1 /*
2 * Copyright (C) 2015 Google, Inc.
3 *
4 * This software is licensed under the terms of the GNU General Public
5 * License version 2, as published by the Free Software Foundation, and
6 * may be copied, distributed, and modified under those terms.
7 *
8 * This program is distributed in the hope that it will be useful,
9 * but WITHOUT ANY WARRANTY; without even the implied warranty of
10 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
11 * GNU General Public License for more details.
12 *
13 */
14
15 #include <linux/buffer_head.h>
16 #include <linux/debugfs.h>
17 #include <linux/delay.h>
18 #include <linux/device.h>
19 #include <linux/device-mapper.h>
20 #include <linux/errno.h>
21 #include <linux/fs.h>
22 #include <linux/fcntl.h>
23 #include <linux/init.h>
24 #include <linux/kernel.h>
25 #include <linux/key.h>
26 #include <linux/module.h>
27 #include <linux/mount.h>
28 #include <linux/namei.h>
29 #include <linux/of.h>
30 #include <linux/reboot.h>
31 #include <linux/string.h>
32 #include <linux/vmalloc.h>
33
34 #include <asm/setup.h>
35 #include <crypto/hash.h>
36 #include <crypto/public_key.h>
37 #include <crypto/sha.h>
38 #include <keys/asymmetric-type.h>
39 #include <keys/system_keyring.h>
40
41 #include "dm-verity.h"
42 #include "dm-android-verity.h"
43
44 static char verifiedbootstate[VERITY_COMMANDLINE_PARAM_LENGTH];
45 static char veritymode[VERITY_COMMANDLINE_PARAM_LENGTH];
46 static char veritykeyid[VERITY_DEFAULT_KEY_ID_LENGTH];
47 static char buildvariant[BUILD_VARIANT];
48
49 static bool target_added;
50 static bool verity_enabled = true;
51 struct dentry *debug_dir;
52 static int android_verity_ctr(struct dm_target *ti, unsigned argc, char **argv);
53
54 static struct target_type android_verity_target = {
55 .name = "android-verity",
56 .version = {1, 0, 0},
57 .module = THIS_MODULE,
58 .ctr = android_verity_ctr,
59 .dtr = verity_dtr,
60 .map = verity_map,
61 .status = verity_status,
62 .prepare_ioctl = verity_prepare_ioctl,
63 .iterate_devices = verity_iterate_devices,
64 .io_hints = verity_io_hints,
65 };
66
verified_boot_state_param(char * line)67 static int __init verified_boot_state_param(char *line)
68 {
69 strlcpy(verifiedbootstate, line, sizeof(verifiedbootstate));
70 return 1;
71 }
72
73 __setup("androidboot.verifiedbootstate=", verified_boot_state_param);
74
verity_mode_param(char * line)75 static int __init verity_mode_param(char *line)
76 {
77 strlcpy(veritymode, line, sizeof(veritymode));
78 return 1;
79 }
80
81 __setup("androidboot.veritymode=", verity_mode_param);
82
verity_keyid_param(char * line)83 static int __init verity_keyid_param(char *line)
84 {
85 strlcpy(veritykeyid, line, sizeof(veritykeyid));
86 return 1;
87 }
88
89 __setup("veritykeyid=", verity_keyid_param);
90
verity_buildvariant(char * line)91 static int __init verity_buildvariant(char *line)
92 {
93 strlcpy(buildvariant, line, sizeof(buildvariant));
94 return 1;
95 }
96
97 __setup("buildvariant=", verity_buildvariant);
98
default_verity_key_id(void)99 static inline bool default_verity_key_id(void)
100 {
101 return veritykeyid[0] != '\0';
102 }
103
is_eng(void)104 static inline bool is_eng(void)
105 {
106 static const char typeeng[] = "eng";
107
108 return !strncmp(buildvariant, typeeng, sizeof(typeeng));
109 }
110
is_userdebug(void)111 static inline bool is_userdebug(void)
112 {
113 static const char typeuserdebug[] = "userdebug";
114
115 return !strncmp(buildvariant, typeuserdebug, sizeof(typeuserdebug));
116 }
117
is_unlocked(void)118 static inline bool is_unlocked(void)
119 {
120 static const char unlocked[] = "orange";
121
122 return !strncmp(verifiedbootstate, unlocked, sizeof(unlocked));
123 }
124
table_extract_mpi_array(struct public_key_signature * pks,const void * data,size_t len)125 static int table_extract_mpi_array(struct public_key_signature *pks,
126 const void *data, size_t len)
127 {
128 MPI mpi = mpi_read_raw_data(data, len);
129
130 if (!mpi) {
131 DMERR("Error while allocating mpi array");
132 return -ENOMEM;
133 }
134
135 pks->mpi[0] = mpi;
136 pks->nr_mpi = 1;
137 return 0;
138 }
139
table_make_digest(enum hash_algo hash,const void * table,unsigned long table_len)140 static struct public_key_signature *table_make_digest(
141 enum hash_algo hash,
142 const void *table,
143 unsigned long table_len)
144 {
145 struct public_key_signature *pks = NULL;
146 struct crypto_shash *tfm;
147 struct shash_desc *desc;
148 size_t digest_size, desc_size;
149 int ret;
150
151 /* Allocate the hashing algorithm we're going to need and find out how
152 * big the hash operational data will be.
153 */
154 tfm = crypto_alloc_shash(hash_algo_name[hash], 0, 0);
155 if (IS_ERR(tfm))
156 return ERR_CAST(tfm);
157
158 desc_size = crypto_shash_descsize(tfm) + sizeof(*desc);
159 digest_size = crypto_shash_digestsize(tfm);
160
161 /* We allocate the hash operational data storage on the end of out
162 * context data and the digest output buffer on the end of that.
163 */
164 ret = -ENOMEM;
165 pks = kzalloc(digest_size + sizeof(*pks) + desc_size, GFP_KERNEL);
166 if (!pks)
167 goto error;
168
169 pks->pkey_hash_algo = hash;
170 pks->digest = (u8 *)pks + sizeof(*pks) + desc_size;
171 pks->digest_size = digest_size;
172
173 desc = (struct shash_desc *)(pks + 1);
174 desc->tfm = tfm;
175 desc->flags = CRYPTO_TFM_REQ_MAY_SLEEP;
176
177 ret = crypto_shash_init(desc);
178 if (ret < 0)
179 goto error;
180
181 ret = crypto_shash_finup(desc, table, table_len, pks->digest);
182 if (ret < 0)
183 goto error;
184
185 crypto_free_shash(tfm);
186 return pks;
187
188 error:
189 kfree(pks);
190 crypto_free_shash(tfm);
191 return ERR_PTR(ret);
192 }
193
read_block_dev(struct bio_read * payload,struct block_device * bdev,sector_t offset,int length)194 static int read_block_dev(struct bio_read *payload, struct block_device *bdev,
195 sector_t offset, int length)
196 {
197 struct bio *bio;
198 int err = 0, i;
199
200 payload->number_of_pages = DIV_ROUND_UP(length, PAGE_SIZE);
201
202 bio = bio_alloc(GFP_KERNEL, payload->number_of_pages);
203 if (!bio) {
204 DMERR("Error while allocating bio");
205 return -ENOMEM;
206 }
207
208 bio->bi_bdev = bdev;
209 bio->bi_iter.bi_sector = offset;
210
211 payload->page_io = kzalloc(sizeof(struct page *) *
212 payload->number_of_pages, GFP_KERNEL);
213 if (!payload->page_io) {
214 DMERR("page_io array alloc failed");
215 err = -ENOMEM;
216 goto free_bio;
217 }
218
219 for (i = 0; i < payload->number_of_pages; i++) {
220 payload->page_io[i] = alloc_page(GFP_KERNEL);
221 if (!payload->page_io[i]) {
222 DMERR("alloc_page failed");
223 err = -ENOMEM;
224 goto free_pages;
225 }
226 if (!bio_add_page(bio, payload->page_io[i], PAGE_SIZE, 0)) {
227 DMERR("bio_add_page error");
228 err = -EIO;
229 goto free_pages;
230 }
231 }
232
233 if (!submit_bio_wait(READ, bio))
234 /* success */
235 goto free_bio;
236 DMERR("bio read failed");
237 err = -EIO;
238
239 free_pages:
240 for (i = 0; i < payload->number_of_pages; i++)
241 if (payload->page_io[i])
242 __free_page(payload->page_io[i]);
243 kfree(payload->page_io);
244 free_bio:
245 bio_put(bio);
246 return err;
247 }
248
fec_div_round_up(u64 x,u64 y)249 static inline u64 fec_div_round_up(u64 x, u64 y)
250 {
251 u64 remainder;
252
253 return div64_u64_rem(x, y, &remainder) +
254 (remainder > 0 ? 1 : 0);
255 }
256
populate_fec_metadata(struct fec_header * header,struct fec_ecc_metadata * ecc)257 static inline void populate_fec_metadata(struct fec_header *header,
258 struct fec_ecc_metadata *ecc)
259 {
260 ecc->blocks = fec_div_round_up(le64_to_cpu(header->inp_size),
261 FEC_BLOCK_SIZE);
262 ecc->roots = le32_to_cpu(header->roots);
263 ecc->start = le64_to_cpu(header->inp_size);
264 }
265
validate_fec_header(struct fec_header * header,u64 offset)266 static inline int validate_fec_header(struct fec_header *header, u64 offset)
267 {
268 /* move offset to make the sanity check work for backup header
269 * as well. */
270 offset -= offset % FEC_BLOCK_SIZE;
271 if (le32_to_cpu(header->magic) != FEC_MAGIC ||
272 le32_to_cpu(header->version) != FEC_VERSION ||
273 le32_to_cpu(header->size) != sizeof(struct fec_header) ||
274 le32_to_cpu(header->roots) == 0 ||
275 le32_to_cpu(header->roots) >= FEC_RSM)
276 return -EINVAL;
277
278 return 0;
279 }
280
extract_fec_header(dev_t dev,struct fec_header * fec,struct fec_ecc_metadata * ecc)281 static int extract_fec_header(dev_t dev, struct fec_header *fec,
282 struct fec_ecc_metadata *ecc)
283 {
284 u64 device_size;
285 struct bio_read payload;
286 int i, err = 0;
287 struct block_device *bdev;
288
289 bdev = blkdev_get_by_dev(dev, FMODE_READ, NULL);
290
291 if (IS_ERR_OR_NULL(bdev)) {
292 DMERR("bdev get error");
293 return PTR_ERR(bdev);
294 }
295
296 device_size = i_size_read(bdev->bd_inode);
297
298 /* fec metadata size is a power of 2 and PAGE_SIZE
299 * is a power of 2 as well.
300 */
301 BUG_ON(FEC_BLOCK_SIZE > PAGE_SIZE);
302 /* 512 byte sector alignment */
303 BUG_ON(((device_size - FEC_BLOCK_SIZE) % (1 << SECTOR_SHIFT)) != 0);
304
305 err = read_block_dev(&payload, bdev, (device_size -
306 FEC_BLOCK_SIZE) / (1 << SECTOR_SHIFT), FEC_BLOCK_SIZE);
307 if (err) {
308 DMERR("Error while reading verity metadata");
309 goto error;
310 }
311
312 BUG_ON(sizeof(struct fec_header) > PAGE_SIZE);
313 memcpy(fec, page_address(payload.page_io[0]),
314 sizeof(*fec));
315
316 ecc->valid = true;
317 if (validate_fec_header(fec, device_size - FEC_BLOCK_SIZE)) {
318 /* Try the backup header */
319 memcpy(fec, page_address(payload.page_io[0]) + FEC_BLOCK_SIZE
320 - sizeof(*fec) ,
321 sizeof(*fec));
322 if (validate_fec_header(fec, device_size -
323 sizeof(struct fec_header)))
324 ecc->valid = false;
325 }
326
327 if (ecc->valid)
328 populate_fec_metadata(fec, ecc);
329
330 for (i = 0; i < payload.number_of_pages; i++)
331 __free_page(payload.page_io[i]);
332 kfree(payload.page_io);
333
334 error:
335 blkdev_put(bdev, FMODE_READ);
336 return err;
337 }
find_metadata_offset(struct fec_header * fec,struct block_device * bdev,u64 * metadata_offset)338 static void find_metadata_offset(struct fec_header *fec,
339 struct block_device *bdev, u64 *metadata_offset)
340 {
341 u64 device_size;
342
343 device_size = i_size_read(bdev->bd_inode);
344
345 if (le32_to_cpu(fec->magic) == FEC_MAGIC)
346 *metadata_offset = le64_to_cpu(fec->inp_size) -
347 VERITY_METADATA_SIZE;
348 else
349 *metadata_offset = device_size - VERITY_METADATA_SIZE;
350 }
351
find_size(dev_t dev,u64 * device_size)352 static int find_size(dev_t dev, u64 *device_size)
353 {
354 struct block_device *bdev;
355
356 bdev = blkdev_get_by_dev(dev, FMODE_READ, NULL);
357 if (IS_ERR_OR_NULL(bdev)) {
358 DMERR("blkdev_get_by_dev failed");
359 return PTR_ERR(bdev);
360 }
361
362 *device_size = i_size_read(bdev->bd_inode);
363 *device_size >>= SECTOR_SHIFT;
364
365 DMINFO("blkdev size in sectors: %llu", *device_size);
366 blkdev_put(bdev, FMODE_READ);
367 return 0;
368 }
369
verify_header(struct android_metadata_header * header)370 static int verify_header(struct android_metadata_header *header)
371 {
372 int retval = -EINVAL;
373
374 if (is_userdebug() && le32_to_cpu(header->magic_number) ==
375 VERITY_METADATA_MAGIC_DISABLE)
376 return VERITY_STATE_DISABLE;
377
378 if (!(le32_to_cpu(header->magic_number) ==
379 VERITY_METADATA_MAGIC_NUMBER) ||
380 (le32_to_cpu(header->magic_number) ==
381 VERITY_METADATA_MAGIC_DISABLE)) {
382 DMERR("Incorrect magic number");
383 return retval;
384 }
385
386 if (le32_to_cpu(header->protocol_version) !=
387 VERITY_METADATA_VERSION) {
388 DMERR("Unsupported version %u",
389 le32_to_cpu(header->protocol_version));
390 return retval;
391 }
392
393 return 0;
394 }
395
extract_metadata(dev_t dev,struct fec_header * fec,struct android_metadata ** metadata,bool * verity_enabled)396 static int extract_metadata(dev_t dev, struct fec_header *fec,
397 struct android_metadata **metadata,
398 bool *verity_enabled)
399 {
400 struct block_device *bdev;
401 struct android_metadata_header *header;
402 int i;
403 u32 table_length, copy_length, offset;
404 u64 metadata_offset;
405 struct bio_read payload;
406 int err = 0;
407
408 bdev = blkdev_get_by_dev(dev, FMODE_READ, NULL);
409
410 if (IS_ERR_OR_NULL(bdev)) {
411 DMERR("blkdev_get_by_dev failed");
412 return -ENODEV;
413 }
414
415 find_metadata_offset(fec, bdev, &metadata_offset);
416
417 /* Verity metadata size is a power of 2 and PAGE_SIZE
418 * is a power of 2 as well.
419 * PAGE_SIZE is also a multiple of 512 bytes.
420 */
421 if (VERITY_METADATA_SIZE > PAGE_SIZE)
422 BUG_ON(VERITY_METADATA_SIZE % PAGE_SIZE != 0);
423 /* 512 byte sector alignment */
424 BUG_ON(metadata_offset % (1 << SECTOR_SHIFT) != 0);
425
426 err = read_block_dev(&payload, bdev, metadata_offset /
427 (1 << SECTOR_SHIFT), VERITY_METADATA_SIZE);
428 if (err) {
429 DMERR("Error while reading verity metadata");
430 goto blkdev_release;
431 }
432
433 header = kzalloc(sizeof(*header), GFP_KERNEL);
434 if (!header) {
435 DMERR("kzalloc failed for header");
436 err = -ENOMEM;
437 goto free_payload;
438 }
439
440 memcpy(header, page_address(payload.page_io[0]),
441 sizeof(*header));
442
443 DMINFO("bio magic_number:%u protocol_version:%d table_length:%u",
444 le32_to_cpu(header->magic_number),
445 le32_to_cpu(header->protocol_version),
446 le32_to_cpu(header->table_length));
447
448 err = verify_header(header);
449
450 if (err == VERITY_STATE_DISABLE) {
451 DMERR("Mounting root with verity disabled");
452 *verity_enabled = false;
453 /* we would still have to read the metadata to figure out
454 * the data blocks size. Or may be could map the entire
455 * partition similar to mounting the device.
456 *
457 * Reset error as well as the verity_enabled flag is changed.
458 */
459 err = 0;
460 } else if (err)
461 goto free_header;
462
463 *metadata = kzalloc(sizeof(**metadata), GFP_KERNEL);
464 if (!*metadata) {
465 DMERR("kzalloc for metadata failed");
466 err = -ENOMEM;
467 goto free_header;
468 }
469
470 (*metadata)->header = header;
471 table_length = le32_to_cpu(header->table_length);
472
473 if (table_length == 0 ||
474 table_length > (VERITY_METADATA_SIZE -
475 sizeof(struct android_metadata_header))) {
476 DMERR("table_length too long");
477 err = -EINVAL;
478 goto free_metadata;
479 }
480
481 (*metadata)->verity_table = kzalloc(table_length + 1, GFP_KERNEL);
482
483 if (!(*metadata)->verity_table) {
484 DMERR("kzalloc verity_table failed");
485 err = -ENOMEM;
486 goto free_metadata;
487 }
488
489 if (sizeof(struct android_metadata_header) +
490 table_length <= PAGE_SIZE) {
491 memcpy((*metadata)->verity_table,
492 page_address(payload.page_io[0])
493 + sizeof(struct android_metadata_header),
494 table_length);
495 } else {
496 copy_length = PAGE_SIZE -
497 sizeof(struct android_metadata_header);
498 memcpy((*metadata)->verity_table,
499 page_address(payload.page_io[0])
500 + sizeof(struct android_metadata_header),
501 copy_length);
502 table_length -= copy_length;
503 offset = copy_length;
504 i = 1;
505 while (table_length != 0) {
506 if (table_length > PAGE_SIZE) {
507 memcpy((*metadata)->verity_table + offset,
508 page_address(payload.page_io[i]),
509 PAGE_SIZE);
510 offset += PAGE_SIZE;
511 table_length -= PAGE_SIZE;
512 } else {
513 memcpy((*metadata)->verity_table + offset,
514 page_address(payload.page_io[i]),
515 table_length);
516 table_length = 0;
517 }
518 i++;
519 }
520 }
521 (*metadata)->verity_table[table_length] = '\0';
522
523 DMINFO("verity_table: %s", (*metadata)->verity_table);
524 goto free_payload;
525
526 free_metadata:
527 kfree(*metadata);
528 free_header:
529 kfree(header);
530 free_payload:
531 for (i = 0; i < payload.number_of_pages; i++)
532 if (payload.page_io[i])
533 __free_page(payload.page_io[i]);
534 kfree(payload.page_io);
535 blkdev_release:
536 blkdev_put(bdev, FMODE_READ);
537 return err;
538 }
539
540 /* helper functions to extract properties from dts */
find_dt_value(const char * name)541 const char *find_dt_value(const char *name)
542 {
543 struct device_node *firmware;
544 const char *value;
545
546 firmware = of_find_node_by_path("/firmware/android");
547 if (!firmware)
548 return NULL;
549 value = of_get_property(firmware, name, NULL);
550 of_node_put(firmware);
551
552 return value;
553 }
554
verity_mode(void)555 static int verity_mode(void)
556 {
557 static const char enforcing[] = "enforcing";
558 static const char verified_mode_prop[] = "veritymode";
559 const char *value;
560
561 value = find_dt_value(verified_mode_prop);
562 if (!value)
563 value = veritymode;
564 if (!strncmp(value, enforcing, sizeof(enforcing) - 1))
565 return DM_VERITY_MODE_RESTART;
566
567 return DM_VERITY_MODE_EIO;
568 }
569
verify_verity_signature(char * key_id,struct android_metadata * metadata)570 static int verify_verity_signature(char *key_id,
571 struct android_metadata *metadata)
572 {
573 key_ref_t key_ref;
574 struct key *key;
575 struct public_key_signature *pks = NULL;
576 int retval = -EINVAL;
577
578 key_ref = keyring_search(make_key_ref(system_trusted_keyring, 1),
579 &key_type_asymmetric, key_id);
580
581 if (IS_ERR(key_ref)) {
582 DMERR("keyring: key not found");
583 return -ENOKEY;
584 }
585
586 key = key_ref_to_ptr(key_ref);
587
588 pks = table_make_digest(HASH_ALGO_SHA256,
589 (const void *)metadata->verity_table,
590 le32_to_cpu(metadata->header->table_length));
591
592 if (IS_ERR(pks)) {
593 DMERR("hashing failed");
594 retval = PTR_ERR(pks);
595 pks = NULL;
596 goto error;
597 }
598
599 retval = table_extract_mpi_array(pks, &metadata->header->signature[0],
600 RSANUMBYTES);
601 if (retval < 0) {
602 DMERR("Error extracting mpi %d", retval);
603 goto error;
604 }
605
606 retval = verify_signature(key, pks);
607 mpi_free(pks->rsa.s);
608 error:
609 kfree(pks);
610 key_put(key);
611
612 return retval;
613 }
614
handle_error(void)615 static void handle_error(void)
616 {
617 int mode = verity_mode();
618 if (mode == DM_VERITY_MODE_RESTART) {
619 DMERR("triggering restart");
620 kernel_restart("dm-verity device corrupted");
621 } else {
622 DMERR("Mounting verity root failed");
623 }
624 }
625
test_mult_overflow(sector_t a,u32 b)626 static inline bool test_mult_overflow(sector_t a, u32 b)
627 {
628 sector_t r = (sector_t)~0ULL;
629
630 sector_div(r, b);
631 return a > r;
632 }
633
add_as_linear_device(struct dm_target * ti,char * dev)634 static int add_as_linear_device(struct dm_target *ti, char *dev)
635 {
636 /*Move to linear mapping defines*/
637 char *linear_table_args[DM_LINEAR_ARGS] = {dev,
638 DM_LINEAR_TARGET_OFFSET};
639 int err = 0;
640
641 android_verity_target.dtr = dm_linear_dtr,
642 android_verity_target.map = dm_linear_map,
643 android_verity_target.status = dm_linear_status,
644 android_verity_target.prepare_ioctl = dm_linear_prepare_ioctl,
645 android_verity_target.iterate_devices = dm_linear_iterate_devices,
646 android_verity_target.io_hints = NULL;
647
648 set_disk_ro(dm_disk(dm_table_get_md(ti->table)), 0);
649
650 err = dm_linear_ctr(ti, DM_LINEAR_ARGS, linear_table_args);
651
652 if (!err) {
653 DMINFO("Added android-verity as a linear target");
654 target_added = true;
655 } else
656 DMERR("Failed to add android-verity as linear target");
657
658 return err;
659 }
660
create_linear_device(struct dm_target * ti,dev_t dev,char * target_device)661 static int create_linear_device(struct dm_target *ti, dev_t dev,
662 char *target_device)
663 {
664 u64 device_size = 0;
665 int err = find_size(dev, &device_size);
666
667 if (err) {
668 DMERR("error finding bdev size");
669 handle_error();
670 return err;
671 }
672
673 ti->len = device_size;
674 err = add_as_linear_device(ti, target_device);
675 if (err) {
676 handle_error();
677 return err;
678 }
679 verity_enabled = false;
680 return 0;
681 }
682
683 /*
684 * Target parameters:
685 * <key id> Key id of the public key in the system keyring.
686 * Verity metadata's signature would be verified against
687 * this. If the key id contains spaces, replace them
688 * with '#'.
689 * <block device> The block device for which dm-verity is being setup.
690 */
android_verity_ctr(struct dm_target * ti,unsigned argc,char ** argv)691 static int android_verity_ctr(struct dm_target *ti, unsigned argc, char **argv)
692 {
693 dev_t uninitialized_var(dev);
694 struct android_metadata *metadata = NULL;
695 int err = 0, i, mode;
696 char *key_id, *table_ptr, dummy, *target_device,
697 *verity_table_args[VERITY_TABLE_ARGS + 2 + VERITY_TABLE_OPT_FEC_ARGS];
698 /* One for specifying number of opt args and one for mode */
699 sector_t data_sectors;
700 u32 data_block_size;
701 unsigned int no_of_args = VERITY_TABLE_ARGS + 2 + VERITY_TABLE_OPT_FEC_ARGS;
702 struct fec_header uninitialized_var(fec);
703 struct fec_ecc_metadata uninitialized_var(ecc);
704 char buf[FEC_ARG_LENGTH], *buf_ptr;
705 unsigned long long tmpll;
706
707 if (argc == 1) {
708 /* Use the default keyid */
709 if (default_verity_key_id())
710 key_id = veritykeyid;
711 else if (!is_eng()) {
712 DMERR("veritykeyid= is not set");
713 handle_error();
714 return -EINVAL;
715 }
716 } else if (argc == 2)
717 key_id = argv[1];
718 else {
719 DMERR("Incorrect number of arguments");
720 handle_error();
721 return -EINVAL;
722 }
723
724 target_device = argv[0];
725
726 dev = name_to_dev_t(target_device);
727 if (!dev) {
728 DMERR("no dev found for %s", target_device);
729 handle_error();
730 return -EINVAL;
731 }
732
733 if (is_eng())
734 return create_linear_device(ti, dev, target_device);
735
736 strreplace(key_id, '#', ' ');
737
738 DMINFO("key:%s dev:%s", key_id, target_device);
739
740 if (extract_fec_header(dev, &fec, &ecc)) {
741 DMERR("Error while extracting fec header");
742 handle_error();
743 return -EINVAL;
744 }
745
746 err = extract_metadata(dev, &fec, &metadata, &verity_enabled);
747
748 if (err) {
749 /* Allow invalid metadata when the device is unlocked */
750 if (is_unlocked()) {
751 DMWARN("Allow invalid metadata when unlocked");
752 return create_linear_device(ti, dev, target_device);
753 }
754 DMERR("Error while extracting metadata");
755 handle_error();
756 goto free_metadata;
757 }
758
759 if (verity_enabled) {
760 err = verify_verity_signature(key_id, metadata);
761
762 if (err) {
763 DMERR("Signature verification failed");
764 handle_error();
765 goto free_metadata;
766 } else
767 DMINFO("Signature verification success");
768 }
769
770 table_ptr = metadata->verity_table;
771
772 for (i = 0; i < VERITY_TABLE_ARGS; i++) {
773 verity_table_args[i] = strsep(&table_ptr, " ");
774 if (verity_table_args[i] == NULL)
775 break;
776 }
777
778 if (i != VERITY_TABLE_ARGS) {
779 DMERR("Verity table not in the expected format");
780 err = -EINVAL;
781 handle_error();
782 goto free_metadata;
783 }
784
785 if (sscanf(verity_table_args[5], "%llu%c", &tmpll, &dummy)
786 != 1) {
787 DMERR("Verity table not in the expected format");
788 handle_error();
789 err = -EINVAL;
790 goto free_metadata;
791 }
792
793 if (tmpll > ULONG_MAX) {
794 DMERR("<num_data_blocks> too large. Forgot to turn on CONFIG_LBDAF?");
795 handle_error();
796 err = -EINVAL;
797 goto free_metadata;
798 }
799
800 data_sectors = tmpll;
801
802 if (sscanf(verity_table_args[3], "%u%c", &data_block_size, &dummy)
803 != 1) {
804 DMERR("Verity table not in the expected format");
805 handle_error();
806 err = -EINVAL;
807 goto free_metadata;
808 }
809
810 if (test_mult_overflow(data_sectors, data_block_size >>
811 SECTOR_SHIFT)) {
812 DMERR("data_sectors too large");
813 handle_error();
814 err = -EOVERFLOW;
815 goto free_metadata;
816 }
817
818 data_sectors *= data_block_size >> SECTOR_SHIFT;
819 DMINFO("Data sectors %llu", (unsigned long long)data_sectors);
820
821 /* update target length */
822 ti->len = data_sectors;
823
824 /* Setup linear target and free */
825 if (!verity_enabled) {
826 err = add_as_linear_device(ti, target_device);
827 goto free_metadata;
828 }
829
830 /*substitute data_dev and hash_dev*/
831 verity_table_args[1] = target_device;
832 verity_table_args[2] = target_device;
833
834 mode = verity_mode();
835
836 if (ecc.valid && IS_BUILTIN(CONFIG_DM_VERITY_FEC)) {
837 if (mode) {
838 err = snprintf(buf, FEC_ARG_LENGTH,
839 "%u %s " VERITY_TABLE_OPT_FEC_FORMAT,
840 1 + VERITY_TABLE_OPT_FEC_ARGS,
841 mode == DM_VERITY_MODE_RESTART ?
842 VERITY_TABLE_OPT_RESTART :
843 VERITY_TABLE_OPT_LOGGING,
844 target_device,
845 ecc.start / FEC_BLOCK_SIZE, ecc.blocks,
846 ecc.roots);
847 } else {
848 err = snprintf(buf, FEC_ARG_LENGTH,
849 "%u " VERITY_TABLE_OPT_FEC_FORMAT,
850 VERITY_TABLE_OPT_FEC_ARGS, target_device,
851 ecc.start / FEC_BLOCK_SIZE, ecc.blocks,
852 ecc.roots);
853 }
854 } else if (mode) {
855 err = snprintf(buf, FEC_ARG_LENGTH,
856 "2 " VERITY_TABLE_OPT_IGNZERO " %s",
857 mode == DM_VERITY_MODE_RESTART ?
858 VERITY_TABLE_OPT_RESTART : VERITY_TABLE_OPT_LOGGING);
859 } else {
860 err = snprintf(buf, FEC_ARG_LENGTH, "1 %s",
861 "ignore_zero_blocks");
862 }
863
864 if (err < 0 || err >= FEC_ARG_LENGTH)
865 goto free_metadata;
866
867 buf_ptr = buf;
868
869 for (i = VERITY_TABLE_ARGS; i < (VERITY_TABLE_ARGS +
870 VERITY_TABLE_OPT_FEC_ARGS + 2); i++) {
871 verity_table_args[i] = strsep(&buf_ptr, " ");
872 if (verity_table_args[i] == NULL) {
873 no_of_args = i;
874 break;
875 }
876 }
877
878 err = verity_ctr(ti, no_of_args, verity_table_args);
879
880 if (err)
881 DMERR("android-verity failed to mount as verity target");
882 else {
883 target_added = true;
884 DMINFO("android-verity mounted as verity target");
885 }
886
887 free_metadata:
888 if (metadata) {
889 kfree(metadata->header);
890 kfree(metadata->verity_table);
891 }
892 kfree(metadata);
893 return err;
894 }
895
dm_android_verity_init(void)896 static int __init dm_android_verity_init(void)
897 {
898 int r;
899 struct dentry *file;
900
901 r = dm_register_target(&android_verity_target);
902 if (r < 0)
903 DMERR("register failed %d", r);
904
905 /* Tracks the status of the last added target */
906 debug_dir = debugfs_create_dir("android_verity", NULL);
907
908 if (IS_ERR_OR_NULL(debug_dir)) {
909 DMERR("Cannot create android_verity debugfs directory: %ld",
910 PTR_ERR(debug_dir));
911 goto end;
912 }
913
914 file = debugfs_create_bool("target_added", S_IRUGO, debug_dir,
915 &target_added);
916
917 if (IS_ERR_OR_NULL(file)) {
918 DMERR("Cannot create android_verity debugfs directory: %ld",
919 PTR_ERR(debug_dir));
920 debugfs_remove_recursive(debug_dir);
921 goto end;
922 }
923
924 file = debugfs_create_bool("verity_enabled", S_IRUGO, debug_dir,
925 &verity_enabled);
926
927 if (IS_ERR_OR_NULL(file)) {
928 DMERR("Cannot create android_verity debugfs directory: %ld",
929 PTR_ERR(debug_dir));
930 debugfs_remove_recursive(debug_dir);
931 }
932
933 end:
934 return r;
935 }
936
dm_android_verity_exit(void)937 static void __exit dm_android_verity_exit(void)
938 {
939 if (!IS_ERR_OR_NULL(debug_dir))
940 debugfs_remove_recursive(debug_dir);
941
942 dm_unregister_target(&android_verity_target);
943 }
944
945 module_init(dm_android_verity_init);
946 module_exit(dm_android_verity_exit);
947