From bcd7fb9fd29561db1963a739a222a76f8b0922aa Mon Sep 17 00:00:00 2001
From: Michael Marineau <michael.marineau@coreos.com>
Date: Wed, 19 Oct 2016 14:48:50 -0700
Subject: [PATCH] loader: add support for passing verity hash to xen kernels

This only supports DomU Linux bzImage, ignoring bare ELF images and
Dom0 Xen+Linux but those cases are not applicable to us on CoreOS.
---
 grub-core/loader/i386/xen.c      |  4 +++-
 grub-core/loader/i386/xen_file.c | 13 +++++++++++++
 include/grub/xen_file.h          |  3 +++
 3 files changed, 19 insertions(+), 1 deletion(-)

diff --git a/grub-core/loader/i386/xen.c b/grub-core/loader/i386/xen.c
index c4d9689f7..f460c9a16 100644
--- a/grub-core/loader/i386/xen.c
+++ b/grub-core/loader/i386/xen.c
@@ -416,7 +416,9 @@ grub_cmd_xen (grub_command_t cmd __attribute__ ((unused)),
   if (!file)
     return grub_errno;
 
-  elf = grub_xen_file (file);
+  elf = grub_xen_file_and_cmdline (file,
+		                   (char *) next_start.cmd_line,
+		                   sizeof (next_start.cmd_line) - 1);
   if (!elf)
     goto fail;
 
diff --git a/grub-core/loader/i386/xen_file.c b/grub-core/loader/i386/xen_file.c
index 583621890..a5cd714fa 100644
--- a/grub-core/loader/i386/xen_file.c
+++ b/grub-core/loader/i386/xen_file.c
@@ -20,8 +20,18 @@
 #include <grub/i386/linux.h>
 #include <grub/misc.h>
 
+#include "verity-hash.h"
+
 grub_elf_t
 grub_xen_file (grub_file_t file)
+{
+  return grub_xen_file_and_cmdline (file, NULL, 0);
+}
+
+grub_elf_t
+grub_xen_file_and_cmdline (grub_file_t file,
+			   char *cmdline,
+			   grub_size_t cmdline_max_len)
 {
   grub_elf_t elf;
   struct linux_kernel_header lh;
@@ -57,6 +67,9 @@ grub_xen_file (grub_file_t file)
 		+ lh.payload_offset,
 		(unsigned long long) lh.payload_length - 4);
 
+  if (cmdline)
+    grub_pass_verity_hash (&lh, cmdline, cmdline_max_len);
+
   off_file = grub_file_offset_open (file, (lh.setup_sects + 1) * 512
 				    + lh.payload_offset,
 				    lh.payload_length - 4);
diff --git a/include/grub/xen_file.h b/include/grub/xen_file.h
index 4b2ccba78..45a45a55b 100644
--- a/include/grub/xen_file.h
+++ b/include/grub/xen_file.h
@@ -24,6 +24,9 @@
 #include <grub/elfload.h>
 
 grub_elf_t grub_xen_file (grub_file_t file);
+grub_elf_t grub_xen_file_and_cmdline (grub_file_t file,
+				      char *cmdline,
+				      grub_size_t cmdline_max_len);
 
 struct grub_xen_file_info
 {