}
/* Verity partitions are read only, let's imply the RO flag hence, unless explicitly configured otherwise. */
- if ((partition_designator_is_verity(p->type.designator) || p->verity == VERITY_DATA) && p->read_only < 0)
+ if ((partition_designator_is_verity_hash(p->type.designator) || p->verity == VERITY_DATA) && p->read_only < 0)
p->read_only = true;
/* Default to "growfs" on, unless read-only */
* verity/verity-sig partition for it, based on udev metadata. */
const char *property;
- if (partition_designator_is_verity(partition_type.designator))
+ if (partition_designator_is_verity_hash(partition_type.designator))
property = "ID_DISSECT_PART_VERITY_DEVICE";
else if (partition_designator_is_verity_sig(partition_type.designator))
property = "ID_DISSECT_PART_VERITY_SIG_DEVICE";
if (m->partitions[di].found) {
found_flags = PARTITION_POLICY_ENCRYPTED|PARTITION_POLICY_UNPROTECTED|PARTITION_POLICY_UNUSED;
- PartitionDesignator vi = partition_verity_of(di);
+ PartitionDesignator vi = partition_verity_hash_of(di);
if (vi >= 0 && m->partitions[vi].found) {
found_flags |= PARTITION_POLICY_VERITY;
if (r < 0)
return r;
- k = partition_verity_of(i);
+ k = partition_verity_hash_of(i);
if (k >= 0) {
flags |= getenv_bool("SYSTEMD_VERITY_SHARING") != 0 ? DISSECT_IMAGE_VERITY_SHARE : 0;
if (!m->partitions[dd].found)
return 0;
- PartitionDesignator dv = partition_verity_of(dd);
+ PartitionDesignator dv = partition_verity_hash_of(dd);
assert(dv >= 0);
if (!m->partitions[dv].found)
return 0;
if (!d->found)
return 0;
- PartitionDesignator dv = partition_verity_of(dd);
+ PartitionDesignator dv = partition_verity_hash_of(dd);
assert(dv >= 0);
DissectedPartition *p = m->partitions + dv;
if (image->single_file_system)
return partition_designator == PARTITION_ROOT && image->has_verity;
- return partition_verity_of(partition_designator) >= 0;
+ return partition_verity_hash_of(partition_designator) >= 0;
}
bool dissected_image_verity_ready(const DissectedImage *image, PartitionDesignator partition_designator) {
if (image->single_file_system)
return partition_designator == PARTITION_ROOT;
- k = partition_verity_of(partition_designator);
+ k = partition_verity_hash_of(partition_designator);
return k >= 0 && image->partitions[k].found;
}
PARTITION_USR_VERITY_SIG);
}
-PartitionDesignator partition_verity_of(PartitionDesignator p) {
+PartitionDesignator partition_verity_hash_of(PartitionDesignator p) {
switch (p) {
case PARTITION_ROOT:
}
}
-PartitionDesignator partition_verity_to_data(PartitionDesignator d) {
+PartitionDesignator partition_verity_hash_to_data(PartitionDesignator d) {
switch (d) {
case PARTITION_ROOT_VERITY:
}
}
+PartitionDesignator partition_verity_to_data(PartitionDesignator d) {
+ PartitionDesignator e = partition_verity_hash_to_data(d);
+ if (e >= 0)
+ return e;
+
+ return partition_verity_sig_to_data(d);
+}
+
static const char *const partition_designator_table[_PARTITION_DESIGNATOR_MAX] = {
[PARTITION_ROOT] = "root",
[PARTITION_USR] = "usr",
bool partition_designator_is_versioned(PartitionDesignator d) _const_;
-PartitionDesignator partition_verity_of(PartitionDesignator p) _const_;
+PartitionDesignator partition_verity_hash_of(PartitionDesignator p) _const_;
PartitionDesignator partition_verity_sig_of(PartitionDesignator p) _const_;
-PartitionDesignator partition_verity_to_data(PartitionDesignator d) _const_;
+PartitionDesignator partition_verity_hash_to_data(PartitionDesignator d) _const_;
PartitionDesignator partition_verity_sig_to_data(PartitionDesignator d) _const_;
+PartitionDesignator partition_verity_to_data(PartitionDesignator d) _const_;
-static inline bool partition_designator_is_verity(PartitionDesignator d) {
- return partition_verity_to_data(d) >= 0;
+static inline bool partition_designator_is_verity_hash(PartitionDesignator d) {
+ return partition_verity_hash_to_data(d) >= 0;
}
static inline bool partition_designator_is_verity_sig(PartitionDesignator d) {
return partition_verity_sig_to_data(d) >= 0;
}
+static inline bool partition_designator_is_verity(PartitionDesignator d) {
+ return partition_verity_to_data(d) >= 0;
+}
+
const char* partition_designator_to_string(PartitionDesignator d) _const_;
PartitionDesignator partition_designator_from_string(const char *name) _pure_;
/* If this is a verity or verity signature designator, then mask off all protection bits, this after
* all needs no protection, because it *is* the protection */
- if (partition_verity_to_data(policy->designator) >= 0 ||
+ if (partition_verity_hash_to_data(policy->designator) >= 0 ||
partition_verity_sig_to_data(policy->designator) >= 0)
flags &= ~(PARTITION_POLICY_VERITY|PARTITION_POLICY_SIGNED|PARTITION_POLICY_ENCRYPTED);
/* if this designator has no verity concept, then mask off verity protection flags */
- if (partition_verity_of(policy->designator) < 0)
+ if (partition_verity_hash_of(policy->designator) < 0)
flags &= ~(PARTITION_POLICY_VERITY|PARTITION_POLICY_SIGNED);
/* If the partition must be absent, then the gpt flags don't matter */
/* Hmm, so this didn't work, then let's see if we can derive some policy from the underlying data
* partition in case of verity/signature partitions */
- data_designator = partition_verity_to_data(designator);
+ data_designator = partition_verity_hash_to_data(designator);
if (data_designator >= 0) {
PartitionPolicyFlags data_flags;
for (PartitionDesignator p = 0; p < _PARTITION_DESIGNATOR_MAX; p++) {
PartitionDesignator q;
- q = partition_verity_of(p);
- assert_se(q < 0 || partition_verity_to_data(q) == p);
+ q = partition_verity_hash_of(p);
+ assert_se(q < 0 || partition_verity_hash_to_data(q) == p);
q = partition_verity_sig_of(p);
assert_se(q < 0 || partition_verity_sig_to_data(q) == p);
- q = partition_verity_to_data(p);
- assert_se(q < 0 || partition_verity_of(q) == p);
+ q = partition_verity_hash_to_data(p);
+ assert_se(q < 0 || partition_verity_hash_of(q) == p);
q = partition_verity_sig_to_data(p);
assert_se(q < 0 || partition_verity_sig_of(q) == p);
+
+ q = partition_verity_to_data(p);
+ assert_se(q < 0 || partition_verity_hash_of(q) == p || partition_verity_sig_of(q) == p);
}
}
}
/* Indicate whether this partition has verity protection */
- PartitionDesignator dv = partition_verity_of(d);
+ PartitionDesignator dv = partition_verity_hash_of(d);
if (dv >= 0 && image->partitions[dv].found) {
/* Add one property that indicates as a boolean whether Verity is available at all for this */
_cleanup_free_ char *f = NULL;
projects / thirdparty / systemd.git / commitdiff
