]> git.ipfire.org Git - thirdparty/systemd.git/commit
projects / thirdparty / systemd.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: d560cbc) | patch
dissect: check that roothash in signature matches before selecting partition
authorLuca Boccassi <luca.boccassi@gmail.com>
Mon, 10 Nov 2025 02:01:57 +0000 (02:01 +0000)
committerLuca Boccassi <luca.boccassi@gmail.com>
Tue, 11 Nov 2025 17:43:24 +0000 (17:43 +0000)
commit98ca65c36aa970f8fbcf0bf50d8c2f03ffba299a
treef296db7b15f8fc02966a088d5d5260b9962c541btree | snapshot
parentd560cbc0d9227c0af3590f218c8424d3308eabd1commit | diff
dissect: check that roothash in signature matches before selecting partition

If there are multiple verity sig partitions (e.g.: sysupdate and A/B
scheme), dissection will simply pick the last sig partition it encounters,
as no checks are done on the content (like for the usr/root and verity data).

Check that the JSON content matches the requested roothash, if any.

Before:

sda: /usr/lib/udev/rules.d/90-image-dissect.rules:34 IMPORT{builtin}="dissect_image probe": Importing properties from results of builtin command "dissect_image probe".
Dissecting esp partition with label esp and UUID b80070bd-ea4f-49ea-94ab-41a4e4125f80.
Dissecting usr-verity-sig partition with label ParticleOS_27.178_verity_sig and UUID a6d47959-39f7-4686-99b0-660b301d1488.
Dissecting usr-verity partition with label ParticleOS_27.178_verity and UUID d7acad57-995d-297d-bf6c-a58821dcd28a.
Dissecting usr partition with label ParticleOS_27.178 and UUID f5b6aff5-945d-946e-faf4-d482c07f9968.
Dissecting usr-verity-sig partition with label ParticleOS_118.26_verity_sig and UUID c9151ec9-3264-434a-8f42-7b125432d676.
Dissecting usr-verity partition with label ParticleOS_118.26_verity and UUID 88fa8c85-8161-ea32-bf4a-fc8df18d27ae.
Partition UUID '88fa8c85-8161-ea32-bf4a-fc8df18d27ae' does not match expected UUID 'f5b6aff5-945d-946e-faf4-d482c07f9968' derived from usr verity hash, ignoring.
Dissecting usr partition with label ParticleOS_118.26 and UUID 52df1859-e144-348d-2cb1-8d6440254719.
Partition UUID '52df1859-e144-348d-2cb1-8d6440254719' does not match expected UUID 'f5b6aff5-945d-946e-faf4-d482c07f9968' derived from usr verity hash, ignoring.
Dissecting swap partition with label ParticleOS-swap and UUID 7fe77f77-32fb-4957-8c1e-6c04bd2e435f.
Dissecting root partition with label ParticleOS-root and UUID a5c89fc4-e92c-4e83-913f-8c866b94592e.
Dissecting home partition with label ParticleOS-home and UUID 25885d07-baa2-4992-b6aa-56813aa70cef.
Found for designator root: encrypted+unprotected+unused.
Found for designator usr: verity+signed+encrypted+unprotected+unused.
Found for designator home: encrypted+unprotected+unused.
Found for designator srv: absent.
Found for designator esp: encrypted+unprotected+unused.
Found for designator xbootldr: absent.
Found for designator swap: encrypted+unprotected+unused.
Found for designator root-verity: absent.
Found for designator usr-verity: encrypted+unprotected+unused.
Found for designator root-verity-sig: absent.
Found for designator usr-verity-sig: encrypted+unprotected+unused.
Found for designator tmp: absent.
Found for designator var: absent.
Probed fstype 'btrfs' on partition /dev/sda9.
Probed fstype 'erofs' on partition /dev/sda4.
Probed fstype 'btrfs' on partition /dev/sda10.
Probed fstype 'swap' on partition /dev/sda8.
Root hash in signature JSON data (52df1859e144348d2cb18d644025471988fa8c858161ea32bf4afc8df18d27ae) doesn't match configured hash (f5b6aff5945d946efaf4d482c07f9968d7acad57995d297dbf6ca58821dcd28a).
sda: Failed to load verity signature data from image: Invalid argument

After:

Dissecting usr-verity-sig partition with label ParticleOS_27.178_verity_sig and UUID a6d47959-39f7-4686-99b0-660b301d1488.
Dissecting usr-verity partition with label ParticleOS_27.178_verity and UUID d7acad57-995d-297d-bf6c-a58821dcd28a.
Dissecting usr partition with label ParticleOS_27.178 and UUID f5b6aff5-945d-946e-faf4-d482c07f9968.
Dissecting usr-verity-sig partition with label ParticleOS_118.26_verity_sig and UUID c9151ec9-3264-434a-8f42-7b125432d676.
Root hash in signature JSON data (52df1859e144348d2cb18d644025471988fa8c858161ea32bf4afc8df18d27ae) doesn't match configured hash (f5b6aff5945d946efaf4d482c07f9968d7acad57995d297dbf6ca58821dcd28a).
Dissecting usr-verity partition with label ParticleOS_118.26_verity and UUID 88fa8c85-8161-ea32-bf4a-fc8df18d27ae.
Partition UUID '88fa8c85-8161-ea32-bf4a-fc8df18d27ae' does not match expected UUID 'f5b6aff5-945d-946e-faf4-d482c07f9968' derived from usr verity hash, ignoring.
Dissecting usr partition with label ParticleOS_118.26 and UUID 52df1859-e144-348d-2cb1-8d6440254719.
Partition UUID '52df1859-e144-348d-2cb1-8d6440254719' does not match expected UUID 'f5b6aff5-945d-946e-faf4-d482c07f9968' derived from usr verity hash, ignoring.
<...>
  ID_DISSECT_PART2_DESIGNATOR=usr-verity-sig
  ID_DISSECT_PART3_ARCHITECTURE=x86-64
  ID_DISSECT_PART3_DESIGNATOR=usr-verity
  ID_DISSECT_PART4_ARCHITECTURE=x86-64
  ID_DISSECT_PART4_DESIGNATOR=usr
  ID_DISSECT_PART4_HAS_VERITY=1
  ID_DISSECT_PART4_HAS_VERITY_SIG=1
  ID_DISSECT_PART4_ROOTHASH=f5b6aff5945d946efaf4d482c07f9968d7acad57995d297dbf6ca58821dcd28a
  ID_DISSECT_PART4_ROOTHASH_SIG=<...>
  ID_DISSECT_PART4_VERITY_DEVICE=/dev/disk/by-diskseq/9-part3
  ID_DISSECT_PART4_VERITY_SIG_DEVICE=/dev/disk/by-diskseq/9-part2

Fixes https://github.com/systemd/systemd/issues/39655
src/shared/dissect-image.c diff | blob | blame | history
Unnamed repository; edit this file 'description' to name the repository.