mirror of
https://chromium.googlesource.com/crosvm/crosvm
synced 2024-11-28 17:44:10 +00:00
e3364b743a
The fsverity_enable_arg struct contains optional pointers to additional
data. Check for them and try to copy them in if necessary. This
requires a corresponding kernel change where the fuse driver also
reads the struct and copies the relevant data from the userspace
application.
Steps to test this change:
// Create a test file
head -c 1000000 /dev/urandom > file
// Generate a new certificate and private key:
openssl req -newkey rsa:4096 -nodes -keyout key.pem -x509 -out cert.pem
// Convert the certificate from PEM to DER format:
openssl x509 -in cert.pem -out cert.der -outform der
// Load the certificate into the fs-verity keyring. This step MUST be
// done on the host kernel.
keyctl padd asymmetric '' %keyring:.fs-verity < cert.der
// Now set up fs-verity on the test file:
fsverity sign file file.sig --key=key.pem --cert=cert.pem \
--salt 12345678
fsverity enable file --signature=file.sig --salt 12345678
BUG=b:141632062
TEST=See above
Change-Id: Ied7106cfbd2919f1f0c7f605166769d4916925b0
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/crosvm/+/3141298
Tested-by: kokoro <noreply+kokoro@google.com>
Reviewed-by: Daniel Verkamp <dverkamp@chromium.org>
Reviewed-by: Keiichi Watanabe <keiichiw@chromium.org>
Commit-Queue: Chirantan Ekbote <chirantan@chromium.org>
|
||
|---|---|---|
| .. | ||
| src | ||
| .build_test_serial | ||
| Cargo.toml | ||