Google Git
Sign in
cos / third_party / overlays / chromiumos-overlay / 20ad36e5a6fd9b8f3961d3deaed51d9dce9587d3 / . / chromeos-base / verity / files / support-new-dm-verity-format.patch
blob: fe899bfcf5d93222dbdc524c380b6fcb22e1250f [file] [log] [blame]
From 892e42a06f570fdb0c968f645d131ba26b5e5a22 Mon Sep 17 00:00:00 2001
From: Meena Shanmugam <meenashanmugam@google.com>
Date: Mon, 10 Oct 2022 00:32:50 +0000
Subject: [PATCH] LAKITU:verity: Add support to print new and old dm-verity
format.
Current verity tool returns old dm-verity format. COS plan to use the
new dm verity format in the upcoming release. Added a version option to
specify the dm verity format. If no option is given, it returns old
format by default. Once the patch is upstreamed and SDK tool is updated
with this option, this patch can be removed.
Change-Id: If21c2d164c1cd0bede24d551e32ae71b8293eead
---
verity/file_hasher.cc | 54 +++++++++++++++++++++++++++++++------------
verity/file_hasher.h | 4 ++--
verity/verity_main.cc | 21 +++++++++++++----
3 files changed, 57 insertions(+), 22 deletions(-)
diff --git a/verity/file_hasher.cc b/verity/file_hasher.cc
index fae04f817c..25ea3a3b3f 100644
--- a/verity/file_hasher.cc
+++ b/verity/file_hasher.cc
@@ -146,7 +146,8 @@ const char* FileHasher::RandomSalt() {
return random_salt_;
}
-std::string FileHasher::GetTable(bool colocated) {
+std::string FileHasher::GetTable(bool colocated,
+ unsigned int version) {
// Grab the digest (up to 1kbit supported)
uint8_t digest[128];
char hexsalt[DM_BHT_SALT_SIZE * 2 + 1];
@@ -161,24 +162,47 @@ std::string FileHasher::GetTable(bool colocated) {
if (colocated)
hash_start = root_end;
- std::vector<std::string> parts = {
- "0",
- base::NumberToString(root_end),
- "verity",
- "payload=ROOT_DEV",
- "hashtree=HASH_DEV",
- "hashstart=" + base::NumberToString(hash_start),
- "alg=" + std::string(alg_),
- "root_hexdigest=" + std::string(reinterpret_cast<char*>(digest)),
- };
- if (have_salt)
- parts.push_back("salt=" + std::string(hexsalt));
+ std::vector<std::string> parts;
+ if (version == 1) {
+ parts = {
+ "0",
+ base::NumberToString(root_end),
+ "verity",
+ "0",
+ "ROOT_DEV",
+ "HASH_DEV",
+ "4096",
+ "4096",
+ base::NumberToString(hash_start>>3),
+ base::NumberToString(hash_start>>3),
+ std::string(alg_),
+ std::string(reinterpret_cast<char*>(digest)),
+ };
+ if (have_salt) {
+ parts.push_back(std::string(hexsalt));
+ }
+ } else {
+ parts = {
+ "0",
+ base::NumberToString(root_end),
+ "verity",
+ "payload=ROOT_DEV",
+ "hashtree=HASH_DEV",
+ "hashstart=" + base::NumberToString(hash_start),
+ "alg=" + std::string(alg_),
+ "root_hexdigest=" + std::string(reinterpret_cast<char*>(digest)),
+ };
+ if (have_salt) {
+ parts.push_back("salt=" + std::string(hexsalt));
+ }
+ }
return base::JoinString(parts, " ");
}
-void FileHasher::PrintTable(bool colocated) {
- printf("%s\n", GetTable(colocated).c_str());
+void FileHasher::PrintTable(bool colocated,
+ unsigned int version) {
+ printf("%s\n", GetTable(colocated, version).c_str());
}
} // namespace verity
diff --git a/verity/file_hasher.h b/verity/file_hasher.h
index 1549555f4e..d5151b6219 100644
--- a/verity/file_hasher.h
+++ b/verity/file_hasher.h
@@ -40,8 +40,8 @@ class BRILLO_EXPORT FileHasher {
virtual bool Hash();
virtual bool Store();
// Print a table to stdout which contains a dmsetup compatible format
- virtual void PrintTable(bool colocated);
- virtual std::string GetTable(bool colocated);
+ virtual void PrintTable(bool colocated, unsigned int version);
+ virtual std::string GetTable(bool colocated, unsigned int version);
virtual const char* RandomSalt();
virtual void set_salt(const char* salt);
diff --git a/verity/verity_main.cc b/verity/verity_main.cc
index 16d9aead65..934af23d6c 100644
--- a/verity/verity_main.cc
+++ b/verity/verity_main.cc
@@ -31,6 +31,7 @@ void print_usage(const char* name) {
" hashtree Path to a hash tree to create or read from\n"
" root_hexdigest Digest of the root node (in hex) for verification\n"
" salt Salt (in hex)\n"
+ " version one of 0 or 1\n"
"\n",
name);
}
@@ -46,7 +47,8 @@ static int verity_create(const char* alg,
const char* image_path,
unsigned int image_blocks,
const char* hash_path,
- const char* salt);
+ const char* salt,
+ unsigned int version);
void splitarg(char* arg, char** key, char** val) {
char* sp = NULL;
@@ -61,6 +63,7 @@ int main(int argc, char** argv) {
const char* hashtree = NULL;
const char* salt = NULL;
unsigned int payload_blocks = 0;
+ unsigned int version = 0;
int i;
char *key, *val;
@@ -87,7 +90,14 @@ int main(int argc, char** argv) {
// Silently drop the mode for now...
} else if (!strcmp(key, "salt")) {
salt = val;
- } else {
+ } else if (!strcmp(key, "version")) {
+ version = (unsigned int)strtoul(val, NULL, 0);
+ if (version > 1) {
+ fprintf(stderr, "version should be either 0 or 1\n");
+ print_usage(argv[0]);
+ return -1;
+ }
+ } else {
fprintf(stderr, "bogus key: '%s'\n", key);
print_usage(argv[0]);
return -1;
@@ -102,7 +112,7 @@ int main(int argc, char** argv) {
}
if (mode == VERITY_CREATE) {
- return verity_create(alg, payload, payload_blocks, hashtree, salt);
+ return verity_create(alg, payload, payload_blocks, hashtree, salt, version);
} else {
LOG(FATAL) << "Verification not done yet";
}
@@ -113,7 +123,8 @@ static int verity_create(const char* alg,
const char* image_path,
unsigned int image_blocks,
const char* hash_path,
- const char* salt) {
+ const char* salt,
+ unsigned int version) {
auto source = std::make_unique<base::File>(
base::FilePath(image_path),
base::File::FLAG_OPEN | base::File::FLAG_READ);
@@ -133,6 +144,6 @@ static int verity_create(const char* alg,
hasher.set_salt(salt);
LOG_IF(FATAL, !hasher.Hash()) << "Failed to hash hasher";
LOG_IF(FATAL, !hasher.Store()) << "Failed to store hasher";
- hasher.PrintTable(true);
+ hasher.PrintTable(true, version);
return 0;
}
--
2.38.0.413.g74048e4d9e-goog