1 /* SPDX-License-Identifier: LGPL-2.1-or-later */
2
3 #include <errno.h>
4 #include <stdio.h>
5 #include <sys/stat.h>
6
7 #include "alloc-util.h"
8 #include "cryptsetup-util.h"
9 #include "fileio.h"
10 #include "hexdecoct.h"
11 #include "log.h"
12 #include "main-func.h"
13 #include "path-util.h"
14 #include "pretty-print.h"
15 #include "process-util.h"
16 #include "string-util.h"
17 #include "terminal-util.h"
18
19 static uint32_t arg_activate_flags = CRYPT_ACTIVATE_READONLY;
20 static char *arg_root_hash_signature = NULL;
21
22 STATIC_DESTRUCTOR_REGISTER(arg_root_hash_signature, freep);
23
help(void)24 static int help(void) {
25 _cleanup_free_ char *link = NULL;
26 int r;
27
28 r = terminal_urlify_man("systemd-veritysetup@.service", "8", &link);
29 if (r < 0)
30 return log_oom();
31
32 printf("%s attach VOLUME DATADEVICE HASHDEVICE ROOTHASH [OPTIONS]\n"
33 "%s detach VOLUME\n\n"
34 "Attach or detach a verity protected block device.\n"
35 "\nSee the %s for details.\n",
36 program_invocation_short_name,
37 program_invocation_short_name,
38 link);
39
40 return 0;
41 }
42
save_roothashsig_option(const char * option,bool strict)43 static int save_roothashsig_option(const char *option, bool strict) {
44 int r;
45
46 if (path_is_absolute(option) || startswith(option, "base64:")) {
47 if (!HAVE_CRYPT_ACTIVATE_BY_SIGNED_KEY)
48 return log_error_errno(SYNTHETIC_ERRNO(EOPNOTSUPP),
49 "Activation of verity device with signature requested, but cryptsetup does not support crypt_activate_by_signed_key().");
50
51 r = free_and_strdup_warn(&arg_root_hash_signature, option);
52 if (r < 0)
53 return r;
54
55 return true;
56 }
57
58 if (!strict)
59 return false;
60 return log_error_errno(SYNTHETIC_ERRNO(EINVAL),
61 "root-hash-signature= expects either full path to signature file or "
62 "base64 string encoding signature prefixed by base64:.");
63 }
64
parse_options(const char * options)65 static int parse_options(const char *options) {
66 int r;
67
68 /* backward compatibility with the obsolete ROOTHASHSIG positional argument */
69 r = save_roothashsig_option(options, /* strict= */ false);
70 if (r < 0)
71 return r;
72 if (r > 0) {
73 log_warning("Usage of ROOTHASHSIG positional argument is deprecated. "
74 "Please use the option root-hash-signature=%s instead.", options);
75 return 0;
76 }
77
78 for (;;) {
79 _cleanup_free_ char *word = NULL;
80 char *val;
81
82 r = extract_first_word(&options, &word, ",", EXTRACT_DONT_COALESCE_SEPARATORS | EXTRACT_UNESCAPE_SEPARATORS);
83 if (r < 0)
84 return log_error_errno(r, "Failed to parse options: %m");
85 if (r == 0)
86 break;
87
88 if (STR_IN_SET(word, "noauto", "auto", "nofail", "fail", "_netdev"))
89 continue;
90
91 if (isempty(word))
92 continue;
93 else if (streq(word, "ignore-corruption"))
94 arg_activate_flags |= CRYPT_ACTIVATE_IGNORE_CORRUPTION;
95 else if (streq(word, "restart-on-corruption"))
96 arg_activate_flags |= CRYPT_ACTIVATE_RESTART_ON_CORRUPTION;
97 else if (streq(word, "ignore-zero-blocks"))
98 arg_activate_flags |= CRYPT_ACTIVATE_IGNORE_ZERO_BLOCKS;
99 #ifdef CRYPT_ACTIVATE_CHECK_AT_MOST_ONCE
100 else if (streq(word, "check-at-most-once"))
101 arg_activate_flags |= CRYPT_ACTIVATE_CHECK_AT_MOST_ONCE;
102 #endif
103 #ifdef CRYPT_ACTIVATE_PANIC_ON_CORRUPTION
104 else if (streq(word, "panic-on-corruption"))
105 arg_activate_flags |= CRYPT_ACTIVATE_PANIC_ON_CORRUPTION;
106 #endif
107 else if ((val = startswith(word, "root-hash-signature="))) {
108 r = save_roothashsig_option(val, /* strict= */ true);
109 if (r < 0)
110 return r;
111
112 } else
113 log_warning("Encountered unknown option '%s', ignoring.", word);
114 }
115
116 return r;
117 }
118
run(int argc,char * argv[])119 static int run(int argc, char *argv[]) {
120 _cleanup_(crypt_freep) struct crypt_device *cd = NULL;
121 const char *verb;
122 int r;
123
124 if (argv_looks_like_help(argc, argv))
125 return help();
126
127 if (argc < 3)
128 return log_error_errno(SYNTHETIC_ERRNO(EINVAL), "This program requires at least two arguments.");
129
130 log_setup();
131
132 cryptsetup_enable_logging(NULL);
133
134 umask(0022);
135
136 verb = argv[1];
137
138 if (streq(verb, "attach")) {
139 const char *volume, *data_device, *verity_device, *root_hash, *options;
140 _cleanup_free_ void *m = NULL;
141 crypt_status_info status;
142 size_t l;
143
144 if (argc < 6)
145 return log_error_errno(SYNTHETIC_ERRNO(EINVAL), "attach requires at least four arguments.");
146
147 volume = argv[2];
148 data_device = argv[3];
149 verity_device = argv[4];
150 root_hash = argv[5];
151 options = mangle_none(argc > 6 ? argv[6] : NULL);
152
153 if (!filename_is_valid(volume))
154 return log_error_errno(SYNTHETIC_ERRNO(EINVAL), "Volume name '%s' is not valid.", volume);
155
156 r = unhexmem(root_hash, SIZE_MAX, &m, &l);
157 if (r < 0)
158 return log_error_errno(r, "Failed to parse root hash: %m");
159
160 r = crypt_init(&cd, verity_device);
161 if (r < 0)
162 return log_error_errno(r, "Failed to open verity device %s: %m", verity_device);
163
164 cryptsetup_enable_logging(cd);
165
166 status = crypt_status(cd, volume);
167 if (IN_SET(status, CRYPT_ACTIVE, CRYPT_BUSY)) {
168 log_info("Volume %s already active.", volume);
169 return 0;
170 }
171
172 if (options) {
173 r = parse_options(options);
174 if (r < 0)
175 return log_error_errno(r, "Failed to parse options: %m");
176 }
177
178 r = crypt_load(cd, CRYPT_VERITY, NULL);
179 if (r < 0)
180 return log_error_errno(r, "Failed to load verity superblock: %m");
181
182 r = crypt_set_data_device(cd, data_device);
183 if (r < 0)
184 return log_error_errno(r, "Failed to configure data device: %m");
185
186 if (arg_root_hash_signature) {
187 #if HAVE_CRYPT_ACTIVATE_BY_SIGNED_KEY
188 _cleanup_free_ char *hash_sig = NULL;
189 size_t hash_sig_size;
190 char *value;
191
192 if ((value = startswith(arg_root_hash_signature, "base64:"))) {
193 r = unbase64mem(value, strlen(value), (void *)&hash_sig, &hash_sig_size);
194 if (r < 0)
195 return log_error_errno(r, "Failed to parse root hash signature '%s': %m", arg_root_hash_signature);
196 } else {
197 r = read_full_file_full(
198 AT_FDCWD, arg_root_hash_signature, UINT64_MAX, SIZE_MAX,
199 READ_FULL_FILE_CONNECT_SOCKET,
200 NULL,
201 &hash_sig, &hash_sig_size);
202 if (r < 0)
203 return log_error_errno(r, "Failed to read root hash signature: %m");
204 }
205
206 r = crypt_activate_by_signed_key(cd, volume, m, l, hash_sig, hash_sig_size, arg_activate_flags);
207 #else
208 assert_not_reached();
209 #endif
210 } else
211 r = crypt_activate_by_volume_key(cd, volume, m, l, arg_activate_flags);
212 if (r < 0)
213 return log_error_errno(r, "Failed to set up verity device: %m");
214
215 } else if (streq(verb, "detach")) {
216 const char *volume;
217
218 volume = argv[2];
219
220 if (!filename_is_valid(volume))
221 return log_error_errno(SYNTHETIC_ERRNO(EINVAL), "Volume name '%s' is not valid.", volume);
222
223 r = crypt_init_by_name(&cd, volume);
224 if (r == -ENODEV) {
225 log_info("Volume %s already inactive.", volume);
226 return 0;
227 }
228 if (r < 0)
229 return log_error_errno(r, "crypt_init_by_name() failed: %m");
230
231 cryptsetup_enable_logging(cd);
232
233 r = crypt_deactivate(cd, volume);
234 if (r < 0)
235 return log_error_errno(r, "Failed to deactivate: %m");
236
237 } else
238 return log_error_errno(SYNTHETIC_ERRNO(EINVAL), "Unknown verb %s.", verb);
239
240 return 0;
241 }
242
243 DEFINE_MAIN_FUNCTION(run);
244