X-Git-Url: http://git.ozlabs.org/?p=petitboot;a=blobdiff_plain;f=discover%2Fboot.c;h=056d02de6869c681aa1d000edad0a8e9e9ef6b5c;hp=c4ddfef591ebf5c76bf483ac0d5fa2fd13c9dc15;hb=5668d29abb1da87c1feaf90d4206a4b2b7ab00f5;hpb=86c9d34380b0074dab1ba89a569a94280d6999c4 diff --git a/discover/boot.c b/discover/boot.c index c4ddfef..056d02d 100644 --- a/discover/boot.c +++ b/discover/boot.c @@ -51,9 +51,14 @@ static int kexec_load(struct boot_task *boot_task) boot_task->local_image_override = NULL; if ((result = gpg_validate_boot_files(boot_task))) { - if (result == KEXEC_LOAD_SIGNATURE_FAILURE) { + if (result == KEXEC_LOAD_DECRYPTION_FALURE) { pb_log("%s: Aborting kexec due to" - " signature verification failure\n", __func__); + " decryption failure\n", __func__); + goto abort_kexec; + } + if (result == KEXEC_LOAD_SIGNATURE_FAILURE) { + pb_log("%s: Aborting kexec due to signature" + " verification failure\n", __func__); goto abort_kexec; } } @@ -141,7 +146,7 @@ static int kexec_reboot(struct boot_task *task) static void __attribute__((format(__printf__, 4, 5))) update_status( boot_status_fn fn, void *arg, int type, char *fmt, ...) { - struct boot_status status; + struct status status; va_list ap; va_start(ap, fmt); @@ -149,8 +154,6 @@ static void __attribute__((format(__printf__, 4, 5))) update_status( va_end(ap); status.type = type; - status.progress = -1; - status.detail = NULL; pb_debug("boot status: [%d] %s\n", type, status.message); @@ -215,7 +218,7 @@ static void boot_hook_setenv(struct boot_task *task) unsetenv("boot_initrd"); unsetenv("boot_dtb"); unsetenv("boot_args"); - unsetenv("boot_tty"); + unsetenv("boot_console"); setenv("boot_image", task->local_image, 1); if (task->local_initrd) @@ -224,8 +227,8 @@ static void boot_hook_setenv(struct boot_task *task) setenv("boot_dtb", task->local_dtb, 1); if (task->args) setenv("boot_args", task->args, 1); - if (task->boot_tty) - setenv("boot_tty", task->boot_tty, 1); + if (task->boot_console) + setenv("boot_console", task->boot_console, 1); } static int hook_filter(const struct dirent *dirent) @@ -247,7 +250,7 @@ static void run_boot_hooks(struct boot_task *task) if (n < 1) return; - update_status(task->status_fn, task->status_arg, BOOT_STATUS_INFO, + update_status(task->status_fn, task->status_arg, STATUS_INFO, _("running boot hooks")); boot_hook_setenv(task); @@ -310,7 +313,7 @@ static int check_load(struct boot_task *task, const char *name, return 0; update_status(task->status_fn, task->status_arg, - BOOT_STATUS_ERROR, + STATUS_ERROR, _("Couldn't load %s"), name); return -1; } @@ -391,7 +394,13 @@ static void boot_process(struct load_url_result *result, void *data) load_pending(task->dtb_signature) || load_pending(task->cmdline_signature)) return; + } + if (task->decrypt_files) { + if (load_pending(task->cmdline_signature)) + return; + } + if (task->verify_signature) { if (check_load(task, "kernel image signature", task->image_signature) || check_load(task, "initrd signature", @@ -402,6 +411,14 @@ static void boot_process(struct load_url_result *result, void *data) task->cmdline_signature)) goto no_sig_load; } + if (task->decrypt_files) { + if (load_pending(task->cmdline_signature)) + return; + + if (check_load(task, "command line signature", + task->cmdline_signature)) + goto no_decrypt_sig_load; + } /* we make a copy of the local paths, as the boot hooks might update * and/or create these */ @@ -416,36 +433,43 @@ static void boot_process(struct load_url_result *result, void *data) task->initrd_signature->local : NULL; task->local_dtb_signature = task->dtb_signature ? task->dtb_signature->local : NULL; + } + if (task->verify_signature || task->decrypt_files) { task->local_cmdline_signature = task->cmdline_signature ? task->cmdline_signature->local : NULL; } run_boot_hooks(task); - update_status(task->status_fn, task->status_arg, BOOT_STATUS_INFO, + update_status(task->status_fn, task->status_arg, STATUS_INFO, _("performing kexec_load")); rc = kexec_load(task); - if (rc == KEXEC_LOAD_SIGNATURE_FAILURE) { + if (rc == KEXEC_LOAD_DECRYPTION_FALURE) { + update_status(task->status_fn, task->status_arg, + STATUS_ERROR, _("decryption failed")); + } + else if (rc == KEXEC_LOAD_SIGNATURE_FAILURE) { update_status(task->status_fn, task->status_arg, - BOOT_STATUS_ERROR, + STATUS_ERROR, _("signature verification failed")); } else if (rc == KEXEC_LOAD_SIG_SETUP_INVALID) { update_status(task->status_fn, task->status_arg, - BOOT_STATUS_ERROR, + STATUS_ERROR, _("invalid signature configuration")); } else if (rc) { update_status(task->status_fn, task->status_arg, - BOOT_STATUS_ERROR, - _("kexec load failed")); + STATUS_ERROR, _("kexec load failed")); } no_sig_load: cleanup_load(task->image_signature); cleanup_load(task->initrd_signature); cleanup_load(task->dtb_signature); + +no_decrypt_sig_load: cleanup_load(task->cmdline_signature); no_load: @@ -455,13 +479,12 @@ no_load: if (!rc) { update_status(task->status_fn, task->status_arg, - BOOT_STATUS_INFO, - _("performing kexec reboot")); + STATUS_INFO, _("performing kexec reboot")); rc = kexec_reboot(task); if (rc) { update_status(task->status_fn, task->status_arg, - BOOT_STATUS_ERROR, + STATUS_ERROR, _("kexec reboot failed")); } } @@ -476,8 +499,7 @@ static int start_url_load(struct boot_task *task, const char *name, *result = load_url_async(task, url, boot_process, task); if (!*result) { update_status(task->status_fn, task->status_arg, - BOOT_STATUS_ERROR, - _("Error loading %s"), name); + STATUS_ERROR, _("Error loading %s"), name); return -1; } return 0; @@ -490,10 +512,11 @@ struct boot_task *boot(void *ctx, struct discover_boot_option *opt, struct pb_url *image = NULL, *initrd = NULL, *dtb = NULL; struct pb_url *image_sig = NULL, *initrd_sig = NULL, *dtb_sig = NULL, *cmdline_sig = NULL; - const struct config *config; + const struct config *config = config_get(); struct boot_task *boot_task; const char *boot_desc; int rc; + int lockdown_type; if (opt && opt->option->name) boot_desc = opt->option->name; @@ -502,7 +525,7 @@ struct boot_task *boot(void *ctx, struct discover_boot_option *opt, else boot_desc = _("(unknown)"); - update_status(status_fn, status_arg, BOOT_STATUS_INFO, + update_status(status_fn, status_arg, STATUS_INFO, _("Booting %s."), boot_desc); if (cmd && cmd->boot_image_file) { @@ -511,7 +534,7 @@ struct boot_task *boot(void *ctx, struct discover_boot_option *opt, image = opt->boot_image->url; } else { pb_log("%s: no image specified\n", __func__); - update_status(status_fn, status_arg, BOOT_STATUS_INFO, + update_status(status_fn, status_arg, STATUS_INFO, _("Boot failed: no image specified")); return NULL; } @@ -533,7 +556,9 @@ struct boot_task *boot(void *ctx, struct discover_boot_option *opt, boot_task->status_fn = status_fn; boot_task->status_arg = status_arg; - boot_task->verify_signature = (lockdown_status() == PB_LOCKDOWN_SIGN); + lockdown_type = lockdown_status(); + boot_task->verify_signature = (lockdown_type == PB_LOCKDOWN_SIGN); + boot_task->decrypt_files = (lockdown_type == PB_LOCKDOWN_DECRYPT); if (cmd && cmd->boot_args) { boot_task->args = talloc_strdup(boot_task, cmd->boot_args); @@ -544,14 +569,12 @@ struct boot_task *boot(void *ctx, struct discover_boot_option *opt, boot_task->args = NULL; } - if (cmd && cmd->tty) - boot_task->boot_tty = talloc_strdup(boot_task, cmd->tty); - else { - config = config_get(); - boot_task->boot_tty = config ? config->boot_tty : NULL; - } + if (cmd && cmd->console && !config->manual_console) + boot_task->boot_console = talloc_strdup(boot_task, cmd->console); + else + boot_task->boot_console = config ? config->boot_console : NULL; - if (boot_task->verify_signature) { + if (boot_task->verify_signature || boot_task->decrypt_files) { if (cmd && cmd->args_sig_file) { cmdline_sig = pb_url_parse(opt, cmd->args_sig_file); } else if (opt && opt->args_sig_file) { @@ -559,7 +582,7 @@ struct boot_task *boot(void *ctx, struct discover_boot_option *opt, } else { pb_log("%s: no command line signature file" " specified\n", __func__); - update_status(status_fn, status_arg, BOOT_STATUS_INFO, + update_status(status_fn, status_arg, STATUS_INFO, _("Boot failed: no command line" " signature file specified")); talloc_free(boot_task); @@ -590,7 +613,9 @@ struct boot_task *boot(void *ctx, struct discover_boot_option *opt, rc |= start_url_load(boot_task, "dtb signature", dtb_sig, &boot_task->dtb_signature); } + } + if (boot_task->verify_signature || boot_task->decrypt_files) { rc |= start_url_load(boot_task, "kernel command line signature", cmdline_sig, &boot_task->cmdline_signature); @@ -613,7 +638,7 @@ void boot_cancel(struct boot_task *task) { task->cancelled = true; - update_status(task->status_fn, task->status_arg, BOOT_STATUS_INFO, + update_status(task->status_fn, task->status_arg, STATUS_INFO, _("Boot cancelled")); cleanup_cancellations(task, NULL);