From c2534821dc13510dbfa57673af6f54d6172c3712 Mon Sep 17 00:00:00 2001 From: Lennart Poettering Date: Wed, 30 Nov 2022 18:44:06 +0100 Subject: [PATCH] dissect: add new helper verity_settings_data_covers() This function checks if the external verity data referenced in VeritySettings covers the specified partition (indicated via designator). Right now, we'll use that at one place, but in a later commit in more. --- src/shared/dissect-image.c | 7 ++----- src/shared/dissect-image.h | 8 ++++++++ 2 files changed, 10 insertions(+), 5 deletions(-) diff --git a/src/shared/dissect-image.c b/src/shared/dissect-image.c index 4dd2c2c3a9c..b3d35e9fbf3 100644 --- a/src/shared/dissect-image.c +++ b/src/shared/dissect-image.c @@ -513,13 +513,10 @@ static int dissect_image( m->encrypted = streq_ptr(fstype, "crypto_LUKS"); m->has_verity = verity && verity->data_path; - m->verity_ready = m->has_verity && - verity->root_hash && - (verity->designator < 0 || verity->designator == PARTITION_ROOT); + m->verity_ready = verity_settings_data_covers(verity, PARTITION_ROOT); m->has_verity_sig = false; /* signature not embedded, must be specified */ - m->verity_sig_ready = m->verity_ready && - verity->root_hash_sig; + m->verity_sig_ready = m->verity_ready && verity->root_hash_sig; m->image_uuid = uuid; diff --git a/src/shared/dissect-image.h b/src/shared/dissect-image.h index 5402e4fca2e..059b9aecbb9 100644 --- a/src/shared/dissect-image.h +++ b/src/shared/dissect-image.h @@ -166,6 +166,14 @@ int dissected_image_relinquish(DissectedImage *m); int verity_settings_load(VeritySettings *verity, const char *image, const char *root_hash_path, const char *root_hash_sig_path); void verity_settings_done(VeritySettings *verity); +static inline bool verity_settings_data_covers(const VeritySettings *verity, PartitionDesignator d) { + /* Returns true if the verity settings contain sufficient information to cover the specified partition */ + return verity && + ((d >= 0 && verity->designator == d) || (d == PARTITION_ROOT && verity->designator < 0)) && + verity->root_hash && + verity->data_path; +} + int dissected_image_load_verity_sig_partition(DissectedImage *m, int fd, VeritySettings *verity); bool dissected_image_verity_candidate(const DissectedImage *image, PartitionDesignator d); -- 2.47.3