loader: Add arm64 verity

Signed-off-by: Geoff Levand <geoff@infradead.org>

grub-core/loader/arm64/linux.c

@@ -32,6 +32,8 @@
 #include <grub/i18n.h>
 #include <grub/lib/cmdline.h>
 
+#include <grub/verity-hash.h>
+
 GRUB_MOD_LICENSE ("GPLv3+");
 
 static grub_dl_t my_mod;
@@ -297,7 +299,8 @@ grub_cmd_linux (grub_command_t cmd __attribute__ ((unused)),
 
   grub_dprintf ("linux", "kernel @ %p\n", kernel_addr);
 
-  cmdline_size = grub_loader_cmdline_size (argc, argv) + sizeof (LINUX_IMAGE);
+  cmdline_size = grub_loader_cmdline_size (argc, argv) + sizeof (LINUX_IMAGE)
+	+ VERITY_CMDLINE_LENGTH;
   linux_args = grub_malloc (cmdline_size);
   if (!linux_args)
     {
@@ -311,6 +314,7 @@ grub_cmd_linux (grub_command_t cmd __attribute__ ((unused)),
 
   if (grub_errno == GRUB_ERR_NONE)
     {
+      grub_pass_verity_hash (kernel_addr, linux_args, cmdline_size);
       grub_loader_set (grub_linux_boot, grub_linux_unload, 0);
       loaded = 1;
     }

include/grub/verity-hash.h

@@ -4,7 +4,14 @@
 #define VERITY_ARG_LENGTH (sizeof (VERITY_ARG) - 1)
 #define VERITY_HASH_LENGTH 64
 #define VERITY_CMDLINE_LENGTH ((VERITY_ARG_LENGTH)+(VERITY_HASH_LENGTH))
-#define VERITY_HASH_OFFSET 0x40
+
+#if defined(__aarch64__)
+# define VERITY_HASH_OFFSET 512
+#elif defined(__i386__)
+# define VERITY_HASH_OFFSET 0x40
+#else
+# error Unsupported arch
+#endif
 
 
 /**