]>
Commit | Line | Data |
---|---|---|
53e1b683 | 1 | /* SPDX-License-Identifier: LGPL-2.1+ */ |
2f3dfc6f | 2 | |
dccca82b | 3 | #include <errno.h> |
2f3dfc6f LP |
4 | #include <stdio.h> |
5 | #include <sys/stat.h> | |
6 | ||
dccca82b | 7 | #include "alloc-util.h" |
294bd454 | 8 | #include "crypt-util.h" |
2f3dfc6f | 9 | #include "hexdecoct.h" |
dccca82b | 10 | #include "log.h" |
2f3dfc6f | 11 | #include "string-util.h" |
2f3dfc6f LP |
12 | |
13 | static char *arg_root_hash = NULL; | |
14 | static char *arg_data_what = NULL; | |
15 | static char *arg_hash_what = NULL; | |
16 | ||
17 | static int help(void) { | |
18 | printf("%s attach VOLUME DATADEVICE HASHDEVICE ROOTHASH\n" | |
19 | "%s detach VOLUME\n\n" | |
20 | "Attaches or detaches an integrity protected block device.\n", | |
21 | program_invocation_short_name, | |
22 | program_invocation_short_name); | |
23 | ||
24 | return 0; | |
25 | } | |
26 | ||
2f3dfc6f | 27 | int main(int argc, char *argv[]) { |
294bd454 | 28 | _cleanup_(crypt_freep) struct crypt_device *cd = NULL; |
2f3dfc6f LP |
29 | int r; |
30 | ||
31 | if (argc <= 1) { | |
32 | r = help(); | |
33 | goto finish; | |
34 | } | |
35 | ||
36 | if (argc < 3) { | |
37 | log_error("This program requires at least two arguments."); | |
38 | r = -EINVAL; | |
39 | goto finish; | |
40 | } | |
41 | ||
42 | log_set_target(LOG_TARGET_AUTO); | |
43 | log_parse_environment(); | |
44 | log_open(); | |
45 | ||
46 | umask(0022); | |
47 | ||
48 | if (streq(argv[1], "attach")) { | |
49 | _cleanup_free_ void *m = NULL; | |
50 | crypt_status_info status; | |
51 | size_t l; | |
52 | ||
53 | if (argc < 6) { | |
54 | log_error("attach requires at least two arguments."); | |
55 | r = -EINVAL; | |
56 | goto finish; | |
57 | } | |
58 | ||
59 | r = unhexmem(argv[5], strlen(argv[5]), &m, &l); | |
60 | if (r < 0) { | |
61 | log_error("Failed to parse root hash."); | |
62 | goto finish; | |
63 | } | |
64 | ||
65 | r = crypt_init(&cd, argv[4]); | |
66 | if (r < 0) { | |
67 | log_error_errno(r, "Failed to open verity device %s: %m", argv[4]); | |
68 | goto finish; | |
69 | } | |
70 | ||
691c2e2e | 71 | crypt_set_log_callback(cd, cryptsetup_log_glue, NULL); |
2f3dfc6f LP |
72 | |
73 | status = crypt_status(cd, argv[2]); | |
3742095b | 74 | if (IN_SET(status, CRYPT_ACTIVE, CRYPT_BUSY)) { |
2f3dfc6f LP |
75 | log_info("Volume %s already active.", argv[2]); |
76 | r = 0; | |
77 | goto finish; | |
78 | } | |
79 | ||
80 | r = crypt_load(cd, CRYPT_VERITY, NULL); | |
81 | if (r < 0) { | |
82 | log_error_errno(r, "Failed to load verity superblock: %m"); | |
83 | goto finish; | |
84 | } | |
85 | ||
86 | r = crypt_set_data_device(cd, argv[3]); | |
87 | if (r < 0) { | |
88 | log_error_errno(r, "Failed to configure data device: %m"); | |
89 | goto finish; | |
90 | } | |
91 | ||
92 | r = crypt_activate_by_volume_key(cd, argv[2], m, l, CRYPT_ACTIVATE_READONLY); | |
93 | if (r < 0) { | |
94 | log_error_errno(r, "Failed to set up verity device: %m"); | |
95 | goto finish; | |
96 | } | |
97 | ||
98 | } else if (streq(argv[1], "detach")) { | |
99 | ||
100 | r = crypt_init_by_name(&cd, argv[2]); | |
101 | if (r == -ENODEV) { | |
102 | log_info("Volume %s already inactive.", argv[2]); | |
103 | goto finish; | |
104 | } else if (r < 0) { | |
105 | log_error_errno(r, "crypt_init_by_name() failed: %m"); | |
106 | goto finish; | |
107 | } | |
108 | ||
691c2e2e | 109 | crypt_set_log_callback(cd, cryptsetup_log_glue, NULL); |
2f3dfc6f LP |
110 | |
111 | r = crypt_deactivate(cd, argv[2]); | |
112 | if (r < 0) { | |
113 | log_error_errno(r, "Failed to deactivate: %m"); | |
114 | goto finish; | |
115 | } | |
116 | ||
117 | } else { | |
118 | log_error("Unknown verb %s.", argv[1]); | |
119 | r = -EINVAL; | |
120 | goto finish; | |
121 | } | |
122 | ||
123 | r = 0; | |
124 | ||
125 | finish: | |
2f3dfc6f LP |
126 | free(arg_root_hash); |
127 | free(arg_data_what); | |
128 | free(arg_hash_what); | |
129 | ||
130 | return r < 0 ? EXIT_FAILURE : EXIT_SUCCESS; | |
131 | } |