0001
0002
0003 #include <linux/list.h>
0004 #include <linux/kernel.h>
0005 #include <linux/dm-verity-loadpin.h>
0006
0007 #include "dm.h"
0008 #include "dm-core.h"
0009 #include "dm-verity.h"
0010
0011 #define DM_MSG_PREFIX "verity-loadpin"
0012
0013 LIST_HEAD(dm_verity_loadpin_trusted_root_digests);
0014
0015 static bool is_trusted_verity_target(struct dm_target *ti)
0016 {
0017 u8 *root_digest;
0018 unsigned int digest_size;
0019 struct dm_verity_loadpin_trusted_root_digest *trd;
0020 bool trusted = false;
0021
0022 if (!dm_is_verity_target(ti))
0023 return false;
0024
0025 if (dm_verity_get_root_digest(ti, &root_digest, &digest_size))
0026 return false;
0027
0028 list_for_each_entry(trd, &dm_verity_loadpin_trusted_root_digests, node) {
0029 if ((trd->len == digest_size) &&
0030 !memcmp(trd->data, root_digest, digest_size)) {
0031 trusted = true;
0032 break;
0033 }
0034 }
0035
0036 kfree(root_digest);
0037
0038 return trusted;
0039 }
0040
0041
0042
0043
0044
0045 bool dm_verity_loadpin_is_bdev_trusted(struct block_device *bdev)
0046 {
0047 struct mapped_device *md;
0048 struct dm_table *table;
0049 struct dm_target *ti;
0050 int srcu_idx;
0051 bool trusted = false;
0052
0053 if (list_empty(&dm_verity_loadpin_trusted_root_digests))
0054 return false;
0055
0056 md = dm_get_md(bdev->bd_dev);
0057 if (!md)
0058 return false;
0059
0060 table = dm_get_live_table(md, &srcu_idx);
0061
0062 if (table->num_targets != 1)
0063 goto out;
0064
0065 ti = dm_table_get_target(table, 0);
0066
0067 if (is_trusted_verity_target(ti))
0068 trusted = true;
0069
0070 out:
0071 dm_put_live_table(md, srcu_idx);
0072 dm_put(md);
0073
0074 return trusted;
0075 }
