1 /* SPDX-License-Identifier: LGPL-2.1+ */
7 #include "alloc-util.h"
8 #include "crypt-util.h"
11 #include "string-util.h"
12 #include "terminal-util.h"
14 static char *arg_root_hash
= NULL
;
15 static char *arg_data_what
= NULL
;
16 static char *arg_hash_what
= NULL
;
18 static int help(void) {
19 _cleanup_free_
char *link
= NULL
;
22 r
= terminal_urlify_man("systemd-veritysetup@.service", "8", &link
);
26 printf("%s attach VOLUME DATADEVICE HASHDEVICE ROOTHASH\n"
27 "%s detach VOLUME\n\n"
28 "Attaches or detaches an integrity protected block device.\n"
29 "\nSee the %s for details.\n"
30 , program_invocation_short_name
31 , program_invocation_short_name
38 int main(int argc
, char *argv
[]) {
39 _cleanup_(crypt_freep
) struct crypt_device
*cd
= NULL
;
48 log_error("This program requires at least two arguments.");
53 log_set_target(LOG_TARGET_AUTO
);
54 log_parse_environment();
59 if (streq(argv
[1], "attach")) {
60 _cleanup_free_
void *m
= NULL
;
61 crypt_status_info status
;
65 log_error("attach requires at least two arguments.");
70 r
= unhexmem(argv
[5], strlen(argv
[5]), &m
, &l
);
72 log_error("Failed to parse root hash.");
76 r
= crypt_init(&cd
, argv
[4]);
78 log_error_errno(r
, "Failed to open verity device %s: %m", argv
[4]);
82 crypt_set_log_callback(cd
, cryptsetup_log_glue
, NULL
);
84 status
= crypt_status(cd
, argv
[2]);
85 if (IN_SET(status
, CRYPT_ACTIVE
, CRYPT_BUSY
)) {
86 log_info("Volume %s already active.", argv
[2]);
91 r
= crypt_load(cd
, CRYPT_VERITY
, NULL
);
93 log_error_errno(r
, "Failed to load verity superblock: %m");
97 r
= crypt_set_data_device(cd
, argv
[3]);
99 log_error_errno(r
, "Failed to configure data device: %m");
103 r
= crypt_activate_by_volume_key(cd
, argv
[2], m
, l
, CRYPT_ACTIVATE_READONLY
);
105 log_error_errno(r
, "Failed to set up verity device: %m");
109 } else if (streq(argv
[1], "detach")) {
111 r
= crypt_init_by_name(&cd
, argv
[2]);
113 log_info("Volume %s already inactive.", argv
[2]);
116 log_error_errno(r
, "crypt_init_by_name() failed: %m");
120 crypt_set_log_callback(cd
, cryptsetup_log_glue
, NULL
);
122 r
= crypt_deactivate(cd
, argv
[2]);
124 log_error_errno(r
, "Failed to deactivate: %m");
129 log_error("Unknown verb %s.", argv
[1]);
141 return r
< 0 ? EXIT_FAILURE
: EXIT_SUCCESS
;