[PATCH 03/11] dm: verity: Add transparent integrity checking target
Sascha Hauer
s.hauer at pengutronix.de
Thu Sep 18 06:06:04 PDT 2025
On Thu, Sep 18, 2025 at 09:43:13AM +0200, Tobias Waldekranz wrote:
> Add the dm-verity target, which is compatible with the Linux
> implementation. This means that we can now create dm-verity devices on
> top of partitions containing read-only filesystems and transparently
> verify the integrity of all data is associated the verity root hash.
>
> CRUCIALLY: The root hash still has be validated by some other means,
> which is outside of the scope of this implementation. Future changes
> will add support for validation of the root hash using a PKCS#7
> signature, again compatible with the Linux kernel implementation.
>
> Signed-off-by: Tobias Waldekranz <tobias at waldekranz.com>
> ---
> drivers/block/dm/Kconfig | 7 +
> drivers/block/dm/Makefile | 1 +
> drivers/block/dm/dm-target.h | 14 ++
> drivers/block/dm/dm-verity.c | 463 +++++++++++++++++++++++++++++++++++
> 4 files changed, 485 insertions(+)
> create mode 100644 drivers/block/dm/dm-verity.c
>
> +static int dm_verity_create(struct dm_target *ti, unsigned int argc, char **argv)
> +{
> + struct dm_verity *v;
> + unsigned int ver;
> + int err;
> +
> + if (argc != 10) {
> + dm_target_err(ti, "Expected 10 arguments, got %u\n", argc);
> + return -EINVAL;
> + }
For the sake of readablity, can you do a
const char *verity_version = argv[0];
const char *verity_device = argv[1];
...
and use these instead of argv[x] directly?
> +
> + if (kstrtouint(argv[0], 0, &ver) || ver != 1) {
> + dm_target_err(ti, "Only version 1 is supported, not \"%s\"\n", argv[0]);
> + return -EINVAL;
> + }
> +
> + v = xzalloc(sizeof(*v));
> + ti->private = v;
> +
> + err = dm_verity_cdev_init(ti, &v->ddev, argv[1], argv[3], argv[5], NULL);
> + if (err)
> + goto err;
> +
> + err = dm_verity_cdev_init(ti, &v->hdev, argv[2], argv[4], NULL, argv[6]);
> + if (err)
> + goto err;
> +
> + v->digest_algo = digest_alloc(argv[7]);
> + if (!v->digest_algo) {
> + dm_target_err(ti, "Unknown digest \"%s\"\n", argv[7]);
> + err = -EINVAL;
> + goto err;
> + }
> +
> + v->digest_len = digest_length(v->digest_algo);
> + if ((1 << v->hdev.blk.bits) < v->digest_len * 2) {
> + dm_target_err(ti, "Digest size too big\n");
> + err = -EINVAL;
> + goto err;
> + }
> +
> + v->root_digest = xmalloc(v->digest_len);
> + if (strlen(argv[8]) != v->digest_len * 2 ||
> + hex2bin(v->root_digest, argv[8], v->digest_len)) {
> + dm_target_err(ti, "Invalid root digest \"%s\"\n", argv[8]);
> + err = -EINVAL;
> + goto err;
> + }
> +
> + if (strcmp(argv[9], "-")) {
> + v->salt_size = strlen(argv[9]) / 2;
> + v->salt = xmalloc(v->salt_size);
> +
> + if (strlen(argv[9]) != v->salt_size * 2 ||
> + hex2bin(v->salt, argv[9], v->salt_size)) {
> + dm_target_err(ti, "Invalid salt \"%s\"\n", argv[9]);
> + err = -EINVAL;
> + goto err;
> + }
> + }
> +
> + err = dm_verity_measure(ti);
> + if (err)
> + goto err;
> +
> + /* Initialize this to a value larger than the largest possible
> + * hash block lba to make sure that the first hash block read
> + * in dm_verity_verify() always misses the cache.
> + */
> + v->verify.hblock.block = v->hdev.blk.num;
> + v->verify.hblock.data = xmalloc(1 << v->hdev.blk.bits);
> +
> + v->verify.digest = xmalloc(v->digest_len);
> + v->verify.trusted = bitmap_xzalloc(v->hdev.blk.num);
> + return 0;
> +
> +err:
> + if (v->salt)
> + free(v->salt);
> + if (v->root_digest)
> + free(v->root_digest);
No need to check. free() handles NULL pointers.
Sascha
> + if (v->digest_algo)
> + digest_free(v->digest_algo);
> + if (v->hdev.cdev)
> + cdev_close(v->hdev.cdev);
> + if (v->ddev.cdev)
> + cdev_close(v->ddev.cdev);
> +
> + free(v);
> + return err;
> +}
> +
--
Pengutronix e.K. | |
Steuerwalder Str. 21 | http://www.pengutronix.de/ |
31137 Hildesheim, Germany | Phone: +49-5121-206917-0 |
Amtsgericht Hildesheim, HRA 2686 | Fax: +49-5121-206917-5555 |
More information about the barebox
mailing list