iPXE
Data Structures | Functions | Variables
image_trust_cmd.c File Reference

Image trust management commands. More...

#include <stdint.h>
#include <stdio.h>
#include <string.h>
#include <getopt.h>
#include <ipxe/image.h>
#include <ipxe/command.h>
#include <ipxe/parseopt.h>
#include <usr/imgmgmt.h>
#include <usr/imgtrust.h>

Go to the source code of this file.

Data Structures

struct  imgtrust_options
 "imgtrust" options More...
 
struct  imgverify_options
 "imgverify" options More...
 

Functions

 FILE_LICENCE (GPL2_OR_LATER_OR_UBDL)
 
static int imgtrust_exec (int argc, char **argv)
 The "imgtrust" command. More...
 
static int imgverify_exec (int argc, char **argv)
 The "imgverify" command. More...
 
 COMMAND (imgtrust, imgtrust_exec)
 Image trust management commands. More...
 
 COMMAND (imgverify, imgverify_exec)
 

Variables

static struct option_descriptor imgtrust_opts []
 "imgtrust" option list More...
 
static struct command_descriptor imgtrust_cmd
 "imgtrust" command descriptor More...
 
static struct option_descriptor imgverify_opts []
 "imgverify" option list More...
 
static struct command_descriptor imgverify_cmd
 "imgverify" command descriptor More...
 

Detailed Description

Image trust management commands.

Definition in file image_trust_cmd.c.

Function Documentation

◆ FILE_LICENCE()

FILE_LICENCE ( GPL2_OR_LATER_OR_UBDL  )

◆ imgtrust_exec()

static int imgtrust_exec ( int  argc,
char **  argv 
)
static

The "imgtrust" command.

Parameters
argcArgument count
argvArgument list
Return values
rcReturn status code

Definition at line 69 of file image_trust_cmd.c.

69  {
70  struct imgtrust_options opts;
71  int rc;
72 
73  /* Parse options */
74  if ( ( rc = parse_options ( argc, argv, &imgtrust_cmd, &opts ) ) != 0 )
75  return rc;
76 
77  /* Set trust requirement */
78  if ( ( rc = image_set_trust ( ( ! opts.allow ),
79  opts.permanent ) ) != 0 ) {
80  printf ( "Could not set image trust requirement: %s\n",
81  strerror ( rc ) );
82  return rc;
83  }
84 
85  return 0;
86 }
image_set_trust
int image_set_trust(int require_trusted, int permanent)
Change image trust requirement.
Definition: image.c:583
rc
struct arbelprm_rc_send_wqe rc
Definition: arbel.h:14
printf
int printf(const char *fmt,...)
Write a formatted string to the console.
Definition: vsprintf.c:464
imgtrust_options
"imgtrust" options
Definition: image_trust_cmd.c:43
parse_options
int parse_options(int argc, char **argv, struct command_descriptor *cmd, void *opts)
Parse command-line options.
Definition: parseopt.c:484
strerror
char * strerror(int errno)
Retrieve string representation of error number.
Definition: strerror.c:78
imgtrust_cmd
static struct command_descriptor imgtrust_cmd
"imgtrust" command descriptor
Definition: image_trust_cmd.c:59
opts
static union @447 opts
"cert<xxx>" option list

References image_set_trust(), imgtrust_cmd, opts, parse_options(), printf(), rc, and strerror().

◆ imgverify_exec()

static int imgverify_exec ( int  argc,
char **  argv 
)
static

The "imgverify" command.

Parameters
argcArgument count
argvArgument list
Return values
rcReturn status code

Definition at line 120 of file image_trust_cmd.c.

120  {
121  struct imgverify_options opts;
122  const char *image_name_uri;
123  const char *signature_name_uri;
124  struct image *image;
125  struct image *signature;
126  int rc;
127 
128  /* Parse options */
129  if ( ( rc = parse_options ( argc, argv, &imgverify_cmd, &opts ) ) != 0 )
130  return rc;
131 
132  /* Parse image name/URI string */
133  image_name_uri = argv[optind];
134 
135  /* Parse signature name/URI string */
136  signature_name_uri = argv[ optind + 1 ];
137 
138  /* Acquire the image */
139  if ( ( rc = imgacquire ( image_name_uri, opts.timeout, &image ) ) != 0 )
140  goto err_acquire_image;
141 
142  /* Acquire the signature image */
143  if ( ( rc = imgacquire ( signature_name_uri, opts.timeout,
144  &signature ) ) != 0 )
145  goto err_acquire_signature;
146 
147  /* Verify image */
148  if ( ( rc = imgverify ( image, signature, opts.signer ) ) != 0 ) {
149  printf ( "Could not verify: %s\n", strerror ( rc ) );
150  goto err_verify;
151  }
152 
153  /* Success */
154  rc = 0;
155 
156  err_verify:
157  /* Discard signature unless --keep was specified */
158  if ( ! opts.keep )
159  unregister_image ( signature );
160  err_acquire_signature:
161  err_acquire_image:
162  return rc;
163 }
rc
struct arbelprm_rc_send_wqe rc
Definition: arbel.h:14
imgverify
int imgverify(struct image *image, struct image *signature, const char *name)
Verify image using downloaded signature.
Definition: imgtrust.c:51
printf
int printf(const char *fmt,...)
Write a formatted string to the console.
Definition: vsprintf.c:464
optind
int optind
Current option index.
Definition: getopt.c:51
parse_options
int parse_options(int argc, char **argv, struct command_descriptor *cmd, void *opts)
Parse command-line options.
Definition: parseopt.c:484
image
An executable image.
Definition: image.h:23
imgverify_options
"imgverify" options
Definition: image_trust_cmd.c:89
strerror
char * strerror(int errno)
Retrieve string representation of error number.
Definition: strerror.c:78
unregister_image
void unregister_image(struct image *image)
Unregister executable image.
Definition: image.c:357
opts
static union @447 opts
"cert<xxx>" option list
signature
u8 signature
CPU signature.
Definition: CIB_PRM.h:35
imgacquire
int imgacquire(const char *name_uri, unsigned long timeout, struct image **image)
Acquire an image.
Definition: imgmgmt.c:142
imgverify_cmd
static struct command_descriptor imgverify_cmd
"imgverify" command descriptor
Definition: image_trust_cmd.c:109

References imgacquire(), imgverify(), imgverify_cmd, optind, opts, parse_options(), printf(), rc, signature, strerror(), and unregister_image().

◆ COMMAND() [1/2]

COMMAND ( imgtrust  ,
imgtrust_exec   
)

Image trust management commands.

◆ COMMAND() [2/2]

COMMAND ( imgverify  ,
imgverify_exec   
)

Variable Documentation

◆ imgtrust_opts

struct option_descriptor imgtrust_opts[]
static
Initial value:
= {
OPTION_DESC ( "allow", 'a', no_argument,
struct imgtrust_options, allow, parse_flag ),
OPTION_DESC ( "permanent", 'p', no_argument,
struct imgtrust_options, permanent, parse_flag ),
}
imgtrust_options
"imgtrust" options
Definition: image_trust_cmd.c:43
parse_flag
int parse_flag(char *text __unused, int *flag)
Parse flag.
Definition: parseopt.c:226
no_argument
Option does not take an argument.
Definition: getopt.h:16
OPTION_DESC
#define OPTION_DESC(_longopt, _shortopt, _has_arg, _struct, _field, _parse)
Construct option descriptor.
Definition: parseopt.h:67

"imgtrust" option list

Definition at line 51 of file image_trust_cmd.c.

◆ imgtrust_cmd

struct command_descriptor imgtrust_cmd
static
Initial value:
=
COMMAND_DESC ( struct imgtrust_options, imgtrust_opts, 0, 0, NULL )
imgtrust_opts
static struct option_descriptor imgtrust_opts[]
"imgtrust" option list
Definition: image_trust_cmd.c:51
imgtrust_options
"imgtrust" options
Definition: image_trust_cmd.c:43
COMMAND_DESC
#define COMMAND_DESC(_struct, _options, _min_args, _max_args, _usage)
Construct command descriptor.
Definition: parseopt.h:108
NULL
#define NULL
NULL pointer (VOID *)
Definition: Base.h:321

"imgtrust" command descriptor

Definition at line 59 of file image_trust_cmd.c.

Referenced by imgtrust_exec().

◆ imgverify_opts

struct option_descriptor imgverify_opts[]
static
Initial value:
= {
OPTION_DESC ( "signer", 's', required_argument,
struct imgverify_options, signer, parse_string ),
OPTION_DESC ( "keep", 'k', no_argument,
struct imgverify_options, keep, parse_flag ),
OPTION_DESC ( "timeout", 't', required_argument,
struct imgverify_options, timeout, parse_timeout),
}
parse_timeout
int parse_timeout(char *text, unsigned long *value)
Parse timeout value (in ms)
Definition: parseopt.c:114
imgverify_options
"imgverify" options
Definition: image_trust_cmd.c:89
parse_string
int parse_string(char *text, char **value)
Parse string value.
Definition: parseopt.c:73
parse_flag
int parse_flag(char *text __unused, int *flag)
Parse flag.
Definition: parseopt.c:226
no_argument
Option does not take an argument.
Definition: getopt.h:16
OPTION_DESC
#define OPTION_DESC(_longopt, _shortopt, _has_arg, _struct, _field, _parse)
Construct option descriptor.
Definition: parseopt.h:67
required_argument
Option requires an argument.
Definition: getopt.h:18
timeout
void timeout(int)

"imgverify" option list

Definition at line 99 of file image_trust_cmd.c.

◆ imgverify_cmd

struct command_descriptor imgverify_cmd
static
Initial value:
=
COMMAND_DESC ( struct imgverify_options, imgverify_opts, 2, 2,
"<uri|image> <signature uri|image>" )
imgverify_options
"imgverify" options
Definition: image_trust_cmd.c:89
imgverify_opts
static struct option_descriptor imgverify_opts[]
"imgverify" option list
Definition: image_trust_cmd.c:99
COMMAND_DESC
#define COMMAND_DESC(_struct, _options, _min_args, _max_args, _usage)
Construct command descriptor.
Definition: parseopt.h:108

"imgverify" command descriptor

Definition at line 109 of file image_trust_cmd.c.

Referenced by imgverify_exec().

Generated by   doxygen 1.8.15