veritysetup: don't measure root hash signature after unsigned fallback

verb_attach() falls back to unsigned activation (crypt_activate_by_volume_key)
when signed activation fails, but still passed the signature to
pcrextend_verity_now(). The signer is parsed out of the (unverified)
signature and folded into the dm_verity NvPCR measurement, making an
unsigned fallback indistinguishable from a genuinely signed activation to
an attester. Only measure the signature when signed activation succeeded.

Signed-off-by: Paul Meyer <katexochen0@gmail.com>

diff --git a/src/veritysetup/veritysetup.c b/src/veritysetup/veritysetup.c
index 42e5356b11524d77fcc2f958703a4705875d80d9..2b02694b9b1fdb1709ebba60272cc34f268e4452 100644 (file)
--- a/src/veritysetup/veritysetup.c
+++ b/src/veritysetup/veritysetup.c
@@ -429,6 +429,7 @@ static int verb_attach(int argc, char *argv[], uintptr_t _data, void *userdata)
         if (r < 0)
                 return log_error_errno(r, "Failed to configure data device: %m");
 
+        bool signed_activation = false;
         if (arg_root_hash_signature_size > 0) {
                 r = sym_crypt_activate_by_signed_key(cd, volume, rh, rh_size, arg_root_hash_signature, arg_root_hash_signature_size, arg_activate_flags);
                 if (r < 0) {
@@ -439,7 +440,8 @@ static int verb_attach(int argc, char *argv[], uintptr_t _data, void *userdata)
                                 return log_error_errno(r, "Failed to activate verity device '%s' both with and without root hash signature: %m", volume);
 
                         log_info("Activation of verity device '%s' succeeded without root hash signature.", volume);
-                }
+                } else
+                        signed_activation = true;
         } else
                 r = sym_crypt_activate_by_volume_key(cd, volume, rh, rh_size, arg_activate_flags);
         if (r < 0)
@@ -448,7 +450,7 @@ static int verb_attach(int argc, char *argv[], uintptr_t _data, void *userdata)
         (void) pcrextend_verity_now(
                         volume,
                         &IOVEC_MAKE(rh, rh_size),
-                        &IOVEC_MAKE(arg_root_hash_signature, arg_root_hash_signature_size));
+                        signed_activation ? &IOVEC_MAKE(arg_root_hash_signature, arg_root_hash_signature_size) : NULL);
 
         return 0;
 }