1 /* SPDX-License-Identifier: LGPL-2.1+ */
3 This file is part of systemd.
5 Copyright 2016 Lennart Poettering
7 systemd is free software; you can redistribute it and/or modify it
8 under the terms of the GNU Lesser General Public License as published by
9 the Free Software Foundation; either version 2.1 of the License, or
10 (at your option) any later version.
12 systemd is distributed in the hope that it will be useful, but
13 WITHOUT ANY WARRANTY; without even the implied warranty of
14 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
15 Lesser General Public License for more details.
17 You should have received a copy of the GNU Lesser General Public License
18 along with systemd; If not, see <http://www.gnu.org/licenses/>.
21 #include <sys/mount.h>
22 #include <sys/prctl.h>
25 #include "architecture.h"
26 #include "ask-password-api.h"
27 #include "blkid-util.h"
29 #include "crypt-util.h"
31 #include "device-nodes.h"
32 #include "dissect-image.h"
37 #include "hexdecoct.h"
38 #include "hostname-util.h"
39 #include "id128-util.h"
40 #include "linux-3.13/dm-ioctl.h"
41 #include "mount-util.h"
42 #include "path-util.h"
43 #include "process-util.h"
44 #include "raw-clone.h"
45 #include "signal-util.h"
46 #include "stat-util.h"
47 #include "stdio-util.h"
48 #include "string-table.h"
49 #include "string-util.h"
51 #include "udev-util.h"
52 #include "xattr-util.h"
54 _unused_
static int probe_filesystem(const char *node
, char **ret_fstype
) {
56 _cleanup_blkid_free_probe_ blkid_probe b
= NULL
;
60 b
= blkid_new_probe_from_filename(node
);
64 blkid_probe_enable_superblocks(b
, 1);
65 blkid_probe_set_superblocks_flags(b
, BLKID_SUBLKS_TYPE
);
68 r
= blkid_do_safeprobe(b
);
69 if (IN_SET(r
, -2, 1)) {
70 log_debug("Failed to identify any partition type on partition %s", node
);
74 return -errno
?: -EIO
;
76 (void) blkid_probe_lookup_value(b
, "TYPE", &fstype
, NULL
);
97 int dissect_image(int fd
, const void *root_hash
, size_t root_hash_size
, DissectImageFlags flags
, DissectedImage
**ret
) {
100 sd_id128_t root_uuid
= SD_ID128_NULL
, verity_uuid
= SD_ID128_NULL
;
101 _cleanup_udev_enumerate_unref_
struct udev_enumerate
*e
= NULL
;
102 bool is_gpt
, is_mbr
, generic_rw
, multiple_generic
= false;
103 _cleanup_udev_device_unref_
struct udev_device
*d
= NULL
;
104 _cleanup_(dissected_image_unrefp
) DissectedImage
*m
= NULL
;
105 _cleanup_blkid_free_probe_ blkid_probe b
= NULL
;
106 _cleanup_udev_unref_
struct udev
*udev
= NULL
;
107 _cleanup_free_
char *generic_node
= NULL
;
108 sd_id128_t generic_uuid
= SD_ID128_NULL
;
109 const char *pttype
= NULL
;
110 struct udev_list_entry
*first
, *item
;
118 assert(root_hash
|| root_hash_size
== 0);
120 /* Probes a disk image, and returns information about what it found in *ret.
122 * Returns -ENOPKG if no suitable partition table or file system could be found.
123 * Returns -EADDRNOTAVAIL if a root hash was specified but no matching root/verity partitions found. */
126 /* If a root hash is supplied, then we use the root partition that has a UUID that match the first
127 * 128bit of the root hash. And we use the verity partition that has a UUID that match the final
130 if (root_hash_size
< sizeof(sd_id128_t
))
133 memcpy(&root_uuid
, root_hash
, sizeof(sd_id128_t
));
134 memcpy(&verity_uuid
, (const uint8_t*) root_hash
+ root_hash_size
- sizeof(sd_id128_t
), sizeof(sd_id128_t
));
136 if (sd_id128_is_null(root_uuid
))
138 if (sd_id128_is_null(verity_uuid
))
142 if (fstat(fd
, &st
) < 0)
145 if (!S_ISBLK(st
.st_mode
))
148 b
= blkid_new_probe();
153 r
= blkid_probe_set_device(b
, fd
, 0, 0);
155 return -errno
?: -ENOMEM
;
157 if ((flags
& DISSECT_IMAGE_GPT_ONLY
) == 0) {
158 /* Look for file system superblocks, unless we only shall look for GPT partition tables */
159 blkid_probe_enable_superblocks(b
, 1);
160 blkid_probe_set_superblocks_flags(b
, BLKID_SUBLKS_TYPE
|BLKID_SUBLKS_USAGE
);
163 blkid_probe_enable_partitions(b
, 1);
164 blkid_probe_set_partitions_flags(b
, BLKID_PARTS_ENTRY_DETAILS
);
167 r
= blkid_do_safeprobe(b
);
168 if (IN_SET(r
, -2, 1)) {
169 log_debug("Failed to identify any partition table.");
173 return -errno
?: -EIO
;
175 m
= new0(DissectedImage
, 1);
179 if (!(flags
& DISSECT_IMAGE_GPT_ONLY
) &&
180 (flags
& DISSECT_IMAGE_REQUIRE_ROOT
)) {
181 const char *usage
= NULL
;
183 (void) blkid_probe_lookup_value(b
, "USAGE", &usage
, NULL
);
184 if (STRPTR_IN_SET(usage
, "filesystem", "crypto")) {
185 _cleanup_free_
char *t
= NULL
, *n
= NULL
;
186 const char *fstype
= NULL
;
188 /* OK, we have found a file system, that's our root partition then. */
189 (void) blkid_probe_lookup_value(b
, "TYPE", &fstype
, NULL
);
197 if (asprintf(&n
, "/dev/block/%u:%u", major(st
.st_rdev
), minor(st
.st_rdev
)) < 0)
200 m
->partitions
[PARTITION_ROOT
] = (DissectedPartition
) {
204 .architecture
= _ARCHITECTURE_INVALID
,
211 m
->encrypted
= streq(fstype
, "crypto_LUKS");
220 (void) blkid_probe_lookup_value(b
, "PTTYPE", &pttype
, NULL
);
224 is_gpt
= streq_ptr(pttype
, "gpt");
225 is_mbr
= streq_ptr(pttype
, "dos");
227 if (!is_gpt
&& ((flags
& DISSECT_IMAGE_GPT_ONLY
) || !is_mbr
))
231 pl
= blkid_probe_get_partitions(b
);
233 return -errno
?: -ENOMEM
;
239 d
= udev_device_new_from_devnum(udev
, 'b', st
.st_rdev
);
247 log_debug("Kernel partitions never appeared.");
251 e
= udev_enumerate_new(udev
);
255 r
= udev_enumerate_add_match_parent(e
, d
);
259 r
= udev_enumerate_scan_devices(e
);
263 /* Count the partitions enumerated by the kernel */
265 first
= udev_enumerate_get_list_entry(e
);
266 udev_list_entry_foreach(item
, first
)
269 /* Count the partitions enumerated by blkid */
270 z
= blkid_partlist_numof_partitions(pl
);
274 log_debug("blkid and kernel partition list do not match.");
280 /* The kernel has probed fewer partitions than blkid? Maybe the kernel prober is still running
281 * or it got EBUSY because udev already opened the device. Let's reprobe the device, which is a
282 * synchronous call that waits until probing is complete. */
288 if (ioctl(fd
, BLKRRPART
, 0) < 0) {
292 struct loop_info64 info
;
294 /* If we are running on a loop device that has partition scanning off,
295 * return an explicit recognizable error about this, so that callers
296 * can generate a proper message explaining the situation. */
298 if (ioctl(fd
, LOOP_GET_STATUS64
, &info
) >= 0 && (info
.lo_flags
& LO_FLAGS_PARTSCAN
) == 0) {
299 log_debug("Device is loop device and partition scanning is off!");
300 return -EPROTONOSUPPORT
;
308 /* If something else has the device open, such as an udev rule, the ioctl will return
309 * EBUSY. Since there's no way to wait until it isn't busy anymore, let's just wait a
310 * bit, and try again.
312 * This is really something they should fix in the kernel! */
314 (void) usleep(50 * USEC_PER_MSEC
);
318 e
= udev_enumerate_unref(e
);
321 first
= udev_enumerate_get_list_entry(e
);
322 udev_list_entry_foreach(item
, first
) {
323 _cleanup_udev_device_unref_
struct udev_device
*q
;
324 unsigned long long pflags
;
326 const char *node
, *sysname
;
330 q
= udev_device_new_from_syspath(udev
, udev_list_entry_get_name(item
));
334 qn
= udev_device_get_devnum(q
);
338 if (st
.st_rdev
== qn
)
341 /* Filter out weird MMC RPMB partitions, which cannot reasonably be read, see
342 * https://github.com/systemd/systemd/issues/5806 */
343 sysname
= udev_device_get_sysname(q
);
344 if (sysname
&& startswith(sysname
, "mmcblk") && endswith(sysname
, "rpmb"))
347 node
= udev_device_get_devnode(q
);
351 pp
= blkid_partlist_devno_to_partition(pl
, qn
);
355 pflags
= blkid_partition_get_flags(pp
);
357 nr
= blkid_partition_get_partno(pp
);
362 int designator
= _PARTITION_DESIGNATOR_INVALID
, architecture
= _ARCHITECTURE_INVALID
;
363 const char *stype
, *sid
, *fstype
= NULL
;
364 sd_id128_t type_id
, id
;
367 sid
= blkid_partition_get_uuid(pp
);
370 if (sd_id128_from_string(sid
, &id
) < 0)
373 stype
= blkid_partition_get_type_string(pp
);
376 if (sd_id128_from_string(stype
, &type_id
) < 0)
379 if (sd_id128_equal(type_id
, GPT_HOME
)) {
381 if (pflags
& GPT_FLAG_NO_AUTO
)
384 designator
= PARTITION_HOME
;
385 rw
= !(pflags
& GPT_FLAG_READ_ONLY
);
386 } else if (sd_id128_equal(type_id
, GPT_SRV
)) {
388 if (pflags
& GPT_FLAG_NO_AUTO
)
391 designator
= PARTITION_SRV
;
392 rw
= !(pflags
& GPT_FLAG_READ_ONLY
);
393 } else if (sd_id128_equal(type_id
, GPT_ESP
)) {
395 /* Note that we don't check the GPT_FLAG_NO_AUTO flag for the ESP, as it is not defined
396 * there. We instead check the GPT_FLAG_NO_BLOCK_IO_PROTOCOL, as recommended by the
397 * UEFI spec (See "12.3.3 Number and Location of System Partitions"). */
399 if (pflags
& GPT_FLAG_NO_BLOCK_IO_PROTOCOL
)
402 designator
= PARTITION_ESP
;
405 #ifdef GPT_ROOT_NATIVE
406 else if (sd_id128_equal(type_id
, GPT_ROOT_NATIVE
)) {
408 if (pflags
& GPT_FLAG_NO_AUTO
)
411 /* If a root ID is specified, ignore everything but the root id */
412 if (!sd_id128_is_null(root_uuid
) && !sd_id128_equal(root_uuid
, id
))
415 designator
= PARTITION_ROOT
;
416 architecture
= native_architecture();
417 rw
= !(pflags
& GPT_FLAG_READ_ONLY
);
418 } else if (sd_id128_equal(type_id
, GPT_ROOT_NATIVE_VERITY
)) {
420 if (pflags
& GPT_FLAG_NO_AUTO
)
423 m
->can_verity
= true;
425 /* Ignore verity unless a root hash is specified */
426 if (sd_id128_is_null(verity_uuid
) || !sd_id128_equal(verity_uuid
, id
))
429 designator
= PARTITION_ROOT_VERITY
;
430 fstype
= "DM_verity_hash";
431 architecture
= native_architecture();
435 #ifdef GPT_ROOT_SECONDARY
436 else if (sd_id128_equal(type_id
, GPT_ROOT_SECONDARY
)) {
438 if (pflags
& GPT_FLAG_NO_AUTO
)
441 /* If a root ID is specified, ignore everything but the root id */
442 if (!sd_id128_is_null(root_uuid
) && !sd_id128_equal(root_uuid
, id
))
445 designator
= PARTITION_ROOT_SECONDARY
;
446 architecture
= SECONDARY_ARCHITECTURE
;
447 rw
= !(pflags
& GPT_FLAG_READ_ONLY
);
448 } else if (sd_id128_equal(type_id
, GPT_ROOT_SECONDARY_VERITY
)) {
450 if (pflags
& GPT_FLAG_NO_AUTO
)
453 m
->can_verity
= true;
455 /* Ignore verity unless root has is specified */
456 if (sd_id128_is_null(verity_uuid
) || !sd_id128_equal(verity_uuid
, id
))
459 designator
= PARTITION_ROOT_SECONDARY_VERITY
;
460 fstype
= "DM_verity_hash";
461 architecture
= SECONDARY_ARCHITECTURE
;
465 else if (sd_id128_equal(type_id
, GPT_SWAP
)) {
467 if (pflags
& GPT_FLAG_NO_AUTO
)
470 designator
= PARTITION_SWAP
;
472 } else if (sd_id128_equal(type_id
, GPT_LINUX_GENERIC
)) {
474 if (pflags
& GPT_FLAG_NO_AUTO
)
478 multiple_generic
= true;
481 generic_rw
= !(pflags
& GPT_FLAG_READ_ONLY
);
483 generic_node
= strdup(node
);
489 if (designator
!= _PARTITION_DESIGNATOR_INVALID
) {
490 _cleanup_free_
char *t
= NULL
, *n
= NULL
;
493 if (m
->partitions
[designator
].found
)
506 m
->partitions
[designator
] = (DissectedPartition
) {
510 .architecture
= architecture
,
521 if (pflags
!= 0x80) /* Bootable flag */
524 if (blkid_partition_get_type(pp
) != 0x83) /* Linux partition */
528 multiple_generic
= true;
532 generic_node
= strdup(node
);
539 if (!m
->partitions
[PARTITION_ROOT
].found
) {
540 /* No root partition found? Then let's see if ther's one for the secondary architecture. And if not
541 * either, then check if there's a single generic one, and use that. */
543 if (m
->partitions
[PARTITION_ROOT_VERITY
].found
)
544 return -EADDRNOTAVAIL
;
546 if (m
->partitions
[PARTITION_ROOT_SECONDARY
].found
) {
547 m
->partitions
[PARTITION_ROOT
] = m
->partitions
[PARTITION_ROOT_SECONDARY
];
548 zero(m
->partitions
[PARTITION_ROOT_SECONDARY
]);
550 m
->partitions
[PARTITION_ROOT_VERITY
] = m
->partitions
[PARTITION_ROOT_SECONDARY_VERITY
];
551 zero(m
->partitions
[PARTITION_ROOT_SECONDARY_VERITY
]);
553 } else if (flags
& DISSECT_IMAGE_REQUIRE_ROOT
) {
555 /* If the root has was set, then we won't fallback to a generic node, because the root hash
558 return -EADDRNOTAVAIL
;
560 /* If we didn't find a generic node, then we can't fix this up either */
564 /* If we didn't find a properly marked root partition, but we did find a single suitable
565 * generic Linux partition, then use this as root partition, if the caller asked for it. */
566 if (multiple_generic
)
569 m
->partitions
[PARTITION_ROOT
] = (DissectedPartition
) {
572 .partno
= generic_nr
,
573 .architecture
= _ARCHITECTURE_INVALID
,
574 .node
= generic_node
,
575 .uuid
= generic_uuid
,
583 if (!m
->partitions
[PARTITION_ROOT_VERITY
].found
|| !m
->partitions
[PARTITION_ROOT
].found
)
584 return -EADDRNOTAVAIL
;
586 /* If we found the primary root with the hash, then we definitely want to suppress any secondary root
587 * (which would be weird, after all the root hash should only be assigned to one pair of
589 m
->partitions
[PARTITION_ROOT_SECONDARY
].found
= false;
590 m
->partitions
[PARTITION_ROOT_SECONDARY_VERITY
].found
= false;
592 /* If we found a verity setup, then the root partition is necessarily read-only. */
593 m
->partitions
[PARTITION_ROOT
].rw
= false;
601 /* Fill in file system types if we don't know them yet. */
602 for (i
= 0; i
< _PARTITION_DESIGNATOR_MAX
; i
++) {
603 DissectedPartition
*p
= m
->partitions
+ i
;
608 if (!p
->fstype
&& p
->node
) {
609 r
= probe_filesystem(p
->node
, &p
->fstype
);
614 if (streq_ptr(p
->fstype
, "crypto_LUKS"))
617 if (p
->fstype
&& fstype_is_ro(p
->fstype
))
630 DissectedImage
* dissected_image_unref(DissectedImage
*m
) {
636 for (i
= 0; i
< _PARTITION_DESIGNATOR_MAX
; i
++) {
637 free(m
->partitions
[i
].fstype
);
638 free(m
->partitions
[i
].node
);
639 free(m
->partitions
[i
].decrypted_fstype
);
640 free(m
->partitions
[i
].decrypted_node
);
644 strv_free(m
->machine_info
);
645 strv_free(m
->os_release
);
650 static int is_loop_device(const char *path
) {
651 char s
[SYS_BLOCK_PATH_MAX("/../loop/")];
656 if (stat(path
, &st
) < 0)
659 if (!S_ISBLK(st
.st_mode
))
662 xsprintf_sys_block_path(s
, "/loop/", st
.st_dev
);
663 if (access(s
, F_OK
) < 0) {
667 /* The device itself isn't a loop device, but maybe it's a partition and its parent is? */
668 xsprintf_sys_block_path(s
, "/../loop/", st
.st_dev
);
669 if (access(s
, F_OK
) < 0)
670 return errno
== ENOENT
? false : -errno
;
676 static int mount_partition(
677 DissectedPartition
*m
,
679 const char *directory
,
680 DissectImageFlags flags
) {
682 const char *p
, *options
= NULL
, *node
, *fstype
;
683 _cleanup_free_
char *chased
= NULL
;
690 node
= m
->decrypted_node
?: m
->node
;
691 fstype
= m
->decrypted_fstype
?: m
->fstype
;
693 if (!m
->found
|| !node
|| !fstype
)
696 /* Stacked encryption? Yuck */
697 if (streq_ptr(fstype
, "crypto_LUKS"))
700 rw
= m
->rw
&& !(flags
& DISSECT_IMAGE_READ_ONLY
);
703 r
= chase_symlinks(directory
, where
, CHASE_PREFIX_ROOT
, &chased
);
711 /* If requested, turn on discard support. */
712 if (fstype_can_discard(fstype
) &&
713 ((flags
& DISSECT_IMAGE_DISCARD
) ||
714 ((flags
& DISSECT_IMAGE_DISCARD_ON_LOOP
) && is_loop_device(m
->node
))))
717 return mount_verbose(LOG_DEBUG
, node
, p
, fstype
, MS_NODEV
|(rw
? 0 : MS_RDONLY
), options
);
720 int dissected_image_mount(DissectedImage
*m
, const char *where
, DissectImageFlags flags
) {
726 if (!m
->partitions
[PARTITION_ROOT
].found
)
729 r
= mount_partition(m
->partitions
+ PARTITION_ROOT
, where
, NULL
, flags
);
733 r
= mount_partition(m
->partitions
+ PARTITION_HOME
, where
, "/home", flags
);
737 r
= mount_partition(m
->partitions
+ PARTITION_SRV
, where
, "/srv", flags
);
741 if (m
->partitions
[PARTITION_ESP
].found
) {
744 /* Mount the ESP to /efi if it exists and is empty. If it doesn't exist, use /boot instead. */
746 FOREACH_STRING(mp
, "/efi", "/boot") {
747 _cleanup_free_
char *p
= NULL
;
749 r
= chase_symlinks(mp
, where
, CHASE_PREFIX_ROOT
, &p
);
755 r
= mount_partition(m
->partitions
+ PARTITION_ESP
, where
, mp
, flags
);
765 #if HAVE_LIBCRYPTSETUP
766 typedef struct DecryptedPartition
{
767 struct crypt_device
*device
;
770 } DecryptedPartition
;
772 struct DecryptedImage
{
773 DecryptedPartition
*decrypted
;
779 DecryptedImage
* decrypted_image_unref(DecryptedImage
* d
) {
780 #if HAVE_LIBCRYPTSETUP
787 for (i
= 0; i
< d
->n_decrypted
; i
++) {
788 DecryptedPartition
*p
= d
->decrypted
+ i
;
790 if (p
->device
&& p
->name
&& !p
->relinquished
) {
791 r
= crypt_deactivate(p
->device
, p
->name
);
793 log_debug_errno(r
, "Failed to deactivate encrypted partition %s", p
->name
);
797 crypt_free(p
->device
);
806 #if HAVE_LIBCRYPTSETUP
808 static int make_dm_name_and_node(const void *original_node
, const char *suffix
, char **ret_name
, char **ret_node
) {
809 _cleanup_free_
char *name
= NULL
, *node
= NULL
;
812 assert(original_node
);
817 base
= strrchr(original_node
, '/');
824 name
= strjoin(base
, suffix
);
827 if (!filename_is_valid(name
))
830 node
= strjoin(crypt_get_dir(), "/", name
);
841 static int decrypt_partition(
842 DissectedPartition
*m
,
843 const char *passphrase
,
844 DissectImageFlags flags
,
847 _cleanup_free_
char *node
= NULL
, *name
= NULL
;
848 _cleanup_(crypt_freep
) struct crypt_device
*cd
= NULL
;
854 if (!m
->found
|| !m
->node
|| !m
->fstype
)
857 if (!streq(m
->fstype
, "crypto_LUKS"))
863 r
= make_dm_name_and_node(m
->node
, "-decrypted", &name
, &node
);
867 if (!GREEDY_REALLOC0(d
->decrypted
, d
->n_allocated
, d
->n_decrypted
+ 1))
870 r
= crypt_init(&cd
, m
->node
);
872 return log_debug_errno(r
, "Failed to initialize dm-crypt: %m");
874 r
= crypt_load(cd
, CRYPT_LUKS
, NULL
);
876 return log_debug_errno(r
, "Failed to load LUKS metadata: %m");
878 r
= crypt_activate_by_passphrase(cd
, name
, CRYPT_ANY_SLOT
, passphrase
, strlen(passphrase
),
879 ((flags
& DISSECT_IMAGE_READ_ONLY
) ? CRYPT_ACTIVATE_READONLY
: 0) |
880 ((flags
& DISSECT_IMAGE_DISCARD_ON_CRYPTO
) ? CRYPT_ACTIVATE_ALLOW_DISCARDS
: 0));
882 log_debug_errno(r
, "Failed to activate LUKS device: %m");
883 return r
== -EPERM
? -EKEYREJECTED
: r
;
886 d
->decrypted
[d
->n_decrypted
].name
= name
;
889 d
->decrypted
[d
->n_decrypted
].device
= cd
;
893 m
->decrypted_node
= node
;
899 static int verity_partition(
900 DissectedPartition
*m
,
901 DissectedPartition
*v
,
902 const void *root_hash
,
903 size_t root_hash_size
,
904 DissectImageFlags flags
,
907 _cleanup_free_
char *node
= NULL
, *name
= NULL
;
908 _cleanup_(crypt_freep
) struct crypt_device
*cd
= NULL
;
917 if (!m
->found
|| !m
->node
|| !m
->fstype
)
919 if (!v
->found
|| !v
->node
|| !v
->fstype
)
922 if (!streq(v
->fstype
, "DM_verity_hash"))
925 r
= make_dm_name_and_node(m
->node
, "-verity", &name
, &node
);
929 if (!GREEDY_REALLOC0(d
->decrypted
, d
->n_allocated
, d
->n_decrypted
+ 1))
932 r
= crypt_init(&cd
, v
->node
);
936 r
= crypt_load(cd
, CRYPT_VERITY
, NULL
);
940 r
= crypt_set_data_device(cd
, m
->node
);
944 r
= crypt_activate_by_volume_key(cd
, name
, root_hash
, root_hash_size
, CRYPT_ACTIVATE_READONLY
);
948 d
->decrypted
[d
->n_decrypted
].name
= name
;
951 d
->decrypted
[d
->n_decrypted
].device
= cd
;
955 m
->decrypted_node
= node
;
962 int dissected_image_decrypt(
964 const char *passphrase
,
965 const void *root_hash
,
966 size_t root_hash_size
,
967 DissectImageFlags flags
,
968 DecryptedImage
**ret
) {
970 _cleanup_(decrypted_image_unrefp
) DecryptedImage
*d
= NULL
;
971 #if HAVE_LIBCRYPTSETUP
977 assert(root_hash
|| root_hash_size
== 0);
981 * = 0 → There was nothing to decrypt
982 * > 0 → Decrypted successfully
983 * -ENOKEY → There's something to decrypt but no key was supplied
984 * -EKEYREJECTED → Passed key was not correct
987 if (root_hash
&& root_hash_size
< sizeof(sd_id128_t
))
990 if (!m
->encrypted
&& !m
->verity
) {
995 #if HAVE_LIBCRYPTSETUP
996 d
= new0(DecryptedImage
, 1);
1000 for (i
= 0; i
< _PARTITION_DESIGNATOR_MAX
; i
++) {
1001 DissectedPartition
*p
= m
->partitions
+ i
;
1007 r
= decrypt_partition(p
, passphrase
, flags
, d
);
1011 k
= PARTITION_VERITY_OF(i
);
1013 r
= verity_partition(p
, m
->partitions
+ k
, root_hash
, root_hash_size
, flags
, d
);
1018 if (!p
->decrypted_fstype
&& p
->decrypted_node
) {
1019 r
= probe_filesystem(p
->decrypted_node
, &p
->decrypted_fstype
);
1034 int dissected_image_decrypt_interactively(
1036 const char *passphrase
,
1037 const void *root_hash
,
1038 size_t root_hash_size
,
1039 DissectImageFlags flags
,
1040 DecryptedImage
**ret
) {
1042 _cleanup_strv_free_erase_
char **z
= NULL
;
1049 r
= dissected_image_decrypt(m
, passphrase
, root_hash
, root_hash_size
, flags
, ret
);
1052 if (r
== -EKEYREJECTED
)
1053 log_error_errno(r
, "Incorrect passphrase, try again!");
1054 else if (r
!= -ENOKEY
) {
1055 log_error_errno(r
, "Failed to decrypt image: %m");
1060 log_error("Too many retries.");
1061 return -EKEYREJECTED
;
1066 r
= ask_password_auto("Please enter image passphrase!", NULL
, "dissect", "dissect", USEC_INFINITY
, 0, &z
);
1068 return log_error_errno(r
, "Failed to query for passphrase: %m");
1074 #if HAVE_LIBCRYPTSETUP
1075 static int deferred_remove(DecryptedPartition
*p
) {
1077 struct dm_ioctl dm
= {
1081 DM_VERSION_PATCHLEVEL
1083 .data_size
= sizeof(dm
),
1084 .flags
= DM_DEFERRED_REMOVE
,
1087 _cleanup_close_
int fd
= -1;
1091 /* Unfortunately, libcryptsetup doesn't provide a proper API for this, hence call the ioctl() directly. */
1093 fd
= open("/dev/mapper/control", O_RDWR
|O_CLOEXEC
);
1097 strncpy(dm
.name
, p
->name
, sizeof(dm
.name
));
1099 if (ioctl(fd
, DM_DEV_REMOVE
, &dm
))
1106 int decrypted_image_relinquish(DecryptedImage
*d
) {
1108 #if HAVE_LIBCRYPTSETUP
1115 /* Turns on automatic removal after the last use ended for all DM devices of this image, and sets a boolean so
1116 * that we don't clean it up ourselves either anymore */
1118 #if HAVE_LIBCRYPTSETUP
1119 for (i
= 0; i
< d
->n_decrypted
; i
++) {
1120 DecryptedPartition
*p
= d
->decrypted
+ i
;
1122 if (p
->relinquished
)
1125 r
= deferred_remove(p
);
1127 return log_debug_errno(r
, "Failed to mark %s for auto-removal: %m", p
->name
);
1129 p
->relinquished
= true;
1136 int root_hash_load(const char *image
, void **ret
, size_t *ret_size
) {
1137 _cleanup_free_
char *text
= NULL
;
1138 _cleanup_free_
void *k
= NULL
;
1146 if (is_device_path(image
)) {
1147 /* If we are asked to load the root hash for a device node, exit early */
1153 r
= getxattr_malloc(image
, "user.verity.roothash", &text
, true);
1157 if (!IN_SET(r
, -ENODATA
, -EOPNOTSUPP
, -ENOENT
))
1160 fn
= newa(char, strlen(image
) + strlen(".roothash") + 1);
1161 n
= stpcpy(fn
, image
);
1162 e
= endswith(fn
, ".raw");
1166 strcpy(n
, ".roothash");
1168 r
= read_one_line_file(fn
, &text
);
1178 r
= unhexmem(text
, strlen(text
), &k
, &l
);
1181 if (l
< sizeof(sd_id128_t
))
1192 int dissected_image_acquire_metadata(DissectedImage
*m
) {
1202 static const char *const paths
[_META_MAX
] = {
1203 [META_HOSTNAME
] = "/etc/hostname\0",
1204 [META_MACHINE_ID
] = "/etc/machine-id\0",
1205 [META_MACHINE_INFO
] = "/etc/machine-info\0",
1206 [META_OS_RELEASE
] = "/etc/os-release\0/usr/lib/os-release\0",
1209 _cleanup_strv_free_
char **machine_info
= NULL
, **os_release
= NULL
;
1210 _cleanup_(rmdir_and_freep
) char *t
= NULL
;
1211 _cleanup_(sigkill_waitp
) pid_t child
= 0;
1212 sd_id128_t machine_id
= SD_ID128_NULL
;
1213 _cleanup_free_
char *hostname
= NULL
;
1214 unsigned n_meta_initialized
= 0, k
;
1215 int fds
[2 * _META_MAX
], r
;
1218 BLOCK_SIGNALS(SIGCHLD
);
1222 for (; n_meta_initialized
< _META_MAX
; n_meta_initialized
++)
1223 if (pipe2(fds
+ 2*n_meta_initialized
, O_CLOEXEC
) < 0) {
1228 r
= mkdtemp_malloc("/tmp/dissect-XXXXXX", &t
);
1232 child
= raw_clone(SIGCHLD
|CLONE_NEWNS
);
1240 (void) reset_all_signal_handlers();
1241 (void) reset_signal_mask();
1242 assert_se(prctl(PR_SET_PDEATHSIG
, SIGTERM
) == 0);
1244 /* Make sure we never propagate to the host */
1245 if (mount(NULL
, "/", NULL
, MS_SLAVE
| MS_REC
, NULL
) < 0)
1246 _exit(EXIT_FAILURE
);
1248 r
= dissected_image_mount(m
, t
, DISSECT_IMAGE_READ_ONLY
);
1250 _exit(EXIT_FAILURE
);
1252 for (k
= 0; k
< _META_MAX
; k
++) {
1253 _cleanup_close_
int fd
= -1;
1256 fds
[2*k
] = safe_close(fds
[2*k
]);
1258 NULSTR_FOREACH(p
, paths
[k
]) {
1259 _cleanup_free_
char *q
= NULL
;
1261 r
= chase_symlinks(p
, t
, CHASE_PREFIX_ROOT
, &q
);
1265 fd
= open(q
, O_RDONLY
|O_CLOEXEC
|O_NOCTTY
);
1272 r
= copy_bytes(fd
, fds
[2*k
+1], (uint64_t) -1, 0);
1274 _exit(EXIT_FAILURE
);
1276 fds
[2*k
+1] = safe_close(fds
[2*k
+1]);
1279 _exit(EXIT_SUCCESS
);
1282 for (k
= 0; k
< _META_MAX
; k
++) {
1283 _cleanup_fclose_
FILE *f
= NULL
;
1285 fds
[2*k
+1] = safe_close(fds
[2*k
+1]);
1287 f
= fdopen(fds
[2*k
], "re");
1298 r
= read_etc_hostname_stream(f
, &hostname
);
1300 log_debug_errno(r
, "Failed to read /etc/hostname: %m");
1304 case META_MACHINE_ID
: {
1305 _cleanup_free_
char *line
= NULL
;
1307 r
= read_line(f
, LONG_LINE_MAX
, &line
);
1309 log_debug_errno(r
, "Failed to read /etc/machine-id: %m");
1311 r
= sd_id128_from_string(line
, &machine_id
);
1313 log_debug_errno(r
, "Image contains invalid /etc/machine-id: %s", line
);
1315 log_debug("/etc/machine-id file is empty.");
1317 log_debug("/etc/machine-id has unexpected length %i.", r
);
1322 case META_MACHINE_INFO
:
1323 r
= load_env_file_pairs(f
, "machine-info", NULL
, &machine_info
);
1325 log_debug_errno(r
, "Failed to read /etc/machine-info: %m");
1329 case META_OS_RELEASE
:
1330 r
= load_env_file_pairs(f
, "os-release", NULL
, &os_release
);
1332 log_debug_errno(r
, "Failed to read OS release file: %m");
1338 r
= wait_for_terminate(child
, &si
);
1343 if (si
.si_code
!= CLD_EXITED
|| si
.si_status
!= EXIT_SUCCESS
) {
1348 free_and_replace(m
->hostname
, hostname
);
1349 m
->machine_id
= machine_id
;
1350 strv_free_and_replace(m
->machine_info
, machine_info
);
1351 strv_free_and_replace(m
->os_release
, os_release
);
1354 for (k
= 0; k
< n_meta_initialized
; k
++)
1355 safe_close_pair(fds
+ 2*k
);
1360 static const char *const partition_designator_table
[] = {
1361 [PARTITION_ROOT
] = "root",
1362 [PARTITION_ROOT_SECONDARY
] = "root-secondary",
1363 [PARTITION_HOME
] = "home",
1364 [PARTITION_SRV
] = "srv",
1365 [PARTITION_ESP
] = "esp",
1366 [PARTITION_SWAP
] = "swap",
1367 [PARTITION_ROOT_VERITY
] = "root-verity",
1368 [PARTITION_ROOT_SECONDARY_VERITY
] = "root-secondary-verity",
1371 DEFINE_STRING_TABLE_LOOKUP(partition_designator
, int);