]>
Commit | Line | Data |
---|---|---|
53e1b683 | 1 | /* SPDX-License-Identifier: LGPL-2.1+ */ |
2f3dfc6f LP |
2 | /*** |
3 | This file is part of systemd. | |
4 | ||
5 | Copyright 2016 Lennart Poettering | |
6 | ||
7 | systemd is free software; you can redistribute it and/or modify it | |
8 | under the terms of the GNU Lesser General Public License as published by | |
9 | the Free Software Foundation; either version 2.1 of the License, or | |
10 | (at your option) any later version. | |
11 | ||
12 | systemd is distributed in the hope that it will be useful, but | |
13 | WITHOUT ANY WARRANTY; without even the implied warranty of | |
14 | MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU | |
15 | Lesser General Public License for more details. | |
16 | ||
17 | You should have received a copy of the GNU Lesser General Public License | |
18 | along with systemd; If not, see <http://www.gnu.org/licenses/>. | |
19 | ***/ | |
20 | ||
21 | #include <libcryptsetup.h> | |
22 | #include <stdio.h> | |
23 | #include <sys/stat.h> | |
24 | ||
25 | #include "log.h" | |
26 | #include "hexdecoct.h" | |
27 | #include "string-util.h" | |
28 | #include "alloc-util.h" | |
29 | ||
30 | static char *arg_root_hash = NULL; | |
31 | static char *arg_data_what = NULL; | |
32 | static char *arg_hash_what = NULL; | |
33 | ||
34 | static int help(void) { | |
35 | printf("%s attach VOLUME DATADEVICE HASHDEVICE ROOTHASH\n" | |
36 | "%s detach VOLUME\n\n" | |
37 | "Attaches or detaches an integrity protected block device.\n", | |
38 | program_invocation_short_name, | |
39 | program_invocation_short_name); | |
40 | ||
41 | return 0; | |
42 | } | |
43 | ||
44 | static void log_glue(int level, const char *msg, void *usrptr) { | |
45 | log_debug("%s", msg); | |
46 | } | |
47 | ||
48 | int main(int argc, char *argv[]) { | |
49 | struct crypt_device *cd = NULL; | |
50 | int r; | |
51 | ||
52 | if (argc <= 1) { | |
53 | r = help(); | |
54 | goto finish; | |
55 | } | |
56 | ||
57 | if (argc < 3) { | |
58 | log_error("This program requires at least two arguments."); | |
59 | r = -EINVAL; | |
60 | goto finish; | |
61 | } | |
62 | ||
63 | log_set_target(LOG_TARGET_AUTO); | |
64 | log_parse_environment(); | |
65 | log_open(); | |
66 | ||
67 | umask(0022); | |
68 | ||
69 | if (streq(argv[1], "attach")) { | |
70 | _cleanup_free_ void *m = NULL; | |
71 | crypt_status_info status; | |
72 | size_t l; | |
73 | ||
74 | if (argc < 6) { | |
75 | log_error("attach requires at least two arguments."); | |
76 | r = -EINVAL; | |
77 | goto finish; | |
78 | } | |
79 | ||
80 | r = unhexmem(argv[5], strlen(argv[5]), &m, &l); | |
81 | if (r < 0) { | |
82 | log_error("Failed to parse root hash."); | |
83 | goto finish; | |
84 | } | |
85 | ||
86 | r = crypt_init(&cd, argv[4]); | |
87 | if (r < 0) { | |
88 | log_error_errno(r, "Failed to open verity device %s: %m", argv[4]); | |
89 | goto finish; | |
90 | } | |
91 | ||
92 | crypt_set_log_callback(cd, log_glue, NULL); | |
93 | ||
94 | status = crypt_status(cd, argv[2]); | |
3742095b | 95 | if (IN_SET(status, CRYPT_ACTIVE, CRYPT_BUSY)) { |
2f3dfc6f LP |
96 | log_info("Volume %s already active.", argv[2]); |
97 | r = 0; | |
98 | goto finish; | |
99 | } | |
100 | ||
101 | r = crypt_load(cd, CRYPT_VERITY, NULL); | |
102 | if (r < 0) { | |
103 | log_error_errno(r, "Failed to load verity superblock: %m"); | |
104 | goto finish; | |
105 | } | |
106 | ||
107 | r = crypt_set_data_device(cd, argv[3]); | |
108 | if (r < 0) { | |
109 | log_error_errno(r, "Failed to configure data device: %m"); | |
110 | goto finish; | |
111 | } | |
112 | ||
113 | r = crypt_activate_by_volume_key(cd, argv[2], m, l, CRYPT_ACTIVATE_READONLY); | |
114 | if (r < 0) { | |
115 | log_error_errno(r, "Failed to set up verity device: %m"); | |
116 | goto finish; | |
117 | } | |
118 | ||
119 | } else if (streq(argv[1], "detach")) { | |
120 | ||
121 | r = crypt_init_by_name(&cd, argv[2]); | |
122 | if (r == -ENODEV) { | |
123 | log_info("Volume %s already inactive.", argv[2]); | |
124 | goto finish; | |
125 | } else if (r < 0) { | |
126 | log_error_errno(r, "crypt_init_by_name() failed: %m"); | |
127 | goto finish; | |
128 | } | |
129 | ||
130 | crypt_set_log_callback(cd, log_glue, NULL); | |
131 | ||
132 | r = crypt_deactivate(cd, argv[2]); | |
133 | if (r < 0) { | |
134 | log_error_errno(r, "Failed to deactivate: %m"); | |
135 | goto finish; | |
136 | } | |
137 | ||
138 | } else { | |
139 | log_error("Unknown verb %s.", argv[1]); | |
140 | r = -EINVAL; | |
141 | goto finish; | |
142 | } | |
143 | ||
144 | r = 0; | |
145 | ||
146 | finish: | |
147 | if (cd) | |
148 | crypt_free(cd); | |
149 | ||
150 | free(arg_root_hash); | |
151 | free(arg_data_what); | |
152 | free(arg_hash_what); | |
153 | ||
154 | return r < 0 ? EXIT_FAILURE : EXIT_SUCCESS; | |
155 | } |