--- /dev/null
+/* SPDX-License-Identifier: GPL-2.0-or-later */
+
+#include "blockdev-util.h"
+#include "device-util.h"
+#include "dissect-image.h"
+#include "fd-util.h"
+#include "hexdecoct.h"
+#include "image-policy.h"
+#include "initrd-util.h"
+#include "loop-util.h"
+#include "proc-cmdline.h"
+#include "udev-builtin.h"
+
+static ImagePolicy *arg_image_policy = NULL;
+static VeritySettings arg_verity_settings = VERITY_SETTINGS_DEFAULT;
+
+static int acquire_image_policy(ImagePolicy **ret) {
+ int r;
+
+ assert(ret);
+
+ _cleanup_free_ char *value = NULL;
+ r = proc_cmdline_get_key("systemd.image_policy", /* flags= */ 0, &value);
+ if (r < 0)
+ return log_error_errno(r, "Failed to read systemd.image_policy= kernel command line switch: %m");
+ if (r == 0) {
+ *ret = NULL;
+ return 0;
+ }
+
+ r = image_policy_from_string(value, ret);
+ if (r < 0)
+ return log_error_errno(r, "Failed to parse image policy '%s': %m", value);
+
+ if (DEBUG_LOGGING) {
+ _cleanup_free_ char *s = NULL;
+
+ (void) image_policy_to_string(*ret, /* simplify= */ true, &s);
+ log_debug("Loaded image policy: %s", strna(s));
+ }
+
+ return 1;
+}
+
+static int acquire_verity_settings(VeritySettings *ret) {
+ _cleanup_(verity_settings_done) VeritySettings verity = VERITY_SETTINGS_DEFAULT;
+ int r;
+
+ assert(ret);
+
+ _cleanup_free_ char *h = NULL;
+ r = proc_cmdline_get_key("roothash", /* flags= */ 0, &h);
+ if (r < 0)
+ return log_error_errno(r, "Failed to read roothash= kernel command line switch: %m");
+ if (r > 0)
+ verity.designator = PARTITION_ROOT;
+
+ _cleanup_free_ char *uh = NULL;
+ r = proc_cmdline_get_key("usrhash", /* flags= */ 0, &uh);
+ if (r < 0)
+ return log_error_errno(r, "Failed to read usrhash= kernel command line switch: %m");
+ if (r > 0) {
+ if (h)
+ return log_error_errno(SYNTHETIC_ERRNO(EINVAL), "Both roothash= and usrhash= specified, refusing.");
+
+ h = TAKE_PTR(uh);
+ verity.designator = PARTITION_USR;
+ }
+
+ if (h) {
+ r = unhexmem(h, &verity.root_hash, &verity.root_hash_size);
+ if (r < 0)
+ return log_error_errno(r, "Failed to parse root hash from kernel command line switch: %m");
+ }
+
+ *ret = TAKE_GENERIC(verity, VeritySettings, VERITY_SETTINGS_DEFAULT);
+ return 0;
+}
+
+static int verb_probe(UdevEvent *event, sd_device *dev) {
+ int r;
+
+ assert(event);
+ assert(dev);
+
+ /* This is invoked on 'main' block devices to probe the partition table. We will generate some
+ * properties with general image information, and then a bunch of properties for each partition, with
+ * the partition index in the variable name. These fields will be copied into partition block devices
+ * when the dissect_image builtin is later called with the "copy" verb, i.e. in verb_copy() below. */
+
+ const char *devnode;
+ r = sd_device_get_devname(dev, &devnode);
+ if (r < 0)
+ return log_device_debug_errno(dev, r, "Failed to get device node: %m");
+ if (block_device_is_whole_disk(dev) <= 0) {
+ log_device_debug(dev, "Must be invoked on whole block device (was invoked in '%s), ignoring.", devnode);
+ return 0;
+ }
+
+ r = blockdev_partscan_enabled(dev);
+ if (r < 0)
+ return log_device_debug_errno(dev, r, "Failed to determine if block device '%s' supports partitions: %m", devnode);
+ if (r == 0) {
+ log_device_debug(dev, "Invoked on block device '%s' that lacks partition scanning, ignoring.", devnode);
+ return 0;
+ }
+
+ _cleanup_(loop_device_unrefp) LoopDevice *loop = NULL;
+ r = loop_device_open(dev, O_RDONLY, LOCK_SH, &loop);
+ if (ERRNO_IS_NEG_DEVICE_ABSENT(r)) {
+ log_device_debug(dev, "Device absent while opening block device '%s', ignoring.", devnode);
+ return 0;
+ }
+ if (r < 0)
+ return log_device_debug_errno(dev, r, "Failed to open block device '%s: %m", devnode);
+
+ const ImagePolicy *image_policy = arg_image_policy ?: &image_policy_host;
+ _cleanup_(dissected_image_unrefp) DissectedImage *image = NULL;
+ r = dissect_loop_device(
+ loop,
+ &arg_verity_settings,
+ /* mount_options= */ NULL,
+ image_policy,
+ DISSECT_IMAGE_READ_ONLY|
+ DISSECT_IMAGE_GPT_ONLY|
+ DISSECT_IMAGE_USR_NO_ROOT|
+ DISSECT_IMAGE_ALLOW_EMPTY,
+ &image);
+ if (r == -ERFKILL && !in_initrd()) {
+ /* If we transitioned into the main system and we couldn't dissect the image with the full
+ * policy, let's see if it works if we set the policies for /usr/ and the root fs out of the
+ * policy. After all, we already made our choices, there's no point in insisting on the
+ * policy here. */
+
+ static const PartitionDesignator ignore_designators[] = {
+ PARTITION_ROOT,
+ PARTITION_ROOT_VERITY,
+ PARTITION_ROOT_VERITY_SIG,
+ PARTITION_USR,
+ PARTITION_USR_VERITY,
+ PARTITION_USR_VERITY_SIG,
+ };
+
+ _cleanup_(image_policy_freep) ImagePolicy *image_policy_mangled = NULL;
+ r = image_policy_ignore_designators(
+ image_policy,
+ ignore_designators,
+ ELEMENTSOF(ignore_designators),
+ &image_policy_mangled);
+ if (r < 0)
+ return log_device_debug_errno(dev, r, "Failed to remove root/usr partitions from image policy: %m");
+
+ if (image_policy_equal(image_policy, image_policy_mangled))
+ r = -ERFKILL; /* restore original error, if this didn't change anything */
+ else {
+ if (DEBUG_LOGGING) {
+ _cleanup_free_ char *a = NULL, *b = NULL;
+
+ (void) image_policy_to_string(image_policy, /* simplify= */ false, &a);
+ (void) image_policy_to_string(image_policy_mangled, /* simplify= */ false, &b);
+
+ log_device_debug_errno(dev, ERFKILL, "Couldn't dissect block device with regular policy '%s', retrying with policy where root/usr are set to ignore '%s'.", a, b);
+ }
+
+ r = dissect_loop_device(
+ loop,
+ &arg_verity_settings,
+ /* mount_options= */ NULL,
+ image_policy_mangled,
+ DISSECT_IMAGE_READ_ONLY|
+ DISSECT_IMAGE_GPT_ONLY|
+ DISSECT_IMAGE_USR_NO_ROOT|
+ DISSECT_IMAGE_ALLOW_EMPTY,
+ &image);
+ }
+ }
+ if (IN_SET(r, -ENOPKG, -ENOMSG, -ENXIO, -ENOTUNIQ)) {
+ log_device_debug_errno(dev, r, "Device does not carry a GPT disk label with suitable partitions, ignoring.");
+ return 0;
+ }
+ if (r == -ERFKILL) {
+ log_device_debug_errno(dev, r, "Device carries GPT disk label that doesn't match our image policy, ignoring.");
+ return 0;
+ }
+ if (r < 0)
+ return log_device_debug_errno(dev, r, "Failed to dissect disk image: %m");
+
+ /* Let's try to load verity data from the image now, so that we can attach it to the device via udev
+ * properties */
+ _cleanup_(verity_settings_done) VeritySettings verity = VERITY_SETTINGS_DEFAULT;
+ r = verity_settings_copy(&verity, &arg_verity_settings);
+ if (r < 0)
+ return r;
+
+ r = dissected_image_load_verity_sig_partition(image, loop->fd, &verity);
+ if (r < 0)
+ return log_device_debug_errno(dev, r, "Failed to load verity signature data from image: %m");
+
+ /* Marker that we determined this to be a suitable image */
+ (void) udev_builtin_add_property(event, "ID_DISSECT_IMAGE", "1");
+
+ /* Output the primary architecture this image is intended for */
+ Architecture a = dissected_image_architecture(image);
+ if (a >= 0)
+ (void) udev_builtin_add_property(event, "ID_DISSECT_IMAGE_ARCHITECTURE", architecture_to_string(a));
+
+ /* And now output the intended designator and architecture (if it applies) for all partitions we
+ * found and think belong to this system */
+ FOREACH_ELEMENT(p, image->partitions) {
+ PartitionDesignator d = p - image->partitions;
+ if (!p->found)
+ continue;
+
+ assert(p->partno > 0);
+
+ /* Indicate designator for partition */
+ _cleanup_free_ char *df = NULL;
+ if (asprintf(&df, "ID_DISSECT_PART%i_DESIGNATOR", p->partno) < 0)
+ return log_oom_debug();
+ (void) udev_builtin_add_property(event, df, partition_designator_to_string(d));
+
+ if (p->architecture >= 0) {
+ _cleanup_free_ char *f = NULL;
+ if (asprintf(&f, "ID_DISSECT_PART%i_ARCHITECTURE", p->partno) < 0)
+ return log_oom_debug();
+ (void) udev_builtin_add_property(event, f, architecture_to_string(p->architecture));
+ }
+
+ /* Indicate whether this partition has verity protection */
+ PartitionDesignator dv = partition_verity_of(d);
+ if (dv >= 0 && image->partitions[dv].found) {
+ _cleanup_free_ char *f = NULL;
+ if (asprintf(&f, "ID_DISSECT_PART%i_HAS_VERITY", p->partno) < 0)
+ return log_oom_debug();
+
+ (void) udev_builtin_add_property(event, f, "1");
+ }
+
+ dv = partition_verity_sig_of(d);
+ if (dv >= 0 && image->partitions[dv].found) {
+ _cleanup_free_ char *f = NULL;
+ if (asprintf(&f, "ID_DISSECT_PART%i_HAS_VERITY_SIG", p->partno) < 0)
+ return log_oom_debug();
+
+ (void) udev_builtin_add_property(event, f, "1");
+ }
+
+ if (d == verity.designator) {
+ if (verity.root_hash_size > 0) {
+ _cleanup_free_ char *f = NULL;
+ if (asprintf(&f, "ID_DISSECT_PART%i_ROOTHASH", p->partno) < 0)
+ return log_oom_debug();
+
+ _cleanup_free_ char *h = hexmem(verity.root_hash, verity.root_hash_size);
+ if (!h)
+ return log_oom_debug();
+
+ (void) udev_builtin_add_property(event, f, h);
+ }
+
+ if (verity.root_hash_sig_size > 0) {
+ _cleanup_free_ char *f = NULL;
+ if (asprintf(&f, "ID_DISSECT_PART%i_ROOTHASH_SIG", p->partno) < 0)
+ return log_oom_debug();
+
+ _cleanup_free_ char *h = NULL;
+ if (base64mem(verity.root_hash_sig, verity.root_hash_sig_size, &h) < 0)
+ return log_oom_debug();
+
+ (void) udev_builtin_add_property(event, f, h);
+ }
+ }
+ }
+
+ return 0;
+}
+
+static int verb_copy(UdevEvent *event, sd_device *dev) {
+ int r;
+
+ assert(event);
+ assert(dev);
+
+ /* This is called for the partition block devices, and will copy the per-partition properties we
+ * probed on the main block device into the partition device */
+
+ const char *devnode;
+ r = sd_device_get_devname(dev, &devnode);
+ if (r < 0)
+ return log_device_debug_errno(dev, r, "Failed to get device node: %m");
+
+ if (!device_in_subsystem(dev, "block"))
+ return log_device_debug_errno(dev, SYNTHETIC_ERRNO(EINVAL), "Invoked on non-block device '%s', refusing: %m", devnode);
+ if (!device_is_devtype(dev, "partition"))
+ return log_device_debug_errno(dev, SYNTHETIC_ERRNO(EINVAL), "Invoked on non-partition block device '%s', refusing: %m", devnode);
+
+ sd_device *parent;
+ r = sd_device_get_parent(dev, &parent);
+ if (r < 0)
+ return log_error_errno(r, "Failed to get parent of device '%s': %m", devnode);
+
+ if (!device_in_subsystem(parent, "block"))
+ return log_device_debug_errno(dev, SYNTHETIC_ERRNO(EINVAL), "Parent of block device '%s' is not a block device, refusing: %m", devnode);
+ if (!device_is_devtype(parent, "disk"))
+ return log_device_debug_errno(dev, SYNTHETIC_ERRNO(EINVAL), "Parent of block device '%s' is not a whole block device, refusing: %m", devnode);
+
+ const char *partn;
+ r = sd_device_get_property_value(dev, "PARTN", &partn);
+ if (r < 0)
+ return log_device_debug_errno(dev, r, "Failed to get partition number of partition block device '%s': %m", devnode);
+
+ FOREACH_STRING(f, "_DESIGNATOR", "_ARCHITECTURE", "_HAS_VERITY", "_HAS_VERITY_SIG", "_ROOTHASH", "_ROOTHASH_SIG") {
+ /* The property on the parent device contains the partition number */
+ _cleanup_free_ char *p = strjoin("ID_DISSECT_PART", partn, f);
+ if (!p)
+ return log_oom_debug();
+
+ const char *v;
+ r = sd_device_get_property_value(parent, p, &v);
+ if (r == -ENOENT)
+ continue;
+ if (r < 0)
+ return log_device_debug_errno(dev, r, "Failed to get '%s' property of parent of '%s': %m", p, devnode);
+
+ /* When we copy this property to the partition we drop the partition number, so that we have
+ * a constant field name */
+ _cleanup_free_ char *c = strjoin("ID_DISSECT_PART", f);
+ if (!c)
+ return log_oom_debug();
+
+ (void) udev_builtin_add_property(event, c, v);
+ }
+
+ return 0;
+}
+
+static int builtin_dissect_image(UdevEvent *event, int argc, char *argv[]) {
+ sd_device *dev = ASSERT_PTR(ASSERT_PTR(event)->dev);
+
+ if (argc != 2)
+ return log_device_warning_errno(
+ dev, SYNTHETIC_ERRNO(EINVAL), "%s: expected single argument.", argv[0]);
+
+ if (streq(argv[1], "probe"))
+ return verb_probe(event, dev);
+ if (streq(argv[1], "copy"))
+ return verb_copy(event, dev);
+
+ return log_device_warning_errno(
+ dev, SYNTHETIC_ERRNO(EINVAL), "%s: unknown verb '%s'", argv[0], argv[1]);
+}
+
+static int builtin_dissect_image_init(void) {
+ int r;
+
+ r = acquire_image_policy(&arg_image_policy);
+ if (r < 0)
+ return r;
+
+ r = acquire_verity_settings(&arg_verity_settings);
+ if (r < 0)
+ return r;
+
+ return 0;
+}
+
+static void builtin_dissect_image_exit(void) {
+ arg_image_policy = image_policy_free(arg_image_policy);
+ verity_settings_done(&arg_verity_settings);
+}
+
+const UdevBuiltin udev_builtin_dissect_image = {
+ .name = "dissect_image",
+ .cmd = builtin_dissect_image,
+ .init = builtin_dissect_image_init,
+ .exit = builtin_dissect_image_exit,
+ .help = "Dissect Disk Images",
+ .run_once = true,
+};
projects / thirdparty / systemd.git / commitdiff
