Add verity hash passthrough
Read the verity hash from the kernel binary and pass it to the running system via the kernel command line
This commit is contained in:
Matthew Garrett
parent
2755ecd157
commit
e5ee3e8fa5
3 changed files with 30 additions and 0 deletions
25
grub-core/loader/i386/verity-hash.h
Normal file
25
grub-core/loader/i386/verity-hash.h
Normal file
|
|
@ -0,0 +1,25 @@
|
|||
#define VERITY_ARG " verity.usrhash="
|
||||
#define VERITY_HASH_OFFSET 0x40
|
||||
#define VERITY_HASH_LENGTH 64
|
||||
|
||||
static inline void grub_pass_verity_hash(struct linux_kernel_header *lh,
|
||||
char *cmdline)
|
||||
{
|
||||
char *buf = (char *)lh;
|
||||
grub_size_t cmdline_len;
|
||||
int i;
|
||||
|
||||
for (i=VERITY_HASH_OFFSET; i<VERITY_HASH_OFFSET + VERITY_HASH_LENGTH; i++)
|
||||
{
|
||||
if (buf[i] < '0' || buf[i] > '9') // Not a number
|
||||
if (buf[i] < 'a' || buf[i] > 'f') // Not a hex letter
|
||||
return;
|
||||
}
|
||||
|
||||
grub_memcpy (cmdline + grub_strlen(cmdline), VERITY_ARG,
|
||||
sizeof (VERITY_ARG));
|
||||
cmdline_len = grub_strlen(cmdline);
|
||||
grub_memcpy (cmdline + cmdline_len, buf + VERITY_HASH_OFFSET,
|
||||
VERITY_HASH_LENGTH);
|
||||
cmdline[cmdline_len + VERITY_HASH_LENGTH] = '\0';
|
||||
}
|
||||
Loading…
Add table
Add a link
Reference in a new issue