From: Luca Boccassi <luca.boccassi@microsoft.com>
Date: Tue, 10 Dec 2019 11:18:09 +0000 (+0000)
Subject: verity: add new verity.roothashfile option
X-Git-Tag: v2.35-rc1~2^2~2
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=141bb954e707326604bec7a9082f7272cece1504;p=thirdparty%2Futil-linux.git

verity: add new verity.roothashfile option

Allow users to point mount to a file to read the roothash, in addition
to passing it inline.
Allows a volume managed by a systemd mount unit to be updated without
changing the mount unit content itself, for easier and more user friendly
servicing.
---

diff --git a/libmount/docs/libmount-sections.txt b/libmount/docs/libmount-sections.txt
index 27b474fd9d..82cbedd886 100644
--- a/libmount/docs/libmount-sections.txt
+++ b/libmount/docs/libmount-sections.txt
@@ -160,6 +160,7 @@ MNT_MS_XFSTABCOMM
 MNT_MS_HASH_DEVICE
 MNT_MS_ROOT_HASH
 MNT_MS_HASH_OFFSET
+MNT_MS_ROOT_HASH_FILE
 <SUBSECTION>
 MS_BIND
 MS_DIRSYNC
diff --git a/libmount/python/pylibmount.c b/libmount/python/pylibmount.c
index e724edd149..a572c68e4b 100644
--- a/libmount/python/pylibmount.c
+++ b/libmount/python/pylibmount.c
@@ -254,6 +254,7 @@ PyMODINIT_FUNC initpylibmount(void)
 	PyModule_AddIntConstant(m, "MNT_MS_HASH_DEVICE", MNT_MS_HASH_DEVICE);
 	PyModule_AddIntConstant(m, "MNT_MS_ROOT_HASH", MNT_MS_ROOT_HASH);
 	PyModule_AddIntConstant(m, "MNT_MS_HASH_OFFSET", MNT_MS_HASH_OFFSET);
+	PyModule_AddIntConstant(m, "MNT_MS_ROOT_HASH_FILE", MNT_MS_ROOT_HASH_FILE);
 
 	/*
 	 * mount(2) MS_* masks (MNT_MAP_LINUX map)
diff --git a/libmount/src/context_veritydev.c b/libmount/src/context_veritydev.c
index fb5adde211..42745068f6 100644
--- a/libmount/src/context_veritydev.c
+++ b/libmount/src/context_veritydev.c
@@ -15,6 +15,7 @@
 #if defined(HAVE_CRYPTSETUP)
 
 #include <libcryptsetup.h>
+#include "path.h"
 
 /* Taken from https://gitlab.com/cryptsetup/cryptsetup/blob/master/lib/utils_crypt.c#L225 */
 static size_t crypt_hex_to_bytes(const char *hex, char **result)
@@ -49,7 +50,7 @@ int mnt_context_setup_veritydev(struct libmnt_context *cxt)
 	const char *backing_file, *optstr;
 	char *val = NULL, *key = NULL, *root_hash_binary = NULL, *mapper_device = NULL,
 		*mapper_device_full = NULL, *backing_file_basename = NULL, *root_hash = NULL,
-		*hash_device = NULL;
+		*hash_device = NULL, *root_hash_file = NULL;
 	size_t len, hash_size, keysize = 0;
 	struct crypt_params_verity crypt_params = {};
 	struct crypt_device *crypt_dev = NULL;
@@ -109,6 +110,23 @@ int mnt_context_setup_veritydev(struct libmnt_context *cxt)
 		}
 	}
 
+	/*
+	 * verity.roothashfile=
+	 */
+	if (rc == 0 && (cxt->user_mountflags & MNT_MS_ROOT_HASH_FILE) &&
+	    mnt_optstr_get_option(optstr, "verity.roothashfile", &val, &len) == 0 && val) {
+		root_hash_file = strndup(val, len);
+		rc = root_hash_file ? 0 : -ENOMEM;
+	}
+
+	if (root_hash && root_hash_file) {
+		DBG(VERITY, ul_debugobj(cxt, "verity.roothash and verity.roothashfile are mutually exclusive"));
+		rc = -EINVAL;
+	} else if (root_hash_file) {
+		rc = ul_path_read_string(NULL, &root_hash, root_hash_file);
+		rc = rc < 1 ? rc : 0;
+	}
+
 	if (rc)
 		goto done;
 
@@ -198,6 +216,7 @@ done:
 	free(mapper_device);
 	free(hash_device);
 	free(root_hash);
+	free(root_hash_file);
 	free(key);
 	return rc;
 }
diff --git a/libmount/src/libmount.h.in b/libmount/src/libmount.h.in
index 2c210b8119..704da08269 100644
--- a/libmount/src/libmount.h.in
+++ b/libmount/src/libmount.h.in
@@ -908,6 +908,7 @@ extern int mnt_context_set_syscall_status(struct libmnt_context *cxt, int status
 #define MNT_MS_HASH_DEVICE (1 << 18)
 #define MNT_MS_ROOT_HASH (1 << 19)
 #define MNT_MS_HASH_OFFSET (1 << 20)
+#define MNT_MS_ROOT_HASH_FILE (1 << 21)
 
 /*
  * mount(2) MS_* masks (MNT_MAP_LINUX map)
diff --git a/libmount/src/optmap.c b/libmount/src/optmap.c
index a8a6d7793d..4d4e777072 100644
--- a/libmount/src/optmap.c
+++ b/libmount/src/optmap.c
@@ -182,6 +182,7 @@ static const struct libmnt_optmap userspace_opts_map[] =
    { "verity.hashdevice=", MNT_MS_HASH_DEVICE, MNT_NOHLPS | MNT_NOMTAB },     /* mount a verity device */
    { "verity.roothash=",   MNT_MS_ROOT_HASH, MNT_NOHLPS | MNT_NOMTAB },		   /* verity device root hash */
    { "verity.hashoffset=", MNT_MS_HASH_OFFSET, MNT_NOHLPS | MNT_NOMTAB },	   /* verity device hash offset */
+   { "verity.roothashfile=", MNT_MS_ROOT_HASH_FILE, MNT_NOHLPS | MNT_NOMTAB },/* verity device root hash (read from file) */
 
    { NULL, 0, 0 }
 };
diff --git a/sys-utils/mount.8 b/sys-utils/mount.8
index 5965eaac0b..2969570011 100644
--- a/sys-utils/mount.8
+++ b/sys-utils/mount.8
@@ -2388,6 +2388,14 @@ Path to the hash tree device associated with the source volume to pass to dm-ver
 \fBverity.roothash=\fP\,\fIhex\fP
 Hex-encoded hash of the root of
 .I verity.hashdevice
+Mutually exclusive with
+.I verity.roothashfile.
+.TP
+\fBverity.roothashfile=\fP\,\fIpath\fP
+Path to file containing the hex-encoded hash of the root of
+.I verity.hashdevice.
+Mutually exclusive with
+.I verity.roothash.
 .TP
 \fBverity.hashoffset=\fP\,\fIoffset\fP
 If the hash tree device is embedded in the source volume,