if (p->new_padding != UINT64_MAX)
sum_padding += p->new_padding;
- if (p->verity == VERITY_HASH) {
- rh = p->roothash ? hexmem(p->roothash, p->roothash_size) : strdup("TBD");
+ if (p->verity != VERITY_OFF) {
+ Partition *hp = p->verity == VERITY_HASH ? p : p->siblings[VERITY_HASH];
+
+ rh = hp->roothash ? hexmem(hp->roothash, hp->roothash_size) : strdup("TBD");
if (!rh)
return log_oom();
}
--certificate="$defs/verity.crt" \
"$imgs/verity")
- roothash=$(jq -r ".[] | select(.type == \"root-${architecture}-verity\") | .roothash" <<< "$output")
+ drh=$(jq -r ".[] | select(.type == \"root-${architecture}\") | .roothash" <<< "$output")
+ hrh=$(jq -r ".[] | select(.type == \"root-${architecture}-verity\") | .roothash" <<< "$output")
+ srh=$(jq -r ".[] | select(.type == \"root-${architecture}-verity-sig\") | .roothash" <<< "$output")
+
+ assert_eq "$drh" "$hrh"
+ assert_eq "$hrh" "$srh"
# Check that we can dissect, mount and unmount a repart verity image. (and that the image UUID is deterministic)
return
fi
- systemd-dissect "$imgs/verity" --root-hash "$roothash"
- systemd-dissect "$imgs/verity" --root-hash "$roothash" --json=short | grep -q '"imageUuid":"1d2ce291-7cce-4f7d-bc83-fdb49ad74ebd"'
- systemd-dissect "$imgs/verity" --root-hash "$roothash" -M "$imgs/mnt"
+ systemd-dissect "$imgs/verity" --root-hash "$drh"
+ systemd-dissect "$imgs/verity" --root-hash "$drh" --json=short | grep -q '"imageUuid":"1d2ce291-7cce-4f7d-bc83-fdb49ad74ebd"'
+ systemd-dissect "$imgs/verity" --root-hash "$drh" -M "$imgs/mnt"
systemd-dissect -U "$imgs/mnt"
}
projects / thirdparty / systemd.git / commitdiff
