From: Lennart Poettering <lennart@poettering.net>
Date: Wed, 30 Nov 2022 17:44:06 +0000 (+0100)
Subject: dissect: add new helper verity_settings_data_covers()
X-Git-Tag: v253-rc1~380
X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=c2534821dc13510dbfa57673af6f54d6172c3712;p=thirdparty%2Fsystemd.git

dissect: add new helper verity_settings_data_covers()

This function checks if the external verity data referenced in
VeritySettings covers the specified partition (indicated via
designator).

Right now, we'll use that at one place, but in a later commit in more.
---

diff --git a/src/shared/dissect-image.c b/src/shared/dissect-image.c
index 4dd2c2c3a9c..b3d35e9fbf3 100644
--- a/src/shared/dissect-image.c
+++ b/src/shared/dissect-image.c
@@ -513,13 +513,10 @@ static int dissect_image(
                         m->encrypted = streq_ptr(fstype, "crypto_LUKS");
 
                         m->has_verity = verity && verity->data_path;
-                        m->verity_ready = m->has_verity &&
-                                verity->root_hash &&
-                                (verity->designator < 0 || verity->designator == PARTITION_ROOT);
+                        m->verity_ready = verity_settings_data_covers(verity, PARTITION_ROOT);
 
                         m->has_verity_sig = false; /* signature not embedded, must be specified */
-                        m->verity_sig_ready = m->verity_ready &&
-                                verity->root_hash_sig;
+                        m->verity_sig_ready = m->verity_ready && verity->root_hash_sig;
 
                         m->image_uuid = uuid;
 
diff --git a/src/shared/dissect-image.h b/src/shared/dissect-image.h
index 5402e4fca2e..059b9aecbb9 100644
--- a/src/shared/dissect-image.h
+++ b/src/shared/dissect-image.h
@@ -166,6 +166,14 @@ int dissected_image_relinquish(DissectedImage *m);
 int verity_settings_load(VeritySettings *verity, const char *image, const char *root_hash_path, const char *root_hash_sig_path);
 void verity_settings_done(VeritySettings *verity);
 
+static inline bool verity_settings_data_covers(const VeritySettings *verity, PartitionDesignator d) {
+        /* Returns true if the verity settings contain sufficient information to cover the specified partition */
+        return verity &&
+                ((d >= 0 && verity->designator == d) || (d == PARTITION_ROOT && verity->designator < 0)) &&
+                verity->root_hash &&
+                verity->data_path;
+}
+
 int dissected_image_load_verity_sig_partition(DissectedImage *m, int fd, VeritySettings *verity);
 
 bool dissected_image_verity_candidate(const DissectedImage *image, PartitionDesignator d);