
355 pp
= blkid_partlist_devno_to_partition(pl
, qn
);
359 pflags
= blkid_partition_get_flags(pp
);
361 nr
= blkid_partition_get_partno(pp
);
366 int designator
= _PARTITION_DESIGNATOR_INVALID
, architecture
= _ARCHITECTURE_INVALID
;
367 const char *stype
, *sid
, *fstype
= NULL
;
368 sd_id128_t type_id
, id
;
371 sid
= blkid_partition_get_uuid(pp
);
374 if (sd_id128_from_string(sid
, &id
) < 0)
377 stype
= blkid_partition_get_type_string(pp
);
380 if (sd_id128_from_string(stype
, &type_id
) < 0)
383 if (sd_id128_equal(type_id
, GPT_HOME
)) {
385 if (pflags
& GPT_FLAG_NO_AUTO
)
388 designator
= PARTITION_HOME
;
389 rw
= !(pflags
& GPT_FLAG_READ_ONLY
);
390 } else if (sd_id128_equal(type_id
, GPT_SRV
)) {
392 if (pflags
& GPT_FLAG_NO_AUTO
)
395 designator
= PARTITION_SRV
;
396 rw
= !(pflags
& GPT_FLAG_READ_ONLY
);
397 } else if (sd_id128_equal(type_id
, GPT_ESP
)) {
399 /* Note that we don't check the GPT_FLAG_NO_AUTO flag for the ESP, as it is not defined
400 * there. We instead check the GPT_FLAG_NO_BLOCK_IO_PROTOCOL, as recommended by the
401 * UEFI spec (See "12.3.3 Number and Location of System Partitions"). */
403 if (pflags
& GPT_FLAG_NO_BLOCK_IO_PROTOCOL
)
406 designator
= PARTITION_ESP
;
409 #ifdef GPT_ROOT_NATIVE
410 else if (sd_id128_equal(type_id
, GPT_ROOT_NATIVE
)) {
412 if (pflags
& GPT_FLAG_NO_AUTO
)
415 /* If a root ID is specified, ignore everything but the root id */
416 if (!sd_id128_is_null(root_uuid
) && !sd_id128_equal(root_uuid
, id
))
419 designator
= PARTITION_ROOT
;
420 architecture
= native_architecture();
421 rw
= !(pflags
& GPT_FLAG_READ_ONLY
);
422 } else if (sd_id128_equal(type_id
, GPT_ROOT_NATIVE_VERITY
)) {
424 if (pflags
& GPT_FLAG_NO_AUTO
)
427 m
->can_verity
= true;
429 /* Ignore verity unless a root hash is specified */
430 if (sd_id128_is_null(verity_uuid
) || !sd_id128_equal(verity_uuid
, id
))
433 designator
= PARTITION_ROOT_VERITY
;
434 fstype
= "DM_verity_hash";
435 architecture
= native_architecture();
439 #ifdef GPT_ROOT_SECONDARY
440 else if (sd_id128_equal(type_id
, GPT_ROOT_SECONDARY
)) {
442 if (pflags
& GPT_FLAG_NO_AUTO
)
445 /* If a root ID is specified, ignore everything but the root id */
446 if (!sd_id128_is_null(root_uuid
) && !sd_id128_equal(root_uuid
, id
))
449 designator
= PARTITION_ROOT_SECONDARY
;
450 architecture
= SECONDARY_ARCHITECTURE
;
451 rw
= !(pflags
& GPT_FLAG_READ_ONLY
);
452 } else if (sd_id128_equal(type_id
, GPT_ROOT_SECONDARY_VERITY
)) {
454 if (pflags
& GPT_FLAG_NO_AUTO
)
457 m
->can_verity
= true;
459 /* Ignore verity unless root has is specified */
460 if (sd_id128_is_null(verity_uuid
) || !sd_id128_equal(verity_uuid
, id
))
463 designator
= PARTITION_ROOT_SECONDARY_VERITY
;
464 fstype
= "DM_verity_hash";
465 architecture
= SECONDARY_ARCHITECTURE
;
469 else if (sd_id128_equal(type_id
, GPT_SWAP
)) {
471 if (pflags
& GPT_FLAG_NO_AUTO
)
474 designator
= PARTITION_SWAP
;
476 } else if (sd_id128_equal(type_id
, GPT_LINUX_GENERIC
)) {
478 if (pflags
& GPT_FLAG_NO_AUTO
)
482 multiple_generic
= true;
485 generic_rw
= !(pflags
& GPT_FLAG_READ_ONLY
);
487 generic_node
= strdup(node
);
493 if (designator
!= _PARTITION_DESIGNATOR_INVALID
) {
494 _cleanup_free_
char *t
= NULL
, *n
= NULL
;
497 if (m
->partitions
[designator
].found
)
510 m
->partitions
[designator
] = (DissectedPartition
) {
514 .architecture
= architecture
,
525 if (pflags
!= 0x80) /* Bootable flag */
528 if (blkid_partition_get_type(pp
) != 0x83) /* Linux partition */
532 multiple_generic
= true;
536 generic_node
= strdup(node
);
543 if (!m
->partitions
[PARTITION_ROOT
].found
) {
544 /* No root partition found? Then let's see if ther's one for the secondary architecture. And if not
545 * either, then check if there's a single generic one, and use that. */
547 if (m
->partitions
[PARTITION_ROOT_VERITY
].found
)
548 return -EADDRNOTAVAIL
;
550 if (m
->partitions
[PARTITION_ROOT_SECONDARY
].found
) {
551 m
->partitions
[PARTITION_ROOT
] = m
->partitions
[PARTITION_ROOT_SECONDARY
];
552 zero(m
->partitions
[PARTITION_ROOT_SECONDARY
]);
554 m
->partitions
[PARTITION_ROOT_VERITY
] = m
->partitions
[PARTITION_ROOT_SECONDARY_VERITY
];
555 zero(m
->partitions
[PARTITION_ROOT_SECONDARY_VERITY
]);
557 } else if (flags
& DISSECT_IMAGE_REQUIRE_ROOT
) {
559 /* If the root has was set, then we won't fallback to a generic node, because the root hash
562 return -EADDRNOTAVAIL
;
564 /* If we didn't find a generic node, then we can't fix this up either */
568 /* If we didn't find a properly marked root partition, but we did find a single suitable
569 * generic Linux partition, then use this as root partition, if the caller asked for it. */
570 if (multiple_generic
)
573 m
->partitions
[PARTITION_ROOT
] = (DissectedPartition
) {
576 .partno
= generic_nr
,
577 .architecture
= _ARCHITECTURE_INVALID
,
578 .node
= generic_node
,
579 .uuid
= generic_uuid
,
587 if (!m
->partitions
[PARTITION_ROOT_VERITY
].found
|| !m
->partitions
[PARTITION_ROOT
].found
)
588 return -EADDRNOTAVAIL
;
590 /* If we found the primary root with the hash, then we definitely want to suppress any secondary root
591 * (which would be weird, after all the root hash should only be assigned to one pair of
593 m
->partitions
[PARTITION_ROOT_SECONDARY
].found
= false;
594 m
->partitions
[PARTITION_ROOT_SECONDARY_VERITY
].found
= false;
596 /* If we found a verity setup, then the root partition is necessarily read-only. */
597 m
->partitions
[PARTITION_ROOT
].rw
= false;
605 /* Fill in file system types if we don't know them yet. */
606 for (i
= 0; i
< _PARTITION_DESIGNATOR_MAX
; i
++) {
607 DissectedPartition
*p
= m
->partitions
+ i
;
612 if (!p
->fstype
&& p
->node
) {
613 r
= probe_filesystem(p
->node
, &p
->fstype
);
618 if (streq_ptr(p
->fstype
, "crypto_LUKS"))
621 if (p
->fstype
&& fstype_is_ro(p
->fstype
))
634 DissectedImage
* dissected_image_unref(DissectedImage
*m
) {
640 for (i
= 0; i
< _PARTITION_DESIGNATOR_MAX
; i
++) {
641 free(m
->partitions
[i
].fstype
);
642 free(m
->partitions
[i
].node
);
643 free(m
->partitions
[i
].decrypted_fstype
);
644 free(m
->partitions
[i
].decrypted_node
);
648 strv_free(m
->machine_info
);
649 strv_free(m
->os_release
);
654 static int is_loop_device(const char *path
) {
655 char s
[strlen("/sys/dev/block/") + DECIMAL_STR_MAX(dev_t
) + 1 + DECIMAL_STR_MAX(dev_t
) + strlen("/../loop/")];
660 if (stat(path
, &st
) < 0)
663 if (!S_ISBLK(st
.st_mode
))
666 xsprintf(s
, "/sys/dev/block/%u:%u/loop/", major(st
.st_rdev
), minor(st
.st_rdev
));
667 if (access(s
, F_OK
) < 0) {
671 /* The device itself isn't a loop device, but maybe it's a partition and its parent is? */
672 xsprintf(s
, "/sys/dev/block/%u:%u/../loop/", major(st
.st_rdev
), minor(st
.st_rdev
));
673 if (access(s
, F_OK
) < 0)
674 return errno
== ENOENT
? false : -errno
;
680 static int mount_partition(
681 DissectedPartition
*m
,
683 const char *directory
,
684 DissectImageFlags flags
) {
686 const char *p
, *options
= NULL
, *node
, *fstype
;
687 _cleanup_free_
char *chased
= NULL
;
694 node
= m
->decrypted_node
?: m
->node
;
695 fstype
= m
->decrypted_fstype
?: m
->fstype
;
697 if (!m
->found
|| !node
|| !fstype
)
700 /* Stacked encryption? Yuck */
701 if (streq_ptr(fstype
, "crypto_LUKS"))
704 rw
= m
->rw
&& !(flags
& DISSECT_IMAGE_READ_ONLY
);
707 r
= chase_symlinks(directory
, where
, CHASE_PREFIX_ROOT
, &chased
);
715 /* If requested, turn on discard support. */
716 if (fstype_can_discard(fstype
) &&
717 ((flags
& DISSECT_IMAGE_DISCARD
) ||
718 ((flags
& DISSECT_IMAGE_DISCARD_ON_LOOP
) && is_loop_device(m
->node
))))
721 return mount_verbose(LOG_DEBUG
, node
, p
, fstype
, MS_NODEV
|(rw
? 0 : MS_RDONLY
), options
);
724 int dissected_image_mount(DissectedImage
*m
, const char *where
, DissectImageFlags flags
) {
730 if (!m
->partitions
[PARTITION_ROOT
].found
)
733 r
= mount_partition(m
->partitions
+ PARTITION_ROOT
, where
, NULL
, flags
);
737 r
= mount_partition(m
->partitions
+ PARTITION_HOME
, where
, "/home", flags
);
741 r
= mount_partition(m
->partitions
+ PARTITION_SRV
, where
, "/srv", flags
);
745 if (m
->partitions
[PARTITION_ESP
].found
) {
748 /* Mount the ESP to /efi if it exists and is empty. If it doesn't exist, use /boot instead. */
750 FOREACH_STRING(mp
, "/efi", "/boot") {
751 _cleanup_free_
char *p
= NULL
;
753 r
= chase_symlinks(mp
, where
, CHASE_PREFIX_ROOT
, &p
);
759 r
= mount_partition(m
->partitions
+ PARTITION_ESP
, where
, mp
, flags
);
769 #if HAVE_LIBCRYPTSETUP
770 typedef struct DecryptedPartition
{
771 struct crypt_device
*device
;
774 } DecryptedPartition
;
776 struct DecryptedImage
{
777 DecryptedPartition
*decrypted
;
783 DecryptedImage
* decrypted_image_unref(DecryptedImage
* d
) {
784 #if HAVE_LIBCRYPTSETUP
791 for (i
= 0; i
< d
->n_decrypted
; i
++) {
792 DecryptedPartition
*p
= d
->decrypted
+ i
;
794 if (p
->device
&& p
->name
&& !p
->relinquished
) {
795 r
= crypt_deactivate(p
->device
, p
->name
);
797 log_debug_errno(r
, "Failed to deactivate encrypted partition %s", p
->name
);
801 crypt_free(p
->device
);
810 #if HAVE_LIBCRYPTSETUP
812 static int make_dm_name_and_node(const void *original_node
, const char *suffix
, char **ret_name
, char **ret_node
) {
813 _cleanup_free_
char *name
= NULL
, *node
= NULL
;
816 assert(original_node
);
821 base
= strrchr(original_node
, '/');
828 name
= strjoin(base
, suffix
);
831 if (!filename_is_valid(name
))
834 node
= strjoin(crypt_get_dir(), "/", name
);
845 static int decrypt_partition(
846 DissectedPartition
*m
,
847 const char *passphrase
,
848 DissectImageFlags flags
,
851 _cleanup_free_
char *node
= NULL
, *name
= NULL
;
852 struct crypt_device
*cd
;
858 if (!m
->found
|| !m
->node
|| !m
->fstype
)
861 if (!streq(m
->fstype
, "crypto_LUKS"))
864 r
= make_dm_name_and_node(m
->node
, "-decrypted", &name
, &node
);
868 if (!GREEDY_REALLOC0(d
->decrypted
, d
->n_allocated
, d
->n_decrypted
+ 1))
871 r
= crypt_init(&cd
, m
->node
);
873 return log_debug_errno(r
, "Failed to initialize dm-crypt: %m");
875 r
= crypt_load(cd
, CRYPT_LUKS
, NULL
);
877 log_debug_errno(r
, "Failed to load LUKS metadata: %m");
881 r
= crypt_activate_by_passphrase(cd
, name
, CRYPT_ANY_SLOT
, passphrase
, strlen(passphrase
),
882 ((flags
& DISSECT_IMAGE_READ_ONLY
) ? CRYPT_ACTIVATE_READONLY
: 0) |
883 ((flags
& DISSECT_IMAGE_DISCARD_ON_CRYPTO
) ? CRYPT_ACTIVATE_ALLOW_DISCARDS
: 0));
885 log_debug_errno(r
, "Failed to activate LUKS device: %m");
893 d
->decrypted
[d
->n_decrypted
].name
= name
;
896 d
->decrypted
[d
->n_decrypted
].device
= cd
;
899 m
->decrypted_node
= node
;
909 static int verity_partition(
910 DissectedPartition
*m
,
911 DissectedPartition
*v
,
912 const void *root_hash
,
913 size_t root_hash_size
,
914 DissectImageFlags flags
,
917 _cleanup_free_
char *node
= NULL
, *name
= NULL
;
918 struct crypt_device
*cd
;
927 if (!m
->found
|| !m
->node
|| !m
->fstype
)
929 if (!v
->found
|| !v
->node
|| !v
->fstype
)
932 if (!streq(v
->fstype
, "DM_verity_hash"))
935 r
= make_dm_name_and_node(m
->node
, "-verity", &name
, &node
);
939 if (!GREEDY_REALLOC0(d
->decrypted
, d
->n_allocated
, d
->n_decrypted
+ 1))
942 r
= crypt_init(&cd
, v
->node
);
946 r
= crypt_load(cd
, CRYPT_VERITY
, NULL
);
950 r
= crypt_set_data_device(cd
, m
->node
);
954 r
= crypt_activate_by_volume_key(cd
, name
, root_hash
, root_hash_size
, CRYPT_ACTIVATE_READONLY
);
958 d
->decrypted
[d
->n_decrypted
].name
= name
;
961 d
->decrypted
[d
->n_decrypted
].device
= cd
;
964 m
->decrypted_node
= node
;
975 int dissected_image_decrypt(
977 const char *passphrase
,
978 const void *root_hash
,
979 size_t root_hash_size
,
980 DissectImageFlags flags
,
981 DecryptedImage
**ret
) {
983 _cleanup_(decrypted_image_unrefp
) DecryptedImage
*d
= NULL
;
984 #if HAVE_LIBCRYPTSETUP
990 assert(root_hash
|| root_hash_size
== 0);
994 * = 0 → There was nothing to decrypt
995 * > 0 → Decrypted successfully
996 * -ENOKEY → There's something to decrypt but no key was supplied
997 * -EKEYREJECTED → Passed key was not correct
1000 if (root_hash
&& root_hash_size
< sizeof(sd_id128_t
))
1003 if (!m
->encrypted
&& !m
->verity
) {
1008 #if HAVE_LIBCRYPTSETUP
1009 if (m
->encrypted
&& !passphrase
)
1012 d
= new0(DecryptedImage
, 1);
1016 for (i
= 0; i
< _PARTITION_DESIGNATOR_MAX
; i
++) {
1017 DissectedPartition
*p
= m
->partitions
+ i
;
1023 r
= decrypt_partition(p
, passphrase
, flags
, d
);
1027 k
= PARTITION_VERITY_OF(i
);
1029 r
= verity_partition(p
, m
->partitions
+ k
, root_hash
, root_hash_size
, flags
, d
);
1034 if (!p
->decrypted_fstype
&& p
->decrypted_node
) {
1035 r
= probe_filesystem(p
->decrypted_node
, &p
->decrypted_fstype
);
1050 int dissected_image_decrypt_interactively(
1052 const char *passphrase
,
1053 const void *root_hash
,
1054 size_t root_hash_size
,
1055 DissectImageFlags flags
,
1056 DecryptedImage
**ret
) {
1058 _cleanup_strv_free_erase_
char **z
= NULL
;
1065 r
= dissected_image_decrypt(m
, passphrase
, root_hash
, root_hash_size
, flags
, ret
);
1068 if (r
== -EKEYREJECTED
)
1069 log_error_errno(r
, "Incorrect passphrase, try again!");
1070 else if (r
!= -ENOKEY
) {
1071 log_error_errno(r
, "Failed to decrypt image: %m");
1076 log_error("Too many retries.");
1077 return -EKEYREJECTED
;
1082 r
= ask_password_auto("Please enter image passphrase!", NULL
, "dissect", "dissect", USEC_INFINITY
, 0, &z
);
1084 return log_error_errno(r
, "Failed to query for passphrase: %m");
1090 #if HAVE_LIBCRYPTSETUP
1091 static int deferred_remove(DecryptedPartition
*p
) {
1093 struct dm_ioctl dm
= {
1097 DM_VERSION_PATCHLEVEL
1099 .data_size
= sizeof(dm
),
1100 .flags
= DM_DEFERRED_REMOVE
,
1103 _cleanup_close_
int fd
= -1;
1107 /* Unfortunately, libcryptsetup doesn't provide a proper API for this, hence call the ioctl() directly. */
1109 fd
= open("/dev/mapper/control", O_RDWR
|O_CLOEXEC
);
1113 strncpy(dm
.name
, p
->name
, sizeof(dm
.name
));
1115 if (ioctl(fd
, DM_DEV_REMOVE
, &dm
))
1122 int decrypted_image_relinquish(DecryptedImage
*d
) {
1124 #if HAVE_LIBCRYPTSETUP
1131 /* Turns on automatic removal after the last use ended for all DM devices of this image, and sets a boolean so
1132 * that we don't clean it up ourselves either anymore */
1134 #if HAVE_LIBCRYPTSETUP
1135 for (i
= 0; i
< d
->n_decrypted
; i
++) {
1136 DecryptedPartition
*p
= d
->decrypted
+ i
;
1138 if (p
->relinquished
)
1141 r
= deferred_remove(p
);
1143 return log_debug_errno(r
, "Failed to mark %s for auto-removal: %m", p
->name
);
1145 p
->relinquished
= true;
1152 int root_hash_load(const char *image
, void **ret
, size_t *ret_size
) {
1153 _cleanup_free_
char *text
= NULL
;
1154 _cleanup_free_
void *k
= NULL
;
1162 if (is_device_path(image
)) {
1163 /* If we are asked to load the root hash for a device node, exit early */
1169 r
= getxattr_malloc(image
, "user.verity.roothash", &text
, true);
1173 if (!IN_SET(r
, -ENODATA
, -EOPNOTSUPP
, -ENOENT
))
1176 fn
= newa(char, strlen(image
) + strlen(".roothash") + 1);
1177 n
= stpcpy(fn
, image
);
1178 e
= endswith(fn
, ".raw");
1182 strcpy(n
, ".roothash");
1184 r
= read_one_line_file(fn
, &text
);
1194 r
= unhexmem(text
, strlen(text
), &k
, &l
);
1197 if (l
< sizeof(sd_id128_t
))
1208 int dissected_image_acquire_metadata(DissectedImage
*m
) {
1218 static const char *const paths
[_META_MAX
] = {
1219 [META_HOSTNAME
] = "/etc/hostname\0",
1220 [META_MACHINE_ID
] = "/etc/machine-id\0",
1221 [META_MACHINE_INFO
] = "/etc/machine-info\0",
1222 [META_OS_RELEASE
] = "/etc/os-release\0/usr/lib/os-release\0",
1225 _cleanup_strv_free_
char **machine_info
= NULL
, **os_release
= NULL
;
1226 _cleanup_(rmdir_and_freep
) char *t
= NULL
;
1227 _cleanup_(sigkill_waitp
) pid_t child
= 0;
1228 sd_id128_t machine_id
= SD_ID128_NULL
;
1229 _cleanup_free_
char *hostname
= NULL
;
1230 unsigned n_meta_initialized
= 0, k
;
1231 int fds
[2 * _META_MAX
], r
;
1234 BLOCK_SIGNALS(SIGCHLD
);
1238 for (; n_meta_initialized
< _META_MAX
; n_meta_initialized
++)
1239 if (pipe2(fds
+ 2*n_meta_initialized
, O_CLOEXEC
) < 0) {
1244 r
= mkdtemp_malloc("/tmp/dissect-XXXXXX", &t
);
1248 child
= raw_clone(SIGCHLD
|CLONE_NEWNS
);
1256 (void) reset_all_signal_handlers();
1257 (void) reset_signal_mask();
1258 assert_se(prctl(PR_SET_PDEATHSIG
, SIGTERM
) == 0);
1260 /* Make sure we never propagate to the host */
1261 if (mount(NULL
, "/", NULL
, MS_SLAVE
| MS_REC
, NULL
) < 0)
1262 _exit(EXIT_FAILURE
);
1264 r
= dissected_image_mount(m
, t
, DISSECT_IMAGE_READ_ONLY
);
1266 _exit(EXIT_FAILURE
);
1268 for (k
= 0; k
< _META_MAX
; k
++) {
1269 _cleanup_close_
int fd
= -1;
1272 fds
[2*k
] = safe_close(fds
[2*k
]);
1274 NULSTR_FOREACH(p
, paths
[k
]) {
1275 _cleanup_free_
char *q
= NULL
;
1277 r
= chase_symlinks(p
, t
, CHASE_PREFIX_ROOT
, &q
);
1281 fd
= open(q
, O_RDONLY
|O_CLOEXEC
|O_NOCTTY
);
1288 r
= copy_bytes(fd
, fds
[2*k
+1], (uint64_t) -1, 0);
1290 _exit(EXIT_FAILURE
);
1292 fds
[2*k
+1] = safe_close(fds
[2*k
+1]);
1295 _exit(EXIT_SUCCESS
);
1298 for (k
= 0; k
< _META_MAX
; k
++) {
1299 _cleanup_fclose_
FILE *f
= NULL
;
1301 fds
[2*k
+1] = safe_close(fds
[2*k
+1]);
1303 f
= fdopen(fds
[2*k
], "re");
1314 r
= read_etc_hostname_stream(f
, &hostname
);
1316 log_debug_errno(r
, "Failed to read /etc/hostname: %m");
1320 case META_MACHINE_ID
: {
1321 _cleanup_free_
char *line
= NULL
;
1323 r
= read_line(f
, LONG_LINE_MAX
, &line
);
1325 log_debug_errno(r
, "Failed to read /etc/machine-id: %m");
1327 r
= sd_id128_from_string(line
, &machine_id
);
1329 log_debug_errno(r
, "Image contains invalid /etc/machine-id: %s", line
);
1331 log_debug("/etc/machine-id file is empty.");
1333 log_debug("/etc/machine-id has unexpected length %i.", r
);
1338 case META_MACHINE_INFO
:
1339 r
= load_env_file_pairs(f
, "machine-info", NULL
, &machine_info
);
1341 log_debug_errno(r
, "Failed to read /etc/machine-info: %m");
1345 case META_OS_RELEASE
:
1346 r
= load_env_file_pairs(f
, "os-release", NULL
, &os_release
);
1348 log_debug_errno(r
, "Failed to read OS release file: %m");
1354 r
= wait_for_terminate(child
, &si
);
1359 if (si
.si_code
!= CLD_EXITED
|| si
.si_status
!= EXIT_SUCCESS
) {
1364 free_and_replace(m
->hostname
, hostname
);
1365 m
->machine_id
= machine_id
;
1366 strv_free_and_replace(m
->machine_info
, machine_info
);
1367 strv_free_and_replace(m
->os_release
, os_release
);
1370 for (k
= 0; k
< n_meta_initialized
; k
++)
1371 safe_close_pair(fds
+ 2*k
);
1376 static const char *const partition_designator_table
[] = {
1377 [PARTITION_ROOT
] = "root",
1378 [PARTITION_ROOT_SECONDARY
] = "root-secondary",
1379 [PARTITION_HOME
] = "home",
1380 [PARTITION_SRV
] = "srv",
1381 [PARTITION_ESP
] = "esp",
1382 [PARTITION_SWAP
] = "swap",
1383 [PARTITION_ROOT_VERITY
] = "root-verity",
1384 [PARTITION_ROOT_SECONDARY_VERITY
] = "root-secondary-verity",
1387 DEFINE_STRING_TABLE_LOOKUP(partition_designator
, int);