1 /* SPDX-License-Identifier: LGPL-2.1+ */
3 Copyright 2016 Lennart Poettering
10 #include "alloc-util.h"
11 #include "crypt-util.h"
12 #include "hexdecoct.h"
14 #include "string-util.h"
16 static char *arg_root_hash
= NULL
;
17 static char *arg_data_what
= NULL
;
18 static char *arg_hash_what
= NULL
;
20 static int help(void) {
21 printf("%s attach VOLUME DATADEVICE HASHDEVICE ROOTHASH\n"
22 "%s detach VOLUME\n\n"
23 "Attaches or detaches an integrity protected block device.\n",
24 program_invocation_short_name
,
25 program_invocation_short_name
);
30 int main(int argc
, char *argv
[]) {
31 _cleanup_(crypt_freep
) struct crypt_device
*cd
= NULL
;
40 log_error("This program requires at least two arguments.");
45 log_set_target(LOG_TARGET_AUTO
);
46 log_parse_environment();
51 if (streq(argv
[1], "attach")) {
52 _cleanup_free_
void *m
= NULL
;
53 crypt_status_info status
;
57 log_error("attach requires at least two arguments.");
62 r
= unhexmem(argv
[5], strlen(argv
[5]), &m
, &l
);
64 log_error("Failed to parse root hash.");
68 r
= crypt_init(&cd
, argv
[4]);
70 log_error_errno(r
, "Failed to open verity device %s: %m", argv
[4]);
74 crypt_set_log_callback(cd
, cryptsetup_log_glue
, NULL
);
76 status
= crypt_status(cd
, argv
[2]);
77 if (IN_SET(status
, CRYPT_ACTIVE
, CRYPT_BUSY
)) {
78 log_info("Volume %s already active.", argv
[2]);
83 r
= crypt_load(cd
, CRYPT_VERITY
, NULL
);
85 log_error_errno(r
, "Failed to load verity superblock: %m");
89 r
= crypt_set_data_device(cd
, argv
[3]);
91 log_error_errno(r
, "Failed to configure data device: %m");
95 r
= crypt_activate_by_volume_key(cd
, argv
[2], m
, l
, CRYPT_ACTIVATE_READONLY
);
97 log_error_errno(r
, "Failed to set up verity device: %m");
101 } else if (streq(argv
[1], "detach")) {
103 r
= crypt_init_by_name(&cd
, argv
[2]);
105 log_info("Volume %s already inactive.", argv
[2]);
108 log_error_errno(r
, "crypt_init_by_name() failed: %m");
112 crypt_set_log_callback(cd
, cryptsetup_log_glue
, NULL
);
114 r
= crypt_deactivate(cd
, argv
[2]);
116 log_error_errno(r
, "Failed to deactivate: %m");
121 log_error("Unknown verb %s.", argv
[1]);
133 return r
< 0 ? EXIT_FAILURE
: EXIT_SUCCESS
;