/* used in CRYPT_VERITY */
struct crypt_params_verity verity_hdr;
- uint32_t verity_flags;
char *verity_root_hash;
uint64_t verity_root_hash_size;
return r;
if (params)
- cd->verity_flags = params->flags;
+ cd->verity_hdr.flags = params->flags;
if (params && params->data_device &&
(r = crypt_set_data_device(cd, params->data_device)) < 0)
goto out;
if (isVERITY(cd->type)) {
- cd->verity_flags = CRYPT_VERITY_NO_HEADER; //FIXME
+ cd->verity_hdr.flags = CRYPT_VERITY_NO_HEADER; //FIXME
//cd->verity_uuid = dmd.uuid ? strdup(dmd.uuid) : NULL;
cd->verity_hdr.data_size = params.data_size;
cd->verity_root_hash_size = dmd.u.verity.root_hash_size;
if (params->version > 1)
return -EINVAL;
- /* set dat device */
+ /* set data device */
cd->type = CRYPT_VERITY;
r = crypt_set_data_device(cd, params->data_device);
cd->type = NULL;
if (!cd->verity_root_hash_size)
return -EINVAL;
- cd->verity_flags = params->flags;
cd->verity_root_hash = malloc(cd->verity_root_hash_size);
if (!cd->verity_root_hash)
return -ENOMEM;
+ cd->verity_hdr.flags = params->flags;
cd->verity_hdr.hash_name = strdup(params->hash_name);
cd->verity_hdr.data_device = NULL;
cd->verity_hdr.data_block_size = params->data_block_size;
if (r)
goto out;
- r = VERITY_write_sb(cd, mdata_device(cd),
- cd->verity_hdr.hash_area_offset,
- &cd->verity_hdr);
+ if (!(params->flags & CRYPT_VERITY_NO_HEADER))
+ r = VERITY_write_sb(cd, mdata_device(cd),
+ cd->verity_hdr.hash_area_offset,
+ &cd->verity_hdr);
out:
if (r) {
free(cd->verity_root_hash);
r = VERITY_activate(cd, name, mdata_device(cd),
volume_key, volume_key_size,
- &cd->verity_hdr, cd->verity_flags);
+ &cd->verity_hdr, CRYPT_ACTIVATE_READONLY);
if (r == -EPERM) {
free(cd->verity_root_hash);
log_dbg("Reading VERITY header of size %u on device %s, offset %" PRIu64 ".",
sizeof(struct verity_sb), device, sb_offset);
+ if (params->flags & CRYPT_VERITY_NO_HEADER) {
+ log_err(cd, _("Verity don't use on-disk header.\n"), device);
+ return -EINVAL;
+ }
+
devfd = open(device ,O_RDONLY | O_DIRECT);
if(devfd == -1) {
log_err(cd, _("Cannot open device %s.\n"), device);
log_dbg("Updating VERITY header of size %u on device %s, offset %" PRIu64 ".",
sizeof(struct verity_sb), device, sb_offset);
+ if (params->flags & CRYPT_VERITY_NO_HEADER) {
+ log_err(cd, _("Verity don't use on-disk header.\n"), device);
+ return -EINVAL;
+ }
+
devfd = open(device, O_RDWR | O_DIRECT);
if(devfd == -1) {
log_err(cd, _("Cannot open device %s.\n"), device);
const char *root_hash,
size_t root_hash_size,
struct crypt_params_verity *verity_hdr,
- uint32_t flags)
+ uint32_t activation_flags)
{
struct crypt_dm_active_device dmd;
uint64_t offset = 0;
log_dbg("Trying to activate VERITY device %s using hash %s.",
name ?: "[none]", verity_hdr->hash_name);
- if (flags & CRYPT_VERITY_CHECK_HASH) {
+ if (verity_hdr->flags & CRYPT_VERITY_CHECK_HASH) {
r = VERITY_verify(cd, verity_hdr,
crypt_get_device_name(cd), hash_device,
root_hash, root_hash_size);
dmd.u.verity.root_hash = root_hash;
dmd.u.verity.root_hash_size = root_hash_size;
dmd.u.verity.hash_offset = VERITY_hash_offset_block(verity_hdr),
- dmd.flags = CRYPT_ACTIVATE_READONLY;
+ dmd.flags = activation_flags;
dmd.size = verity_hdr->data_size * verity_hdr->data_block_size / 512;
dmd.uuid = NULL;
dmd.u.verity.vp = verity_hdr;
const char *root_hash,
size_t root_hash_size,
struct crypt_params_verity *verity_hdr,
- uint32_t flags);
+ uint32_t activation_flags);
int VERITY_verify(struct crypt_device *cd,
struct crypt_params_verity *verity_hdr,
* - extend superblock (UUID)
* - add api tests
* - salt string "-"
+ * - report in-kernel status outside libcryptsetup (extend api)
*/
#include <stdio.h>