D20018.diff
No OneTemporary
Actions

Size

2 KB

Referenced Files

None

Subscribers

None

D20018.diff
View Options

	Index: lib/libsecureboot/h/libsecureboot.h
	===================================================================
	--- lib/libsecureboot/h/libsecureboot.h
	+++ lib/libsecureboot/h/libsecureboot.h
	@@ -86,6 +86,7 @@
	#define VEF_VERBOSE 1

	#define VE_FINGERPRINT_OK 1
	+#define VE_FINGERPRINT_IGNORE 2
	/* errors from verify_fd */
	#define VE_FINGERPRINT_NONE -2
	#define VE_FINGERPRINT_WRONG -3
	Index: lib/libsecureboot/vectx.c
	===================================================================
	--- lib/libsecureboot/vectx.c
	+++ lib/libsecureboot/vectx.c
	@@ -120,7 +120,10 @@
	ctx->vec_status = VE_FINGERPRINT_NONE;
	ve_error_set("%s: no entry", path);
	} else {
	- if (strncmp(cp, "sha256=", 7) == 0) {
	+ if (strncmp(cp, "no_hash", 7) == 0) {
	+ ctx->vec_status = VE_FINGERPRINT_IGNORE;
	+ hashsz = 0;
	+ } else if (strncmp(cp, "sha256=", 7) == 0) {
	ctx->vec_md = &br_sha256_vtable;
	hashsz = br_sha256_SIZE;
	cp += 7;
	@@ -150,11 +153,13 @@
	*error = ctx->vec_status;
	ctx->vec_hashsz = hashsz;
	ctx->vec_want = cp;
	- ctx->vec_md->init(&ctx->vec_ctx.vtable);
	+ if (hashsz > 0) {
	+ ctx->vec_md->init(&ctx->vec_ctx.vtable);

	- if (hashsz > 0 && off > 0) {
	- lseek(fd, 0, SEEK_SET);
	- vectx_lseek(ctx, off, SEEK_SET);
	+ if (off > 0) {
	+ lseek(fd, 0, SEEK_SET);
	+ vectx_lseek(ctx, off, SEEK_SET);
	+ }
	}
	return (ctx);

	Index: lib/libsecureboot/veopen.c
	===================================================================
	--- lib/libsecureboot/veopen.c
	+++ lib/libsecureboot/veopen.c
	@@ -345,7 +345,9 @@
	size_t hlen;
	int n;

	- if (strncmp(cp, "sha256=", 7) == 0) {
	+ if (strncmp(cp, "no_hash", 7) == 0) {
	+ return (VE_FINGERPRINT_IGNORE);
	+ } else if (strncmp(cp, "sha256=", 7) == 0) {
	md = &br_sha256_vtable;
	hlen = br_sha256_SIZE;
	cp += 7;
	@@ -423,6 +425,7 @@
	rc = verify_fingerprint(fd, path, cp, off);
	switch (rc) {
	case VE_FINGERPRINT_OK:
	+ case VE_FINGERPRINT_IGNORE:
	case VE_FINGERPRINT_UNKNOWN:
	return (rc);
	default:
	Index: lib/libsecureboot/verify_file.c
	===================================================================
	--- lib/libsecureboot/verify_file.c
	+++ lib/libsecureboot/verify_file.c
	@@ -343,10 +343,14 @@
	if ((rc = verify_fd(fd, filename, off, &st)) >= 0) {
	if (verbose \|\| severity > VE_WANT) {
	#if defined(VE_DEBUG_LEVEL) && VE_DEBUG_LEVEL > 0
	- printf("Verified %s %llu,%llu\n", filename,
	+ printf("%serified %s %llu,%llu\n",
	+ (rc == VE_FINGERPRINT_IGNORE) ? "Unv" : "V",
	+ filename,
	(long long)st.st_dev, (long long)st.st_ino);
	#else
	- printf("Verified %s\n", filename);
	+ printf("%serified %s\n",
	+ (rc == VE_FINGERPRINT_IGNORE) ? "Unv" : "V",
	+ filename);
	#endif
	}
	if (severity < VE_MUST) { /* not a kernel or module */

File Metadata

Mime Type: text/plain
Expires: Sun, Jan 12, 4:34 AM (20 h, 34 m)
Storage Engine: blob
Storage Format: Raw Data
Storage Handle: 15761193
Default Alt Text: D20018.diff (2 KB)

D20018.diffNo OneTemporaryActions

D20018.diffView Options

File Metadata

Event Timeline

D20018.diff
No OneTemporary
Actions

D20018.diff
View Options