1 /* SPDX-License-Identifier: LGPL-2.1+ */
3 This file is part of systemd.
5 Copyright 2016 Lennart Poettering
7 systemd is free software; you can redistribute it and/or modify it
8 under the terms of the GNU Lesser General Public License as published by
9 the Free Software Foundation; either version 2.1 of the License, or
10 (at your option) any later version.
12 systemd is distributed in the hope that it will be useful, but
13 WITHOUT ANY WARRANTY; without even the implied warranty of
14 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
15 Lesser General Public License for more details.
17 You should have received a copy of the GNU Lesser General Public License
18 along with systemd; If not, see <http://www.gnu.org/licenses/>.
21 #if HAVE_LIBCRYPTSETUP
22 #include <libcryptsetup.h>
24 #define CRYPT_LUKS NULL
27 #include <sys/mount.h>
28 #include <sys/prctl.h>
31 #include "architecture.h"
32 #include "ask-password-api.h"
33 #include "blkid-util.h"
36 #include "dissect-image.h"
41 #include "hexdecoct.h"
42 #include "hostname-util.h"
43 #include "id128-util.h"
44 #include "linux-3.13/dm-ioctl.h"
45 #include "mount-util.h"
46 #include "path-util.h"
47 #include "process-util.h"
48 #include "raw-clone.h"
49 #include "signal-util.h"
50 #include "stat-util.h"
51 #include "stdio-util.h"
52 #include "string-table.h"
53 #include "string-util.h"
55 #include "udev-util.h"
56 #include "xattr-util.h"
58 _unused_
static int probe_filesystem(const char *node
, char **ret_fstype
) {
60 _cleanup_blkid_free_probe_ blkid_probe b
= NULL
;
64 b
= blkid_new_probe_from_filename(node
);
68 blkid_probe_enable_superblocks(b
, 1);
69 blkid_probe_set_superblocks_flags(b
, BLKID_SUBLKS_TYPE
);
72 r
= blkid_do_safeprobe(b
);
73 if (IN_SET(r
, -2, 1)) {
74 log_debug("Failed to identify any partition type on partition %s", node
);
78 return -errno
?: -EIO
;
80 (void) blkid_probe_lookup_value(b
, "TYPE", &fstype
, NULL
);
101 int dissect_image(int fd
, const void *root_hash
, size_t root_hash_size
, DissectImageFlags flags
, DissectedImage
**ret
) {
104 sd_id128_t root_uuid
= SD_ID128_NULL
, verity_uuid
= SD_ID128_NULL
;
105 _cleanup_udev_enumerate_unref_
struct udev_enumerate
*e
= NULL
;
106 bool is_gpt
, is_mbr
, generic_rw
, multiple_generic
= false;
107 _cleanup_udev_device_unref_
struct udev_device
*d
= NULL
;
108 _cleanup_(dissected_image_unrefp
) DissectedImage
*m
= NULL
;
109 _cleanup_blkid_free_probe_ blkid_probe b
= NULL
;
110 _cleanup_udev_unref_
struct udev
*udev
= NULL
;
111 _cleanup_free_
char *generic_node
= NULL
;
112 sd_id128_t generic_uuid
= SD_ID128_NULL
;
113 const char *pttype
= NULL
;
114 struct udev_list_entry
*first
, *item
;
122 assert(root_hash
|| root_hash_size
== 0);
124 /* Probes a disk image, and returns information about what it found in *ret.
126 * Returns -ENOPKG if no suitable partition table or file system could be found.
127 * Returns -EADDRNOTAVAIL if a root hash was specified but no matching root/verity partitions found. */
130 /* If a root hash is supplied, then we use the root partition that has a UUID that match the first
131 * 128bit of the root hash. And we use the verity partition that has a UUID that match the final
134 if (root_hash_size
< sizeof(sd_id128_t
))
137 memcpy(&root_uuid
, root_hash
, sizeof(sd_id128_t
));
138 memcpy(&verity_uuid
, (const uint8_t*) root_hash
+ root_hash_size
- sizeof(sd_id128_t
), sizeof(sd_id128_t
));
140 if (sd_id128_is_null(root_uuid
))
142 if (sd_id128_is_null(verity_uuid
))
146 if (fstat(fd
, &st
) < 0)
149 if (!S_ISBLK(st
.st_mode
))
152 b
= blkid_new_probe();
157 r
= blkid_probe_set_device(b
, fd
, 0, 0);
159 return -errno
?: -ENOMEM
;
161 if ((flags
& DISSECT_IMAGE_GPT_ONLY
) == 0) {
162 /* Look for file system superblocks, unless we only shall look for GPT partition tables */
163 blkid_probe_enable_superblocks(b
, 1);
164 blkid_probe_set_superblocks_flags(b
, BLKID_SUBLKS_TYPE
|BLKID_SUBLKS_USAGE
);
167 blkid_probe_enable_partitions(b
, 1);
168 blkid_probe_set_partitions_flags(b
, BLKID_PARTS_ENTRY_DETAILS
);
171 r
= blkid_do_safeprobe(b
);
172 if (IN_SET(r
, -2, 1)) {
173 log_debug("Failed to identify any partition table.");
177 return -errno
?: -EIO
;
179 m
= new0(DissectedImage
, 1);
183 if (!(flags
& DISSECT_IMAGE_GPT_ONLY
) &&
184 (flags
& DISSECT_IMAGE_REQUIRE_ROOT
)) {
185 const char *usage
= NULL
;
187 (void) blkid_probe_lookup_value(b
, "USAGE", &usage
, NULL
);
188 if (STRPTR_IN_SET(usage
, "filesystem", "crypto")) {
189 _cleanup_free_
char *t
= NULL
, *n
= NULL
;
190 const char *fstype
= NULL
;
192 /* OK, we have found a file system, that's our root partition then. */
193 (void) blkid_probe_lookup_value(b
, "TYPE", &fstype
, NULL
);
201 if (asprintf(&n
, "/dev/block/%u:%u", major(st
.st_rdev
), minor(st
.st_rdev
)) < 0)
204 m
->partitions
[PARTITION_ROOT
] = (DissectedPartition
) {
208 .architecture
= _ARCHITECTURE_INVALID
,
215 m
->encrypted
= streq(fstype
, "crypto_LUKS");
224 (void) blkid_probe_lookup_value(b
, "PTTYPE", &pttype
, NULL
);
228 is_gpt
= streq_ptr(pttype
, "gpt");
229 is_mbr
= streq_ptr(pttype
, "dos");
231 if (!is_gpt
&& ((flags
& DISSECT_IMAGE_GPT_ONLY
) || !is_mbr
))
235 pl
= blkid_probe_get_partitions(b
);
237 return -errno
?: -ENOMEM
;
243 d
= udev_device_new_from_devnum(udev
, 'b', st
.st_rdev
);
251 log_debug("Kernel partitions never appeared.");
255 e
= udev_enumerate_new(udev
);
259 r
= udev_enumerate_add_match_parent(e
, d
);
263 r
= udev_enumerate_scan_devices(e
);
267 /* Count the partitions enumerated by the kernel */
269 first
= udev_enumerate_get_list_entry(e
);
270 udev_list_entry_foreach(item
, first
)
273 /* Count the partitions enumerated by blkid */
274 z
= blkid_partlist_numof_partitions(pl
);
278 log_debug("blkid and kernel partition list do not match.");
284 /* The kernel has probed fewer partitions than blkid? Maybe the kernel prober is still running
285 * or it got EBUSY because udev already opened the device. Let's reprobe the device, which is a
286 * synchronous call that waits until probing is complete. */
292 if (ioctl(fd
, BLKRRPART
, 0) < 0) {
296 struct loop_info64 info
;
298 /* If we are running on a loop device that has partition scanning off,
299 * return an explicit recognizable error about this, so that callers
300 * can generate a proper message explaining the situation. */
302 if (ioctl(fd
, LOOP_GET_STATUS64
, &info
) >= 0 && (info
.lo_flags
& LO_FLAGS_PARTSCAN
) == 0) {
303 log_debug("Device is loop device and partition scanning is off!");
304 return -EPROTONOSUPPORT
;
312 /* If something else has the device open, such as an udev rule, the ioctl will return
313 * EBUSY. Since there's no way to wait until it isn't busy anymore, let's just wait a
314 * bit, and try again.
316 * This is really something they should fix in the kernel! */
318 (void) usleep(50 * USEC_PER_MSEC
);
322 e
= udev_enumerate_unref(e
);
325 first
= udev_enumerate_get_list_entry(e
);
326 udev_list_entry_foreach(item
, first
) {
327 _cleanup_udev_device_unref_
struct udev_device
*q
;
328 unsigned long long pflags
;
330 const char *node
, *sysname
;
334 q
= udev_device_new_from_syspath(udev
, udev_list_entry_get_name(item
));
338 qn
= udev_device_get_devnum(q
);
342 if (st
.st_rdev
== qn
)
345 /* Filter out weird MMC RPMB partitions, which cannot reasonably be read, see
346 * https://github.com/systemd/systemd/issues/5806 */
347 sysname
= udev_device_get_sysname(q
);
348 if (sysname
&& startswith(sysname
, "mmcblk") && endswith(sysname
, "rpmb"))
351 node
= udev_device_get_devnode(q
);
355 pp
= blkid_partlist_devno_to_partition(pl
, qn
);
359 pflags
= blkid_partition_get_flags(pp
);
361 nr
= blkid_partition_get_partno(pp
);
366 int designator
= _PARTITION_DESIGNATOR_INVALID
, architecture
= _ARCHITECTURE_INVALID
;
367 const char *stype
, *sid
, *fstype
= NULL
;
368 sd_id128_t type_id
, id
;
371 sid
= blkid_partition_get_uuid(pp
);
374 if (sd_id128_from_string(sid
, &id
) < 0)
377 stype
= blkid_partition_get_type_string(pp
);
380 if (sd_id128_from_string(stype
, &type_id
) < 0)
383 if (sd_id128_equal(type_id
, GPT_HOME
)) {
385 if (pflags
& GPT_FLAG_NO_AUTO
)
388 designator
= PARTITION_HOME
;
389 rw
= !(pflags
& GPT_FLAG_READ_ONLY
);
390 } else if (sd_id128_equal(type_id
, GPT_SRV
)) {
392 if (pflags
& GPT_FLAG_NO_AUTO
)
395 designator
= PARTITION_SRV
;
396 rw
= !(pflags
& GPT_FLAG_READ_ONLY
);
397 } else if (sd_id128_equal(type_id
, GPT_ESP
)) {
399 /* Note that we don't check the GPT_FLAG_NO_AUTO flag for the ESP, as it is not defined
400 * there. We instead check the GPT_FLAG_NO_BLOCK_IO_PROTOCOL, as recommended by the
401 * UEFI spec (See "12.3.3 Number and Location of System Partitions"). */
403 if (pflags
& GPT_FLAG_NO_BLOCK_IO_PROTOCOL
)
406 designator
= PARTITION_ESP
;
409 #ifdef GPT_ROOT_NATIVE
410 else if (sd_id128_equal(type_id
, GPT_ROOT_NATIVE
)) {
412 if (pflags
& GPT_FLAG_NO_AUTO
)
415 /* If a root ID is specified, ignore everything but the root id */
416 if (!sd_id128_is_null(root_uuid
) && !sd_id128_equal(root_uuid
, id
))
419 designator
= PARTITION_ROOT
;
420 architecture
= native_architecture();
421 rw
= !(pflags
& GPT_FLAG_READ_ONLY
);
422 } else if (sd_id128_equal(type_id
, GPT_ROOT_NATIVE_VERITY
)) {
424 if (pflags
& GPT_FLAG_NO_AUTO
)
427 m
->can_verity
= true;
429 /* Ignore verity unless a root hash is specified */
430 if (sd_id128_is_null(verity_uuid
) || !sd_id128_equal(verity_uuid
, id
))
433 designator
= PARTITION_ROOT_VERITY
;
434 fstype
= "DM_verity_hash";
435 architecture
= native_architecture();
439 #ifdef GPT_ROOT_SECONDARY
440 else if (sd_id128_equal(type_id
, GPT_ROOT_SECONDARY
)) {
442 if (pflags
& GPT_FLAG_NO_AUTO
)
445 /* If a root ID is specified, ignore everything but the root id */
446 if (!sd_id128_is_null(root_uuid
) && !sd_id128_equal(root_uuid
, id
))
449 designator
= PARTITION_ROOT_SECONDARY
;
450 architecture
= SECONDARY_ARCHITECTURE
;
451 rw
= !(pflags
& GPT_FLAG_READ_ONLY
);
452 } else if (sd_id128_equal(type_id
, GPT_ROOT_SECONDARY_VERITY
)) {
454 if (pflags
& GPT_FLAG_NO_AUTO
)
457 m
->can_verity
= true;
459 /* Ignore verity unless root has is specified */
460 if (sd_id128_is_null(verity_uuid
) || !sd_id128_equal(verity_uuid
, id
))
463 designator
= PARTITION_ROOT_SECONDARY_VERITY
;
464 fstype
= "DM_verity_hash";
465 architecture
= SECONDARY_ARCHITECTURE
;
469 else if (sd_id128_equal(type_id
, GPT_SWAP
)) {
471 if (pflags
& GPT_FLAG_NO_AUTO
)
474 designator
= PARTITION_SWAP
;
476 } else if (sd_id128_equal(type_id
, GPT_LINUX_GENERIC
)) {
478 if (pflags
& GPT_FLAG_NO_AUTO
)
482 multiple_generic
= true;
485 generic_rw
= !(pflags
& GPT_FLAG_READ_ONLY
);
487 generic_node
= strdup(node
);
493 if (designator
!= _PARTITION_DESIGNATOR_INVALID
) {
494 _cleanup_free_
char *t
= NULL
, *n
= NULL
;
497 if (m
->partitions
[designator
].found
)
510 m
->partitions
[designator
] = (DissectedPartition
) {
514 .architecture
= architecture
,
525 if (pflags
!= 0x80) /* Bootable flag */
528 if (blkid_partition_get_type(pp
) != 0x83) /* Linux partition */
532 multiple_generic
= true;
536 generic_node
= strdup(node
);
543 if (!m
->partitions
[PARTITION_ROOT
].found
) {
544 /* No root partition found? Then let's see if ther's one for the secondary architecture. And if not
545 * either, then check if there's a single generic one, and use that. */
547 if (m
->partitions
[PARTITION_ROOT_VERITY
].found
)
548 return -EADDRNOTAVAIL
;
550 if (m
->partitions
[PARTITION_ROOT_SECONDARY
].found
) {
551 m
->partitions
[PARTITION_ROOT
] = m
->partitions
[PARTITION_ROOT_SECONDARY
];
552 zero(m
->partitions
[PARTITION_ROOT_SECONDARY
]);
554 m
->partitions
[PARTITION_ROOT_VERITY
] = m
->partitions
[PARTITION_ROOT_SECONDARY_VERITY
];
555 zero(m
->partitions
[PARTITION_ROOT_SECONDARY_VERITY
]);
557 } else if (flags
& DISSECT_IMAGE_REQUIRE_ROOT
) {
559 /* If the root has was set, then we won't fallback to a generic node, because the root hash
562 return -EADDRNOTAVAIL
;
564 /* If we didn't find a generic node, then we can't fix this up either */
568 /* If we didn't find a properly marked root partition, but we did find a single suitable
569 * generic Linux partition, then use this as root partition, if the caller asked for it. */
570 if (multiple_generic
)
573 m
->partitions
[PARTITION_ROOT
] = (DissectedPartition
) {
576 .partno
= generic_nr
,
577 .architecture
= _ARCHITECTURE_INVALID
,
578 .node
= generic_node
,
579 .uuid
= generic_uuid
,
587 if (!m
->partitions
[PARTITION_ROOT_VERITY
].found
|| !m
->partitions
[PARTITION_ROOT
].found
)
588 return -EADDRNOTAVAIL
;
590 /* If we found the primary root with the hash, then we definitely want to suppress any secondary root
591 * (which would be weird, after all the root hash should only be assigned to one pair of
593 m
->partitions
[PARTITION_ROOT_SECONDARY
].found
= false;
594 m
->partitions
[PARTITION_ROOT_SECONDARY_VERITY
].found
= false;
596 /* If we found a verity setup, then the root partition is necessarily read-only. */
597 m
->partitions
[PARTITION_ROOT
].rw
= false;
605 /* Fill in file system types if we don't know them yet. */
606 for (i
= 0; i
< _PARTITION_DESIGNATOR_MAX
; i
++) {
607 DissectedPartition
*p
= m
->partitions
+ i
;
612 if (!p
->fstype
&& p
->node
) {
613 r
= probe_filesystem(p
->node
, &p
->fstype
);
618 if (streq_ptr(p
->fstype
, "crypto_LUKS"))
621 if (p
->fstype
&& fstype_is_ro(p
->fstype
))
634 DissectedImage
* dissected_image_unref(DissectedImage
*m
) {
640 for (i
= 0; i
< _PARTITION_DESIGNATOR_MAX
; i
++) {
641 free(m
->partitions
[i
].fstype
);
642 free(m
->partitions
[i
].node
);
643 free(m
->partitions
[i
].decrypted_fstype
);
644 free(m
->partitions
[i
].decrypted_node
);
648 strv_free(m
->machine_info
);
649 strv_free(m
->os_release
);
655 static int is_loop_device(const char *path
) {
656 char s
[strlen("/sys/dev/block/") + DECIMAL_STR_MAX(dev_t
) + 1 + DECIMAL_STR_MAX(dev_t
) + strlen("/../loop/")];
661 if (stat(path
, &st
) < 0)
664 if (!S_ISBLK(st
.st_mode
))
667 xsprintf(s
, "/sys/dev/block/%u:%u/loop/", major(st
.st_rdev
), minor(st
.st_rdev
));
668 if (access(s
, F_OK
) < 0) {
672 /* The device itself isn't a loop device, but maybe it's a partition and its parent is? */
673 xsprintf(s
, "/sys/dev/block/%u:%u/../loop/", major(st
.st_rdev
), minor(st
.st_rdev
));
674 if (access(s
, F_OK
) < 0)
675 return errno
== ENOENT
? false : -errno
;
681 static int mount_partition(
682 DissectedPartition
*m
,
684 const char *directory
,
685 DissectImageFlags flags
) {
687 const char *p
, *options
= NULL
, *node
, *fstype
;
688 _cleanup_free_
char *chased
= NULL
;
695 node
= m
->decrypted_node
?: m
->node
;
696 fstype
= m
->decrypted_fstype
?: m
->fstype
;
698 if (!m
->found
|| !node
|| !fstype
)
701 /* Stacked encryption? Yuck */
702 if (streq_ptr(fstype
, "crypto_LUKS"))
705 rw
= m
->rw
&& !(flags
& DISSECT_IMAGE_READ_ONLY
);
708 r
= chase_symlinks(directory
, where
, CHASE_PREFIX_ROOT
, &chased
);
716 /* If requested, turn on discard support. */
717 if (fstype_can_discard(fstype
) &&
718 ((flags
& DISSECT_IMAGE_DISCARD
) ||
719 ((flags
& DISSECT_IMAGE_DISCARD_ON_LOOP
) && is_loop_device(m
->node
))))
722 return mount_verbose(LOG_DEBUG
, node
, p
, fstype
, MS_NODEV
|(rw
? 0 : MS_RDONLY
), options
);
725 int dissected_image_mount(DissectedImage
*m
, const char *where
, DissectImageFlags flags
) {
731 if (!m
->partitions
[PARTITION_ROOT
].found
)
734 r
= mount_partition(m
->partitions
+ PARTITION_ROOT
, where
, NULL
, flags
);
738 r
= mount_partition(m
->partitions
+ PARTITION_HOME
, where
, "/home", flags
);
742 r
= mount_partition(m
->partitions
+ PARTITION_SRV
, where
, "/srv", flags
);
746 if (m
->partitions
[PARTITION_ESP
].found
) {
749 /* Mount the ESP to /efi if it exists and is empty. If it doesn't exist, use /boot instead. */
751 FOREACH_STRING(mp
, "/efi", "/boot") {
752 _cleanup_free_
char *p
= NULL
;
754 r
= chase_symlinks(mp
, where
, CHASE_PREFIX_ROOT
, &p
);
760 r
= mount_partition(m
->partitions
+ PARTITION_ESP
, where
, mp
, flags
);
770 #if HAVE_LIBCRYPTSETUP
771 typedef struct DecryptedPartition
{
772 struct crypt_device
*device
;
775 } DecryptedPartition
;
777 struct DecryptedImage
{
778 DecryptedPartition
*decrypted
;
784 DecryptedImage
* decrypted_image_unref(DecryptedImage
* d
) {
785 #if HAVE_LIBCRYPTSETUP
792 for (i
= 0; i
< d
->n_decrypted
; i
++) {
793 DecryptedPartition
*p
= d
->decrypted
+ i
;
795 if (p
->device
&& p
->name
&& !p
->relinquished
) {
796 r
= crypt_deactivate(p
->device
, p
->name
);
798 log_debug_errno(r
, "Failed to deactivate encrypted partition %s", p
->name
);
802 crypt_free(p
->device
);
811 #if HAVE_LIBCRYPTSETUP
813 static int make_dm_name_and_node(const void *original_node
, const char *suffix
, char **ret_name
, char **ret_node
) {
814 _cleanup_free_
char *name
= NULL
, *node
= NULL
;
817 assert(original_node
);
822 base
= strrchr(original_node
, '/');
829 name
= strjoin(base
, suffix
);
832 if (!filename_is_valid(name
))
835 node
= strjoin(crypt_get_dir(), "/", name
);
846 static int decrypt_partition(
847 DissectedPartition
*m
,
848 const char *passphrase
,
849 DissectImageFlags flags
,
852 _cleanup_free_
char *node
= NULL
, *name
= NULL
;
853 struct crypt_device
*cd
;
859 if (!m
->found
|| !m
->node
|| !m
->fstype
)
862 if (!streq(m
->fstype
, "crypto_LUKS"))
865 r
= make_dm_name_and_node(m
->node
, "-decrypted", &name
, &node
);
869 if (!GREEDY_REALLOC0(d
->decrypted
, d
->n_allocated
, d
->n_decrypted
+ 1))
872 r
= crypt_init(&cd
, m
->node
);
874 return log_debug_errno(r
, "Failed to initialize dm-crypt: %m");
876 r
= crypt_load(cd
, CRYPT_LUKS
, NULL
);
878 log_debug_errno(r
, "Failed to load LUKS metadata: %m");
882 r
= crypt_activate_by_passphrase(cd
, name
, CRYPT_ANY_SLOT
, passphrase
, strlen(passphrase
),
883 ((flags
& DISSECT_IMAGE_READ_ONLY
) ? CRYPT_ACTIVATE_READONLY
: 0) |
884 ((flags
& DISSECT_IMAGE_DISCARD_ON_CRYPTO
) ? CRYPT_ACTIVATE_ALLOW_DISCARDS
: 0));
886 log_debug_errno(r
, "Failed to activate LUKS device: %m");
894 d
->decrypted
[d
->n_decrypted
].name
= name
;
897 d
->decrypted
[d
->n_decrypted
].device
= cd
;
900 m
->decrypted_node
= node
;
910 static int verity_partition(
911 DissectedPartition
*m
,
912 DissectedPartition
*v
,
913 const void *root_hash
,
914 size_t root_hash_size
,
915 DissectImageFlags flags
,
918 _cleanup_free_
char *node
= NULL
, *name
= NULL
;
919 struct crypt_device
*cd
;
928 if (!m
->found
|| !m
->node
|| !m
->fstype
)
930 if (!v
->found
|| !v
->node
|| !v
->fstype
)
933 if (!streq(v
->fstype
, "DM_verity_hash"))
936 r
= make_dm_name_and_node(m
->node
, "-verity", &name
, &node
);
940 if (!GREEDY_REALLOC0(d
->decrypted
, d
->n_allocated
, d
->n_decrypted
+ 1))
943 r
= crypt_init(&cd
, v
->node
);
947 r
= crypt_load(cd
, CRYPT_VERITY
, NULL
);
951 r
= crypt_set_data_device(cd
, m
->node
);
955 r
= crypt_activate_by_volume_key(cd
, name
, root_hash
, root_hash_size
, CRYPT_ACTIVATE_READONLY
);
959 d
->decrypted
[d
->n_decrypted
].name
= name
;
962 d
->decrypted
[d
->n_decrypted
].device
= cd
;
965 m
->decrypted_node
= node
;
976 int dissected_image_decrypt(
978 const char *passphrase
,
979 const void *root_hash
,
980 size_t root_hash_size
,
981 DissectImageFlags flags
,
982 DecryptedImage
**ret
) {
984 _cleanup_(decrypted_image_unrefp
) DecryptedImage
*d
= NULL
;
985 #if HAVE_LIBCRYPTSETUP
991 assert(root_hash
|| root_hash_size
== 0);
995 * = 0 → There was nothing to decrypt
996 * > 0 → Decrypted successfully
997 * -ENOKEY → There's something to decrypt but no key was supplied
998 * -EKEYREJECTED → Passed key was not correct
1001 if (root_hash
&& root_hash_size
< sizeof(sd_id128_t
))
1004 if (!m
->encrypted
&& !m
->verity
) {
1009 #if HAVE_LIBCRYPTSETUP
1010 if (m
->encrypted
&& !passphrase
)
1013 d
= new0(DecryptedImage
, 1);
1017 for (i
= 0; i
< _PARTITION_DESIGNATOR_MAX
; i
++) {
1018 DissectedPartition
*p
= m
->partitions
+ i
;
1024 r
= decrypt_partition(p
, passphrase
, flags
, d
);
1028 k
= PARTITION_VERITY_OF(i
);
1030 r
= verity_partition(p
, m
->partitions
+ k
, root_hash
, root_hash_size
, flags
, d
);
1035 if (!p
->decrypted_fstype
&& p
->decrypted_node
) {
1036 r
= probe_filesystem(p
->decrypted_node
, &p
->decrypted_fstype
);
1051 int dissected_image_decrypt_interactively(
1053 const char *passphrase
,
1054 const void *root_hash
,
1055 size_t root_hash_size
,
1056 DissectImageFlags flags
,
1057 DecryptedImage
**ret
) {
1059 _cleanup_strv_free_erase_
char **z
= NULL
;
1066 r
= dissected_image_decrypt(m
, passphrase
, root_hash
, root_hash_size
, flags
, ret
);
1069 if (r
== -EKEYREJECTED
)
1070 log_error_errno(r
, "Incorrect passphrase, try again!");
1071 else if (r
!= -ENOKEY
) {
1072 log_error_errno(r
, "Failed to decrypt image: %m");
1077 log_error("Too many retries.");
1078 return -EKEYREJECTED
;
1083 r
= ask_password_auto("Please enter image passphrase!", NULL
, "dissect", "dissect", USEC_INFINITY
, 0, &z
);
1085 return log_error_errno(r
, "Failed to query for passphrase: %m");
1091 #if HAVE_LIBCRYPTSETUP
1092 static int deferred_remove(DecryptedPartition
*p
) {
1094 struct dm_ioctl dm
= {
1098 DM_VERSION_PATCHLEVEL
1100 .data_size
= sizeof(dm
),
1101 .flags
= DM_DEFERRED_REMOVE
,
1104 _cleanup_close_
int fd
= -1;
1108 /* Unfortunately, libcryptsetup doesn't provide a proper API for this, hence call the ioctl() directly. */
1110 fd
= open("/dev/mapper/control", O_RDWR
|O_CLOEXEC
);
1114 strncpy(dm
.name
, p
->name
, sizeof(dm
.name
));
1116 if (ioctl(fd
, DM_DEV_REMOVE
, &dm
))
1123 int decrypted_image_relinquish(DecryptedImage
*d
) {
1125 #if HAVE_LIBCRYPTSETUP
1132 /* Turns on automatic removal after the last use ended for all DM devices of this image, and sets a boolean so
1133 * that we don't clean it up ourselves either anymore */
1135 #if HAVE_LIBCRYPTSETUP
1136 for (i
= 0; i
< d
->n_decrypted
; i
++) {
1137 DecryptedPartition
*p
= d
->decrypted
+ i
;
1139 if (p
->relinquished
)
1142 r
= deferred_remove(p
);
1144 return log_debug_errno(r
, "Failed to mark %s for auto-removal: %m", p
->name
);
1146 p
->relinquished
= true;
1153 int root_hash_load(const char *image
, void **ret
, size_t *ret_size
) {
1154 _cleanup_free_
char *text
= NULL
;
1155 _cleanup_free_
void *k
= NULL
;
1163 if (is_device_path(image
)) {
1164 /* If we are asked to load the root hash for a device node, exit early */
1170 r
= getxattr_malloc(image
, "user.verity.roothash", &text
, true);
1174 if (!IN_SET(r
, -ENODATA
, -EOPNOTSUPP
, -ENOENT
))
1177 fn
= newa(char, strlen(image
) + strlen(".roothash") + 1);
1178 n
= stpcpy(fn
, image
);
1179 e
= endswith(fn
, ".raw");
1183 strcpy(n
, ".roothash");
1185 r
= read_one_line_file(fn
, &text
);
1195 r
= unhexmem(text
, strlen(text
), &k
, &l
);
1198 if (l
< sizeof(sd_id128_t
))
1209 int dissected_image_acquire_metadata(DissectedImage
*m
) {
1219 static const char *const paths
[_META_MAX
] = {
1220 [META_HOSTNAME
] = "/etc/hostname\0",
1221 [META_MACHINE_ID
] = "/etc/machine-id\0",
1222 [META_MACHINE_INFO
] = "/etc/machine-info\0",
1223 [META_OS_RELEASE
] = "/etc/os-release\0/usr/lib/os-release\0",
1226 _cleanup_strv_free_
char **machine_info
= NULL
, **os_release
= NULL
;
1227 _cleanup_(rmdir_and_freep
) char *t
= NULL
;
1228 _cleanup_(sigkill_waitp
) pid_t child
= 0;
1229 sd_id128_t machine_id
= SD_ID128_NULL
;
1230 _cleanup_free_
char *hostname
= NULL
;
1231 unsigned n_meta_initialized
= 0, k
;
1232 int fds
[2 * _META_MAX
], r
;
1235 BLOCK_SIGNALS(SIGCHLD
);
1239 for (; n_meta_initialized
< _META_MAX
; n_meta_initialized
++)
1240 if (pipe2(fds
+ 2*n_meta_initialized
, O_CLOEXEC
) < 0) {
1245 r
= mkdtemp_malloc("/tmp/dissect-XXXXXX", &t
);
1249 child
= raw_clone(SIGCHLD
|CLONE_NEWNS
);
1257 (void) reset_all_signal_handlers();
1258 (void) reset_signal_mask();
1259 assert_se(prctl(PR_SET_PDEATHSIG
, SIGTERM
) == 0);
1261 /* Make sure we never propagate to the host */
1262 if (mount(NULL
, "/", NULL
, MS_SLAVE
| MS_REC
, NULL
) < 0)
1263 _exit(EXIT_FAILURE
);
1265 r
= dissected_image_mount(m
, t
, DISSECT_IMAGE_READ_ONLY
);
1267 _exit(EXIT_FAILURE
);
1269 for (k
= 0; k
< _META_MAX
; k
++) {
1270 _cleanup_close_
int fd
= -1;
1273 fds
[2*k
] = safe_close(fds
[2*k
]);
1275 NULSTR_FOREACH(p
, paths
[k
]) {
1276 _cleanup_free_
char *q
= NULL
;
1278 r
= chase_symlinks(p
, t
, CHASE_PREFIX_ROOT
, &q
);
1282 fd
= open(q
, O_RDONLY
|O_CLOEXEC
|O_NOCTTY
);
1289 r
= copy_bytes(fd
, fds
[2*k
+1], (uint64_t) -1, 0);
1291 _exit(EXIT_FAILURE
);
1293 fds
[2*k
+1] = safe_close(fds
[2*k
+1]);
1296 _exit(EXIT_SUCCESS
);
1299 for (k
= 0; k
< _META_MAX
; k
++) {
1300 _cleanup_fclose_
FILE *f
= NULL
;
1302 fds
[2*k
+1] = safe_close(fds
[2*k
+1]);
1304 f
= fdopen(fds
[2*k
], "re");
1315 r
= read_etc_hostname_stream(f
, &hostname
);
1317 log_debug_errno(r
, "Failed to read /etc/hostname: %m");
1321 case META_MACHINE_ID
: {
1322 _cleanup_free_
char *line
= NULL
;
1324 r
= read_line(f
, LONG_LINE_MAX
, &line
);
1326 log_debug_errno(r
, "Failed to read /etc/machine-id: %m");
1328 r
= sd_id128_from_string(line
, &machine_id
);
1330 log_debug_errno(r
, "Image contains invalid /etc/machine-id: %s", line
);
1332 log_debug("/etc/machine-id file is empty.");
1334 log_debug("/etc/machine-id has unexpected length %i.", r
);
1339 case META_MACHINE_INFO
:
1340 r
= load_env_file_pairs(f
, "machine-info", NULL
, &machine_info
);
1342 log_debug_errno(r
, "Failed to read /etc/machine-info: %m");
1346 case META_OS_RELEASE
:
1347 r
= load_env_file_pairs(f
, "os-release", NULL
, &os_release
);
1349 log_debug_errno(r
, "Failed to read OS release file: %m");
1355 r
= wait_for_terminate(child
, &si
);
1360 if (si
.si_code
!= CLD_EXITED
|| si
.si_status
!= EXIT_SUCCESS
) {
1365 free_and_replace(m
->hostname
, hostname
);
1366 m
->machine_id
= machine_id
;
1367 strv_free_and_replace(m
->machine_info
, machine_info
);
1368 strv_free_and_replace(m
->os_release
, os_release
);
1371 for (k
= 0; k
< n_meta_initialized
; k
++)
1372 safe_close_pair(fds
+ 2*k
);
1377 static const char *const partition_designator_table
[] = {
1378 [PARTITION_ROOT
] = "root",
1379 [PARTITION_ROOT_SECONDARY
] = "root-secondary",
1380 [PARTITION_HOME
] = "home",
1381 [PARTITION_SRV
] = "srv",
1382 [PARTITION_ESP
] = "esp",
1383 [PARTITION_SWAP
] = "swap",
1384 [PARTITION_ROOT_VERITY
] = "root-verity",
1385 [PARTITION_ROOT_SECONDARY_VERITY
] = "root-secondary-verity",
1388 DEFINE_STRING_TABLE_LOOKUP(partition_designator
, int);