iPXE
Data Structures | Functions | Variables
image_trust_cmd.c File Reference

Image trust management commands. More...

#include <stdint.h>
#include <stdio.h>
#include <getopt.h>
#include <ipxe/image.h>
#include <ipxe/command.h>
#include <ipxe/parseopt.h>
#include <usr/imgmgmt.h>
#include <usr/imgtrust.h>

Go to the source code of this file.

Data Structures

struct  imgtrust_options
 "imgtrust" options More...
struct  imgverify_options
 "imgverify" options More...

Functions

 FILE_LICENCE (GPL2_OR_LATER_OR_UBDL)
static int imgtrust_exec (int argc, char **argv)
 The "imgtrust" command.
static int imgverify_exec (int argc, char **argv)
 The "imgverify" command.

Variables

static struct option_descriptor imgtrust_opts []
 "imgtrust" option list
static struct command_descriptor imgtrust_cmd
 "imgtrust" command descriptor
static struct option_descriptor imgverify_opts []
 "imgverify" option list
static struct command_descriptor imgverify_cmd
 "imgverify" command descriptor
struct command
image_trust_commands[] 
__command
 Image trust management commands.

Detailed Description

Image trust management commands.

Definition in file image_trust_cmd.c.


Function Documentation

FILE_LICENCE ( GPL2_OR_LATER_OR_UBDL  )
static int imgtrust_exec ( int  argc,
char **  argv 
) [static]

The "imgtrust" command.

Parameters:
argcArgument count
argvArgument list
Return values:
rcReturn status code

Definition at line 68 of file image_trust_cmd.c.

References imgtrust_options::allow, image_set_trust(), parse_options(), imgtrust_options::permanent, printf(), rc, and strerror().

                                                   {
        struct imgtrust_options opts;
        int rc;

        /* Parse options */
        if ( ( rc = parse_options ( argc, argv, &imgtrust_cmd, &opts ) ) != 0 )
                return rc;

        /* Set trust requirement */
        if ( ( rc = image_set_trust ( ( ! opts.allow ),
                                      opts.permanent ) ) != 0 ) {
                printf ( "Could not set image trust requirement: %s\n",
                         strerror ( rc ) );
                return rc;
        }

        return 0;
}
static int imgverify_exec ( int  argc,
char **  argv 
) [static]

The "imgverify" command.

Parameters:
argcArgument count
argvArgument list
Return values:
rcReturn status code

Definition at line 119 of file image_trust_cmd.c.

References imgacquire(), imgverify(), imgverify_options::keep, optind, parse_options(), printf(), rc, signature, imgverify_options::signer, strerror(), imgverify_options::timeout, and unregister_image().

                                                    {
        struct imgverify_options opts;
        const char *image_name_uri;
        const char *signature_name_uri;
        struct image *image;
        struct image *signature;
        int rc;

        /* Parse options */
        if ( ( rc = parse_options ( argc, argv, &imgverify_cmd, &opts ) ) != 0 )
                return rc;

        /* Parse image name/URI string */
        image_name_uri = argv[optind];

        /* Parse signature name/URI string */
        signature_name_uri = argv[ optind + 1 ];

        /* Acquire the image */
        if ( ( rc = imgacquire ( image_name_uri, opts.timeout, &image ) ) != 0 )
                goto err_acquire_image;

        /* Acquire the signature image */
        if ( ( rc = imgacquire ( signature_name_uri, opts.timeout,
                                 &signature ) ) != 0 )
                goto err_acquire_signature;

        /* Verify image */
        if ( ( rc = imgverify ( image, signature, opts.signer ) ) != 0 ) {
                printf ( "Could not verify: %s\n", strerror ( rc ) );
                goto err_verify;
        }

        /* Success */
        rc = 0;

 err_verify:
        /* Discard signature unless --keep was specified */
        if ( ! opts.keep )
                unregister_image ( signature );
 err_acquire_signature:
 err_acquire_image:
        return rc;
}

Variable Documentation

struct option_descriptor imgtrust_opts[] [static]
Initial value:
 {
        OPTION_DESC ( "allow", 'a', no_argument,
                      struct imgtrust_options, allow, parse_flag ),
        OPTION_DESC ( "permanent", 'p', no_argument,
                      struct imgtrust_options, permanent, parse_flag ),
}

"imgtrust" option list

Definition at line 50 of file image_trust_cmd.c.

Initial value:

"imgtrust" command descriptor

Definition at line 58 of file image_trust_cmd.c.

struct option_descriptor imgverify_opts[] [static]
Initial value:
 {
        OPTION_DESC ( "signer", 's', required_argument,
                      struct imgverify_options, signer, parse_string ),
        OPTION_DESC ( "keep", 'k', no_argument,
                      struct imgverify_options, keep, parse_flag ),
        OPTION_DESC ( "timeout", 't', required_argument,
                      struct imgverify_options, timeout, parse_timeout),
}

"imgverify" option list

Definition at line 98 of file image_trust_cmd.c.

Initial value:
        COMMAND_DESC ( struct imgverify_options, imgverify_opts, 2, 2,
                       "<uri|image> <signature uri|image>" )

"imgverify" command descriptor

Definition at line 108 of file image_trust_cmd.c.

struct command image_trust_commands [] __command
Initial value:
 {
        {
                .name = "imgtrust",
                .exec = imgtrust_exec,
        },
        {
                .name = "imgverify",
                .exec = imgverify_exec,
        },
}

Image trust management commands.

Definition at line 165 of file image_trust_cmd.c.