From: Lennart Poettering Date: Tue, 31 Aug 2021 15:29:34 +0000 (+0200) Subject: gpt: add partition type for PKCS#7 signatures for root hashes X-Git-Tag: v250-rc1~606^2~8 X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=1420cfb4b407b3258fd47614a820b246d1f0163a;p=thirdparty%2Fsystemd.git gpt: add partition type for PKCS#7 signatures for root hashes --- diff --git a/src/shared/gpt.c b/src/shared/gpt.c index edd56c1493a..a2e39dc1a15 100644 --- a/src/shared/gpt.c +++ b/src/shared/gpt.c @@ -5,63 +5,83 @@ #include "utf8.h" const GptPartitionType gpt_partition_type_table[] = { - { GPT_ROOT_X86, "root-x86" }, - { GPT_ROOT_X86_VERITY, "root-x86-verity" }, - { GPT_ROOT_X86_64, "root-x86-64" }, - { GPT_ROOT_X86_64_VERITY, "root-x86-64-verity" }, - { GPT_ROOT_ARM, "root-arm" }, - { GPT_ROOT_ARM_VERITY, "root-arm-verity" }, - { GPT_ROOT_ARM_64, "root-arm64" }, - { GPT_ROOT_ARM_64_VERITY, "root-arm64-verity" }, - { GPT_ROOT_IA64, "root-ia64" }, - { GPT_ROOT_IA64_VERITY, "root-ia64-verity" }, - { GPT_ROOT_LOONGARCH64, "root-loongarch64" }, - { GPT_ROOT_LOONGARCH64_VERITY, "root-loongarch64-verity" }, - { GPT_ROOT_RISCV32, "root-riscv32" }, - { GPT_ROOT_RISCV32_VERITY, "root-riscv32-verity" }, - { GPT_ROOT_RISCV64, "root-riscv64" }, - { GPT_ROOT_RISCV64_VERITY, "root-riscv64-verity" }, + { GPT_ROOT_X86, "root-x86" }, + { GPT_ROOT_X86_VERITY, "root-x86-verity" }, + { GPT_ROOT_X86_VERITY_SIG, "root-x86-verity-sig" }, + { GPT_ROOT_X86_64, "root-x86-64" }, + { GPT_ROOT_X86_64_VERITY, "root-x86-64-verity" }, + { GPT_ROOT_X86_64_VERITY_SIG, "root-x86-64-verity-sig" }, + { GPT_ROOT_ARM, "root-arm" }, + { GPT_ROOT_ARM_VERITY, "root-arm-verity" }, + { GPT_ROOT_ARM_VERITY_SIG, "root-arm-verity-sig" }, + { GPT_ROOT_ARM_64, "root-arm64" }, + { GPT_ROOT_ARM_64_VERITY, "root-arm64-verity" }, + { GPT_ROOT_ARM_64_VERITY_SIG, "root-arm64-verity-sig" }, + { GPT_ROOT_IA64, "root-ia64" }, + { GPT_ROOT_IA64_VERITY, "root-ia64-verity" }, + { GPT_ROOT_IA64_VERITY_SIG, "root-ia64-verity-sig" }, + { GPT_ROOT_LOONGARCH64, "root-loongarch64" }, + { GPT_ROOT_LOONGARCH64_VERITY, "root-loongarch64-verity" }, + { GPT_ROOT_LOONGARCH64_VERITY_SIG, "root-loongarch64-verity-sig" }, + { GPT_ROOT_RISCV32, "root-riscv32" }, + { GPT_ROOT_RISCV32_VERITY, "root-riscv32-verity" }, + { GPT_ROOT_RISCV32_VERITY_SIG, "root-riscv32-verity-sig" }, + { GPT_ROOT_RISCV64, "root-riscv64" }, + { GPT_ROOT_RISCV64_VERITY, "root-riscv64-verity" }, + { GPT_ROOT_RISCV64_VERITY_SIG, "root-riscv64-verity-sig" }, #ifdef GPT_ROOT_NATIVE - { GPT_ROOT_NATIVE, "root" }, - { GPT_ROOT_NATIVE_VERITY, "root-verity" }, + { GPT_ROOT_NATIVE, "root" }, + { GPT_ROOT_NATIVE_VERITY, "root-verity" }, + { GPT_ROOT_NATIVE_VERITY_SIG, "root-verity-sig" }, #endif #ifdef GPT_ROOT_SECONDARY - { GPT_ROOT_SECONDARY, "root-secondary" }, - { GPT_ROOT_SECONDARY_VERITY, "root-secondary-verity" }, + { GPT_ROOT_SECONDARY, "root-secondary" }, + { GPT_ROOT_SECONDARY_VERITY, "root-secondary-verity" }, + { GPT_ROOT_SECONDARY_VERITY_SIG, "root-secondary-verity-sig" }, #endif - { GPT_USR_X86, "usr-x86" }, - { GPT_USR_X86_VERITY, "usr-x86-verity" }, - { GPT_USR_X86_64, "usr-x86-64" }, - { GPT_USR_X86_64_VERITY, "usr-x86-64-verity" }, - { GPT_USR_ARM, "usr-arm" }, - { GPT_USR_ARM_VERITY, "usr-arm-verity" }, - { GPT_USR_ARM_64, "usr-arm64" }, - { GPT_USR_ARM_64_VERITY, "usr-arm64-verity" }, - { GPT_USR_IA64, "usr-ia64" }, - { GPT_USR_IA64_VERITY, "usr-ia64-verity" }, - { GPT_USR_LOONGARCH64, "usr-loongarch64" }, - { GPT_USR_LOONGARCH64_VERITY, "usr-loongarch64-verity" }, - { GPT_USR_RISCV32, "usr-riscv32" }, - { GPT_USR_RISCV32_VERITY, "usr-riscv32-verity" }, - { GPT_USR_RISCV64, "usr-riscv64" }, - { GPT_USR_RISCV64_VERITY, "usr-riscv64-verity" }, + { GPT_USR_X86, "usr-x86" }, + { GPT_USR_X86_VERITY, "usr-x86-verity" }, + { GPT_USR_X86_VERITY_SIG, "usr-x86-verity-sig" }, + { GPT_USR_X86_64, "usr-x86-64" }, + { GPT_USR_X86_64_VERITY, "usr-x86-64-verity" }, + { GPT_USR_X86_64_VERITY_SIG, "usr-x86-64-verity-sig" }, + { GPT_USR_ARM, "usr-arm" }, + { GPT_USR_ARM_VERITY, "usr-arm-verity" }, + { GPT_USR_ARM_VERITY_SIG, "usr-arm-verity-sig" }, + { GPT_USR_ARM_64, "usr-arm64" }, + { GPT_USR_ARM_64_VERITY, "usr-arm64-verity" }, + { GPT_USR_ARM_64_VERITY_SIG, "usr-arm64-verity-sig" }, + { GPT_USR_IA64, "usr-ia64" }, + { GPT_USR_IA64_VERITY, "usr-ia64-verity" }, + { GPT_USR_IA64_VERITY_SIG, "usr-ia64-verity-sig" }, + { GPT_USR_LOONGARCH64, "usr-loongarch64" }, + { GPT_USR_LOONGARCH64_VERITY, "usr-loongarch64-verity" }, + { GPT_USR_LOONGARCH64_VERITY_SIG, "usr-loongarch64-verity-sig" }, + { GPT_USR_RISCV32, "usr-riscv32" }, + { GPT_USR_RISCV32_VERITY, "usr-riscv32-verity" }, + { GPT_USR_RISCV32_VERITY_SIG, "usr-riscv32-verity-sig" }, + { GPT_USR_RISCV64, "usr-riscv64" }, + { GPT_USR_RISCV64_VERITY, "usr-riscv64-verity" }, + { GPT_USR_RISCV64_VERITY_SIG, "usr-riscv64-verity-sig" }, #ifdef GPT_USR_NATIVE - { GPT_USR_NATIVE, "usr" }, - { GPT_USR_NATIVE_VERITY, "usr-verity" }, + { GPT_USR_NATIVE, "usr" }, + { GPT_USR_NATIVE_VERITY, "usr-verity" }, + { GPT_USR_NATIVE_VERITY_SIG, "usr-verity-sig" }, #endif #ifdef GPT_USR_SECONDARY - { GPT_USR_SECONDARY, "usr-secondary" }, - { GPT_USR_SECONDARY_VERITY, "usr-secondary-verity" }, + { GPT_USR_SECONDARY, "usr-secondary" }, + { GPT_USR_SECONDARY_VERITY, "usr-secondary-verity" }, + { GPT_USR_SECONDARY_VERITY_SIG, "usr-secondary-verity-sig" }, #endif - { GPT_ESP, "esp" }, - { GPT_XBOOTLDR, "xbootldr" }, - { GPT_SWAP, "swap" }, - { GPT_HOME, "home" }, - { GPT_SRV, "srv" }, - { GPT_VAR, "var" }, - { GPT_TMP, "tmp" }, - { GPT_USER_HOME, "user-home" }, - { GPT_LINUX_GENERIC, "linux-generic" }, + { GPT_ESP, "esp" }, + { GPT_XBOOTLDR, "xbootldr" }, + { GPT_SWAP, "swap" }, + { GPT_HOME, "home" }, + { GPT_SRV, "srv" }, + { GPT_VAR, "var" }, + { GPT_TMP, "tmp" }, + { GPT_USER_HOME, "user-home" }, + { GPT_LINUX_GENERIC, "linux-generic" }, {} }; diff --git a/src/shared/gpt.h b/src/shared/gpt.h index a5fc9534e1e..bedc222ee90 100644 --- a/src/shared/gpt.h +++ b/src/shared/gpt.h @@ -56,27 +56,53 @@ #define GPT_USR_RISCV32_VERITY SD_ID128_MAKE(cb,1e,e4,e3,8c,d0,41,36,a0,a4,aa,61,a3,2e,87,30) #define GPT_USR_RISCV64_VERITY SD_ID128_MAKE(8f,10,56,be,9b,05,47,c4,81,d6,be,53,12,8e,5b,54) +/* PKCS#7 Signatures for the Verity Root Hashes */ +#define GPT_ROOT_X86_VERITY_SIG SD_ID128_MAKE(59,96,fc,05,10,9c,48,de,80,8b,23,fa,08,30,b6,76) +#define GPT_ROOT_X86_64_VERITY_SIG SD_ID128_MAKE(41,09,2b,05,9f,c8,45,23,99,4f,2d,ef,04,08,b1,76) +#define GPT_ROOT_ARM_VERITY_SIG SD_ID128_MAKE(42,b0,45,5f,eb,11,49,1d,98,d3,56,14,5b,a9,d0,37) +#define GPT_ROOT_ARM_64_VERITY_SIG SD_ID128_MAKE(6d,b6,9d,e6,29,f4,47,58,a7,a5,96,21,90,f0,0c,e3) +#define GPT_ROOT_IA64_VERITY_SIG SD_ID128_MAKE(e9,8b,36,ee,32,ba,48,82,9b,12,0c,e1,46,55,f4,6a) +#define GPT_ROOT_LOONGARCH64_VERITY_SIG SD_ID128_MAKE(5a,fb,67,eb,ec,c8,4f,85,ae,8e,ac,1e,7c,50,e7,d0) +#define GPT_ROOT_RISCV32_VERITY_SIG SD_ID128_MAKE(3a,11,2a,75,87,29,43,80,b4,cf,76,4d,79,93,44,48) +#define GPT_ROOT_RISCV64_VERITY_SIG SD_ID128_MAKE(ef,e0,f0,87,ea,8d,44,69,82,1a,4c,2a,96,a8,38,6a) +#define GPT_USR_X86_VERITY_SIG SD_ID128_MAKE(97,4a,71,c0,de,41,43,c3,be,5d,5c,5c,cd,1a,d2,c0) +#define GPT_USR_X86_64_VERITY_SIG SD_ID128_MAKE(e7,bb,33,fb,06,cf,4e,81,82,73,e5,43,b4,13,e2,e2) +#define GPT_USR_ARM_VERITY_SIG SD_ID128_MAKE(d7,ff,81,2f,37,d1,49,02,a8,10,d7,6b,a5,7b,97,5a) +#define GPT_USR_ARM_64_VERITY_SIG SD_ID128_MAKE(c2,3c,e4,ff,44,bd,4b,00,b2,d4,b4,1b,34,19,e0,2a) +#define GPT_USR_IA64_VERITY_SIG SD_ID128_MAKE(8d,e5,8b,c2,2a,43,46,0d,b1,4e,a7,6e,4a,17,b4,7f) +#define GPT_USR_LOONGARCH64_VERITY_SIG SD_ID128_MAKE(b0,24,f3,15,d3,30,44,4c,84,61,44,bb,de,52,4e,99) +#define GPT_USR_RISCV32_VERITY_SIG SD_ID128_MAKE(c3,83,6a,13,31,37,45,ba,b5,83,b1,6c,50,fe,5e,b4) +#define GPT_USR_RISCV64_VERITY_SIG SD_ID128_MAKE(d2,f9,00,0a,7a,18,45,3f,b5,cd,4d,32,f7,7a,7b,32) + #if defined(__x86_64__) # define GPT_ROOT_NATIVE GPT_ROOT_X86_64 # define GPT_ROOT_SECONDARY GPT_ROOT_X86 # define GPT_ROOT_NATIVE_VERITY GPT_ROOT_X86_64_VERITY # define GPT_ROOT_SECONDARY_VERITY GPT_ROOT_X86_VERITY +# define GPT_ROOT_NATIVE_VERITY_SIG GPT_ROOT_X86_64_VERITY_SIG +# define GPT_ROOT_SECONDARY_VERITY_SIG GPT_ROOT_X86_VERITY_SIG # define GPT_USR_NATIVE GPT_USR_X86_64 # define GPT_USR_SECONDARY GPT_USR_X86 # define GPT_USR_NATIVE_VERITY GPT_USR_X86_64_VERITY # define GPT_USR_SECONDARY_VERITY GPT_USR_X86_VERITY +# define GPT_USR_NATIVE_VERITY_SIG GPT_USR_X86_64_VERITY_SIG +# define GPT_USR_SECONDARY_VERITY_SIG GPT_USR_X86_VERITY_SIG #elif defined(__i386__) # define GPT_ROOT_NATIVE GPT_ROOT_X86 # define GPT_ROOT_NATIVE_VERITY GPT_ROOT_X86_VERITY +# define GPT_ROOT_NATIVE_VERITY_SIG GPT_ROOT_X86_VERITY_SIG # define GPT_USR_NATIVE GPT_USR_X86 # define GPT_USR_NATIVE_VERITY GPT_USR_X86_VERITY +# define GPT_USR_NATIVE_VERITY_SIG GPT_USR_X86_VERITY_SIG #endif #if defined(__ia64__) # define GPT_ROOT_NATIVE GPT_ROOT_IA64 # define GPT_ROOT_NATIVE_VERITY GPT_ROOT_IA64_VERITY +# define GPT_ROOT_NATIVE_VERITY_SIG GPT_ROOT_IA64_VERITY_SIG # define GPT_USR_NATIVE GPT_USR_IA64 # define GPT_USR_NATIVE_VERITY GPT_USR_IA64_VERITY +# define GPT_USR_NATIVE_VERITY_SIG GPT_USR_IA64_VERITY_SIG #endif #if defined(__aarch64__) && (__BYTE_ORDER != __BIG_ENDIAN) @@ -84,35 +110,47 @@ # define GPT_ROOT_SECONDARY GPT_ROOT_ARM # define GPT_ROOT_NATIVE_VERITY GPT_ROOT_ARM_64_VERITY # define GPT_ROOT_SECONDARY_VERITY GPT_ROOT_ARM_VERITY +# define GPT_ROOT_NATIVE_VERITY_SIG GPT_ROOT_ARM_64_VERITY_SIG +# define GPT_ROOT_SECONDARY_VERITY_SIG GPT_ROOT_ARM_VERITY_SIG # define GPT_USR_NATIVE GPT_USR_ARM_64 # define GPT_USR_SECONDARY GPT_USR_ARM # define GPT_USR_NATIVE_VERITY GPT_USR_ARM_64_VERITY # define GPT_USR_SECONDARY_VERITY GPT_USR_ARM_VERITY +# define GPT_USR_NATIVE_VERITY_SIG GPT_USR_ARM_64_VERITY_SIG +# define GPT_USR_SECONDARY_VERITY_SIG GPT_USR_ARM_VERITY_SIG #elif defined(__arm__) && (__BYTE_ORDER != __BIG_ENDIAN) # define GPT_ROOT_NATIVE GPT_ROOT_ARM # define GPT_ROOT_NATIVE_VERITY GPT_ROOT_ARM_VERITY +# define GPT_ROOT_NATIVE_VERITY_SIG GPT_ROOT_ARM_VERITY_SIG # define GPT_USR_NATIVE GPT_USR_ARM # define GPT_USR_NATIVE_VERITY GPT_USR_ARM_VERITY +# define GPT_USR_NATIVE_VERITY_SIG GPT_USR_ARM_VERITY_SIG #endif #if defined(__loongarch64) # define GPT_ROOT_NATIVE GPT_ROOT_LOONGARCH64 # define GPT_ROOT_NATIVE_VERITY GPT_ROOT_LOONGARCH64_VERITY +# define GPT_ROOT_NATIVE_VERITY_SIG GPT_ROOT_LOONGARCH64_VERITY_SIG # define GPT_USR_NATIVE GPT_USR_LOONGARCH64 # define GPT_USR_NATIVE_VERITY GPT_USR_LOONGARCH64_VERITY +# define GPT_USR_NATIVE_VERITY_SIG GPT_USR_LOONGARCH64_VERITY_SIG #endif #if defined(__riscv) #if (__riscv_xlen == 32) # define GPT_ROOT_NATIVE GPT_ROOT_RISCV32 # define GPT_ROOT_NATIVE_VERITY GPT_ROOT_RISCV32_VERITY +# define GPT_ROOT_NATIVE_VERITY_SIG GPT_ROOT_RISCV32_VERITY_SIG # define GPT_USR_NATIVE GPT_USR_RISCV32 # define GPT_USR_NATIVE_VERITY GPT_USR_RISCV32_VERITY +# define GPT_USR_NATIVE_VERITY_SIG GPT_USR_RISCV32_VERITY_SIG #elif (__riscv_xlen == 64) # define GPT_ROOT_NATIVE GPT_ROOT_RISCV64 # define GPT_ROOT_NATIVE_VERITY GPT_ROOT_RISCV64_VERITY +# define GPT_ROOT_NATIVE_VERITY_SIG GPT_ROOT_RISCV64_VERITY_SIG # define GPT_USR_NATIVE GPT_USR_RISCV64 # define GPT_USR_NATIVE_VERITY GPT_USR_RISCV64_VERITY +# define GPT_USR_NATIVE_VERITY_SIG GPT_USR_RISCV64_VERITY_SIG #endif #endif