loader: add support for passing verity hash to xen kernels

This only supports DomU Linux bzImage, ignoring bare ELF images and Dom0 Xen+Linux but those cases are not applicable to us on CoreOS.
2016-10-19 14:48:50 -07:00 · 2016-10-19 14:48:50 -07:00 · bcd7fb9fd2
commit bcd7fb9fd2
parent dab6a0f0c3
3 changed files with 19 additions and 1 deletions
--- a/grub-core/loader/i386/xen.c
+++ b/grub-core/loader/i386/xen.c
@ -416,7 +416,9 @@ grub_cmd_xen (grub_command_t cmd __attribute__ ((unused)),
  if (!file)
    return grub_errno;

-  elf = grub_xen_file (file);
+  elf = grub_xen_file_and_cmdline (file,
+		                   (char *) next_start.cmd_line,
+		                   sizeof (next_start.cmd_line) - 1);
  if (!elf)
    goto fail;

--- a/grub-core/loader/i386/xen_file.c
+++ b/grub-core/loader/i386/xen_file.c
@ -20,8 +20,18 @@
 #include <grub/i386/linux.h>
 #include <grub/misc.h>

+#include "verity-hash.h"
+
 grub_elf_t
 grub_xen_file (grub_file_t file)
+{
+  return grub_xen_file_and_cmdline (file, NULL, 0);
+}
+
+grub_elf_t
+grub_xen_file_and_cmdline (grub_file_t file,
+			   char *cmdline,
+			   grub_size_t cmdline_max_len)
 {
  grub_elf_t elf;
  struct linux_kernel_header lh;
@ -57,6 +67,9 @@ grub_xen_file (grub_file_t file)
 		+ lh.payload_offset,
 		(unsigned long long) lh.payload_length - 4);

+  if (cmdline)
+    grub_pass_verity_hash (&lh, cmdline, cmdline_max_len);
+
  off_file = grub_file_offset_open (file, (lh.setup_sects + 1) * 512
 				    + lh.payload_offset,
 				    lh.payload_length - 4);
--- a/include/grub/xen_file.h
+++ b/include/grub/xen_file.h
@ -24,6 +24,9 @@
 #include <grub/elfload.h>

 grub_elf_t grub_xen_file (grub_file_t file);
+grub_elf_t grub_xen_file_and_cmdline (grub_file_t file,
+				      char *cmdline,
+				      grub_size_t cmdline_max_len);

 struct grub_xen_file_info
 {