Merge pull request #42 from glevand/for-merge-arm64-verity

Add arm64 verity support
2017-01-25 18:18:01 -08:00 · 2017-01-25 18:18:01 -08:00 · e2e860614f
commit e2e860614f
parent ff8d967eff dc2eaa5855
5 changed files with 33 additions and 8 deletions
--- a/grub-core/loader/arm64/linux.c
+++ b/grub-core/loader/arm64/linux.c
@ -32,6 +32,8 @@
 #include <grub/i18n.h>
 #include <grub/lib/cmdline.h>
 #include <grub/verity-hash.h>
 GRUB_MOD_LICENSE ("GPLv3+");
 static grub_dl_t my_mod;
@ -297,7 +299,8 @@ grub_cmd_linux (grub_command_t cmd __attribute__ ((unused)),
  grub_dprintf ("linux", "kernel @ %p\n", kernel_addr);
-  cmdline_size = grub_loader_cmdline_size (argc, argv) + sizeof (LINUX_IMAGE);
+  cmdline_size = grub_loader_cmdline_size (argc, argv) + sizeof (LINUX_IMAGE)
 	+ VERITY_CMDLINE_LENGTH;
  linux_args = grub_malloc (cmdline_size);
  if (!linux_args)
    {
@ -311,6 +314,7 @@ grub_cmd_linux (grub_command_t cmd __attribute__ ((unused)),
  if (grub_errno == GRUB_ERR_NONE)
    {
      grub_pass_verity_hash (kernel_addr, linux_args, cmdline_size);
      grub_loader_set (grub_linux_boot, grub_linux_unload, 0);
      loaded = 1;
    }
--- a/grub-core/loader/i386/efi/linux.c
+++ b/grub-core/loader/i386/efi/linux.c
@ -28,7 +28,7 @@
 #include <grub/efi/efi.h>
 #include <grub/tpm.h>
-#include "../verity-hash.h"
+#include <grub/verity-hash.h>
 GRUB_MOD_LICENSE ("GPLv3+");
--- a/grub-core/loader/i386/linux.c
+++ b/grub-core/loader/i386/linux.c
@ -37,7 +37,8 @@
 #include <grub/linux.h>
 #include <grub/tpm.h>
-#include "verity-hash.h"
+#include <grub/verity-hash.h>
 GRUB_MOD_LICENSE ("GPLv3+");
 #ifdef GRUB_MACHINE_PCBIOS
--- a/grub-core/loader/i386/xen_file.c
+++ b/grub-core/loader/i386/xen_file.c
@ -20,7 +20,7 @@
 #include <grub/i386/linux.h>
 #include <grub/misc.h>
-#include "verity-hash.h"
+#include <grub/verity-hash.h>
 grub_elf_t
 grub_xen_file (grub_file_t file)
--- a/grub-core/loader/i386/verity-hash.h
+++ b/grub-core/loader/i386/verity-hash.h
@ -1,13 +1,33 @@
 /* CoreOS verity hash */
 #define VERITY_ARG " verity.usrhash="
 #define VERITY_ARG_LENGTH (sizeof (VERITY_ARG) - 1)
 #define VERITY_HASH_OFFSET 0x40
 #define VERITY_HASH_LENGTH 64
 #define VERITY_CMDLINE_LENGTH ((VERITY_ARG_LENGTH)+(VERITY_HASH_LENGTH))
-static inline void grub_pass_verity_hash(struct linux_kernel_header *lh,
+#if defined(__aarch64__)
 # define VERITY_HASH_OFFSET 512
 #elif defined(__i386__)
 # define VERITY_HASH_OFFSET 0x40
 #else
 # error Unsupported arch
 #endif
 /**
 * grub_pass_verity_hash - Reads the CoreOS verity hash value from a well known
 * kernel image offset and adds a kernel command line argument for it.
 *
 * @pImage: Kernel image buffer.
 * @cmdline: Kernel command line buffer.
 * @cmdline_max_len: Kernel command line buffer length.
 */
 static inline void grub_pass_verity_hash(const void *pImage,
 					 char *cmdline,
 					 grub_size_t cmdline_max_len)
 {
-  char *buf = (char *)lh;
+  const char *buf = pImage;
  grub_size_t cmdline_len;
  int i;
@ -19,7 +39,7 @@ static inline void grub_pass_verity_hash(struct linux_kernel_header *lh,
    }
  cmdline_len = grub_strlen(cmdline);
-  if (cmdline_len + VERITY_ARG_LENGTH + VERITY_HASH_LENGTH > cmdline_max_len)
+  if (cmdline_len + VERITY_CMDLINE_LENGTH > cmdline_max_len)
    return;
  grub_memcpy (cmdline + cmdline_len, VERITY_ARG, VERITY_ARG_LENGTH);