Merge pull request #41 from marineam/xen
Add support for our verity hash scheme under Xen
This commit is contained in:
commit
bca61d04a0
6 changed files with 31 additions and 7 deletions
|
@ -286,7 +286,7 @@ grub_cmd_linux (grub_command_t cmd __attribute__ ((unused)),
|
||||||
linux_cmdline + sizeof (LINUX_IMAGE) - 1,
|
linux_cmdline + sizeof (LINUX_IMAGE) - 1,
|
||||||
lh.cmdline_size - (sizeof (LINUX_IMAGE) - 1));
|
lh.cmdline_size - (sizeof (LINUX_IMAGE) - 1));
|
||||||
|
|
||||||
grub_pass_verity_hash(&lh, linux_cmdline);
|
grub_pass_verity_hash(&lh, linux_cmdline, lh.cmdline_size);
|
||||||
lh.cmd_line_ptr = (grub_uint32_t)(grub_uint64_t)linux_cmdline;
|
lh.cmd_line_ptr = (grub_uint32_t)(grub_uint64_t)linux_cmdline;
|
||||||
|
|
||||||
handover_offset = lh.handover_offset;
|
handover_offset = lh.handover_offset;
|
||||||
|
|
|
@ -1029,7 +1029,7 @@ grub_cmd_linux (grub_command_t cmd __attribute__ ((unused)),
|
||||||
maximal_cmdline_size
|
maximal_cmdline_size
|
||||||
- (sizeof (LINUX_IMAGE) - 1));
|
- (sizeof (LINUX_IMAGE) - 1));
|
||||||
|
|
||||||
grub_pass_verity_hash(&lh, linux_cmdline);
|
grub_pass_verity_hash(&lh, linux_cmdline, maximal_cmdline_size);
|
||||||
len = prot_file_size;
|
len = prot_file_size;
|
||||||
grub_memcpy (prot_mode_mem, kernel + kernel_offset, len);
|
grub_memcpy (prot_mode_mem, kernel + kernel_offset, len);
|
||||||
kernel_offset += len;
|
kernel_offset += len;
|
||||||
|
|
|
@ -1,9 +1,11 @@
|
||||||
#define VERITY_ARG " verity.usrhash="
|
#define VERITY_ARG " verity.usrhash="
|
||||||
|
#define VERITY_ARG_LENGTH (sizeof (VERITY_ARG) - 1)
|
||||||
#define VERITY_HASH_OFFSET 0x40
|
#define VERITY_HASH_OFFSET 0x40
|
||||||
#define VERITY_HASH_LENGTH 64
|
#define VERITY_HASH_LENGTH 64
|
||||||
|
|
||||||
static inline void grub_pass_verity_hash(struct linux_kernel_header *lh,
|
static inline void grub_pass_verity_hash(struct linux_kernel_header *lh,
|
||||||
char *cmdline)
|
char *cmdline,
|
||||||
|
grub_size_t cmdline_max_len)
|
||||||
{
|
{
|
||||||
char *buf = (char *)lh;
|
char *buf = (char *)lh;
|
||||||
grub_size_t cmdline_len;
|
grub_size_t cmdline_len;
|
||||||
|
@ -16,10 +18,14 @@ static inline void grub_pass_verity_hash(struct linux_kernel_header *lh,
|
||||||
return;
|
return;
|
||||||
}
|
}
|
||||||
|
|
||||||
grub_memcpy (cmdline + grub_strlen(cmdline), VERITY_ARG,
|
|
||||||
sizeof (VERITY_ARG));
|
|
||||||
cmdline_len = grub_strlen(cmdline);
|
cmdline_len = grub_strlen(cmdline);
|
||||||
|
if (cmdline_len + VERITY_ARG_LENGTH + VERITY_HASH_LENGTH > cmdline_max_len)
|
||||||
|
return;
|
||||||
|
|
||||||
|
grub_memcpy (cmdline + cmdline_len, VERITY_ARG, VERITY_ARG_LENGTH);
|
||||||
|
cmdline_len += VERITY_ARG_LENGTH;
|
||||||
grub_memcpy (cmdline + cmdline_len, buf + VERITY_HASH_OFFSET,
|
grub_memcpy (cmdline + cmdline_len, buf + VERITY_HASH_OFFSET,
|
||||||
VERITY_HASH_LENGTH);
|
VERITY_HASH_LENGTH);
|
||||||
cmdline[cmdline_len + VERITY_HASH_LENGTH] = '\0';
|
cmdline_len += VERITY_HASH_LENGTH;
|
||||||
|
cmdline[cmdline_len] = '\0';
|
||||||
}
|
}
|
||||||
|
|
|
@ -416,7 +416,9 @@ grub_cmd_xen (grub_command_t cmd __attribute__ ((unused)),
|
||||||
if (!file)
|
if (!file)
|
||||||
return grub_errno;
|
return grub_errno;
|
||||||
|
|
||||||
elf = grub_xen_file (file);
|
elf = grub_xen_file_and_cmdline (file,
|
||||||
|
(char *) next_start.cmd_line,
|
||||||
|
sizeof (next_start.cmd_line) - 1);
|
||||||
if (!elf)
|
if (!elf)
|
||||||
goto fail;
|
goto fail;
|
||||||
|
|
||||||
|
|
|
@ -20,8 +20,18 @@
|
||||||
#include <grub/i386/linux.h>
|
#include <grub/i386/linux.h>
|
||||||
#include <grub/misc.h>
|
#include <grub/misc.h>
|
||||||
|
|
||||||
|
#include "verity-hash.h"
|
||||||
|
|
||||||
grub_elf_t
|
grub_elf_t
|
||||||
grub_xen_file (grub_file_t file)
|
grub_xen_file (grub_file_t file)
|
||||||
|
{
|
||||||
|
return grub_xen_file_and_cmdline (file, NULL, 0);
|
||||||
|
}
|
||||||
|
|
||||||
|
grub_elf_t
|
||||||
|
grub_xen_file_and_cmdline (grub_file_t file,
|
||||||
|
char *cmdline,
|
||||||
|
grub_size_t cmdline_max_len)
|
||||||
{
|
{
|
||||||
grub_elf_t elf;
|
grub_elf_t elf;
|
||||||
struct linux_kernel_header lh;
|
struct linux_kernel_header lh;
|
||||||
|
@ -57,6 +67,9 @@ grub_xen_file (grub_file_t file)
|
||||||
+ lh.payload_offset,
|
+ lh.payload_offset,
|
||||||
(unsigned long long) lh.payload_length - 4);
|
(unsigned long long) lh.payload_length - 4);
|
||||||
|
|
||||||
|
if (cmdline)
|
||||||
|
grub_pass_verity_hash (&lh, cmdline, cmdline_max_len);
|
||||||
|
|
||||||
off_file = grub_file_offset_open (file, (lh.setup_sects + 1) * 512
|
off_file = grub_file_offset_open (file, (lh.setup_sects + 1) * 512
|
||||||
+ lh.payload_offset,
|
+ lh.payload_offset,
|
||||||
lh.payload_length - 4);
|
lh.payload_length - 4);
|
||||||
|
|
|
@ -24,6 +24,9 @@
|
||||||
#include <grub/elfload.h>
|
#include <grub/elfload.h>
|
||||||
|
|
||||||
grub_elf_t grub_xen_file (grub_file_t file);
|
grub_elf_t grub_xen_file (grub_file_t file);
|
||||||
|
grub_elf_t grub_xen_file_and_cmdline (grub_file_t file,
|
||||||
|
char *cmdline,
|
||||||
|
grub_size_t cmdline_max_len);
|
||||||
|
|
||||||
struct grub_xen_file_info
|
struct grub_xen_file_info
|
||||||
{
|
{
|
||||||
|
|
Loading…
Reference in a new issue