Skip to content

Commit

Permalink
lib/mount: Use lcfs_fd_measure_fsverity
Browse files Browse the repository at this point in the history
This is ensuring we have our fsverity ioctl parsing code in
one place.

Signed-off-by: Colin Walters <walters@verbum.org>
  • Loading branch information
cgwalters committed Nov 6, 2024
1 parent 19bca55 commit 52d98a4
Showing 1 changed file with 5 additions and 10 deletions.
15 changes: 5 additions & 10 deletions libcomposefs/lcfs-mount.c
Original file line number Diff line number Diff line change
Expand Up @@ -210,20 +210,15 @@ static errint_t lcfs_validate_mount_options(struct lcfs_mount_state_s *state)

static errint_t lcfs_validate_verity_fd(struct lcfs_mount_state_s *state)
{
char buf[sizeof(struct fsverity_digest) + MAX_DIGEST_SIZE];
struct fsverity_digest *fsv = (struct fsverity_digest *)&buf;
int res;

if (state->expected_digest_len != 0) {
fsv->digest_size = MAX_DIGEST_SIZE;
res = ioctl(state->fd, FS_IOC_MEASURE_VERITY, fsv);
if (res == -1) {
if (errno == ENODATA || errno == EOPNOTSUPP || errno == ENOTTY)
return -ENOVERITY;
return -errno;
uint8_t found_digest[LCFS_DIGEST_SIZE];
res = lcfs_fd_measure_fsverity(found_digest, state->fd);
if (res < 0) {
return res;
}
if (fsv->digest_size != state->expected_digest_len ||
memcmp(state->expected_digest, fsv->digest, fsv->digest_size) != 0)
if (memcmp(state->expected_digest, found_digest, LCFS_DIGEST_SIZE) != 0)
return -EWRONGVERITY;
}

Expand Down

0 comments on commit 52d98a4

Please sign in to comment.