iPXE
Data Structures | Functions | Variables
image_trust_cmd.c File Reference

Image trust management commands. More...

#include <stdint.h>
#include <stdio.h>
#include <getopt.h>
#include <ipxe/image.h>
#include <ipxe/command.h>
#include <ipxe/parseopt.h>
#include <usr/imgmgmt.h>
#include <usr/imgtrust.h>

Go to the source code of this file.

Data Structures

struct  imgtrust_options
 "imgtrust" options More...
 
struct  imgverify_options
 "imgverify" options More...
 

Functions

 FILE_LICENCE (GPL2_OR_LATER_OR_UBDL)
 
static int imgtrust_exec (int argc, char **argv)
 The "imgtrust" command. More...
 
static int imgverify_exec (int argc, char **argv)
 The "imgverify" command. More...
 

Variables

static struct option_descriptor imgtrust_opts []
 "imgtrust" option list More...
 
static struct command_descriptor imgtrust_cmd
 "imgtrust" command descriptor More...
 
static struct option_descriptor imgverify_opts []
 "imgverify" option list More...
 
static struct command_descriptor imgverify_cmd
 "imgverify" command descriptor More...
 
struct command image_trust_commands [] __command
 Image trust management commands. More...
 

Detailed Description

Image trust management commands.

Definition in file image_trust_cmd.c.

Function Documentation

◆ FILE_LICENCE()

FILE_LICENCE ( GPL2_OR_LATER_OR_UBDL  )

◆ imgtrust_exec()

static int imgtrust_exec ( int  argc,
char **  argv 
)
static

The "imgtrust" command.

Parameters
argcArgument count
argvArgument list
Return values
rcReturn status code

Definition at line 68 of file image_trust_cmd.c.

68  {
69  struct imgtrust_options opts;
70  int rc;
71 
72  /* Parse options */
73  if ( ( rc = parse_options ( argc, argv, &imgtrust_cmd, &opts ) ) != 0 )
74  return rc;
75 
76  /* Set trust requirement */
77  if ( ( rc = image_set_trust ( ( ! opts.allow ),
78  opts.permanent ) ) != 0 ) {
79  printf ( "Could not set image trust requirement: %s\n",
80  strerror ( rc ) );
81  return rc;
82  }
83 
84  return 0;
85 }
int image_set_trust(int require_trusted, int permanent)
Change image trust requirement.
Definition: image.c:468
struct arbelprm_rc_send_wqe rc
Definition: arbel.h:14
int printf(const char *fmt,...)
Write a formatted string to the console.
Definition: vsprintf.c:464
"imgtrust" options
int parse_options(int argc, char **argv, struct command_descriptor *cmd, void *opts)
Parse command-line options.
Definition: parseopt.c:447
static union @423 opts
"cert<xxx>" option list
char * strerror(int errno)
Retrieve string representation of error number.
Definition: strerror.c:78
static struct command_descriptor imgtrust_cmd
"imgtrust" command descriptor

References image_set_trust(), imgtrust_cmd, opts, parse_options(), printf(), rc, and strerror().

◆ imgverify_exec()

static int imgverify_exec ( int  argc,
char **  argv 
)
static

The "imgverify" command.

Parameters
argcArgument count
argvArgument list
Return values
rcReturn status code

Definition at line 119 of file image_trust_cmd.c.

119  {
120  struct imgverify_options opts;
121  const char *image_name_uri;
122  const char *signature_name_uri;
123  struct image *image;
124  struct image *signature;
125  int rc;
126 
127  /* Parse options */
128  if ( ( rc = parse_options ( argc, argv, &imgverify_cmd, &opts ) ) != 0 )
129  return rc;
130 
131  /* Parse image name/URI string */
132  image_name_uri = argv[optind];
133 
134  /* Parse signature name/URI string */
135  signature_name_uri = argv[ optind + 1 ];
136 
137  /* Acquire the image */
138  if ( ( rc = imgacquire ( image_name_uri, opts.timeout, &image ) ) != 0 )
139  goto err_acquire_image;
140 
141  /* Acquire the signature image */
142  if ( ( rc = imgacquire ( signature_name_uri, opts.timeout,
143  &signature ) ) != 0 )
144  goto err_acquire_signature;
145 
146  /* Verify image */
147  if ( ( rc = imgverify ( image, signature, opts.signer ) ) != 0 ) {
148  printf ( "Could not verify: %s\n", strerror ( rc ) );
149  goto err_verify;
150  }
151 
152  /* Success */
153  rc = 0;
154 
155  err_verify:
156  /* Discard signature unless --keep was specified */
157  if ( ! opts.keep )
159  err_acquire_signature:
160  err_acquire_image:
161  return rc;
162 }
struct arbelprm_rc_send_wqe rc
Definition: arbel.h:14
int imgverify(struct image *image, struct image *signature, const char *name)
Verify image using downloaded signature.
Definition: imgtrust.c:51
int printf(const char *fmt,...)
Write a formatted string to the console.
Definition: vsprintf.c:464
int optind
Current option index.
Definition: getopt.c:51
int parse_options(int argc, char **argv, struct command_descriptor *cmd, void *opts)
Parse command-line options.
Definition: parseopt.c:447
An executable image.
Definition: image.h:24
"imgverify" options
u8 signature
Definition: CIB_PRM.h:35
static union @423 opts
"cert<xxx>" option list
char * strerror(int errno)
Retrieve string representation of error number.
Definition: strerror.c:78
void unregister_image(struct image *image)
Unregister executable image.
Definition: image.c:252
int imgacquire(const char *name_uri, unsigned long timeout, struct image **image)
Acquire an image.
Definition: imgmgmt.c:141
static struct command_descriptor imgverify_cmd
"imgverify" command descriptor

References imgacquire(), imgverify(), imgverify_cmd, optind, opts, parse_options(), printf(), rc, signature, strerror(), and unregister_image().

Variable Documentation

◆ imgtrust_opts

struct option_descriptor imgtrust_opts[]
static
Initial value:
= {
OPTION_DESC ( "allow", 'a', no_argument,
struct imgtrust_options, allow, parse_flag ),
OPTION_DESC ( "permanent", 'p', no_argument,
struct imgtrust_options, permanent, parse_flag ),
}
"imgtrust" options
int parse_flag(char *text __unused, int *flag)
Parse flag.
Definition: parseopt.c:200
Option does not take an argument.
Definition: getopt.h:16
#define OPTION_DESC(_longopt, _shortopt, _has_arg, _struct, _field, _parse)
Construct option descriptor.
Definition: parseopt.h:66

"imgtrust" option list

Definition at line 50 of file image_trust_cmd.c.

◆ imgtrust_cmd

struct command_descriptor imgtrust_cmd
static
Initial value:
=
static struct option_descriptor imgtrust_opts[]
"imgtrust" option list
"imgtrust" options
#define COMMAND_DESC(_struct, _options, _min_args, _max_args, _usage)
Construct command descriptor.
Definition: parseopt.h:107
#define NULL
NULL pointer (VOID *)
Definition: Base.h:362

"imgtrust" command descriptor

Definition at line 58 of file image_trust_cmd.c.

Referenced by imgtrust_exec().

◆ imgverify_opts

struct option_descriptor imgverify_opts[]
static
Initial value:
= {
OPTION_DESC ( "signer", 's', required_argument,
struct imgverify_options, signer, parse_string ),
OPTION_DESC ( "keep", 'k', no_argument,
struct imgverify_options, keep, parse_flag ),
OPTION_DESC ( "timeout", 't', required_argument,
}
int parse_timeout(char *text, unsigned long *value)
Parse timeout value (in ms)
Definition: parseopt.c:111
"imgverify" options
int parse_string(char *text, char **value)
Parse string value.
Definition: parseopt.c:70
int parse_flag(char *text __unused, int *flag)
Parse flag.
Definition: parseopt.c:200
Option does not take an argument.
Definition: getopt.h:16
#define OPTION_DESC(_longopt, _shortopt, _has_arg, _struct, _field, _parse)
Construct option descriptor.
Definition: parseopt.h:66
Option requires an argument.
Definition: getopt.h:18
void timeout(int)

"imgverify" option list

Definition at line 98 of file image_trust_cmd.c.

◆ imgverify_cmd

struct command_descriptor imgverify_cmd
static
Initial value:
=
"<uri|image> <signature uri|image>" )
"imgverify" options
static struct option_descriptor imgverify_opts[]
"imgverify" option list
#define COMMAND_DESC(_struct, _options, _min_args, _max_args, _usage)
Construct command descriptor.
Definition: parseopt.h:107

"imgverify" command descriptor

Definition at line 108 of file image_trust_cmd.c.

Referenced by imgverify_exec().

◆ __command

struct command image_trust_commands [] __command
Initial value:
= {
{
.name = "imgtrust",
.exec = imgtrust_exec,
},
{
.name = "imgverify",
.exec = imgverify_exec,
},
}
static int imgverify_exec(int argc, char **argv)
The "imgverify" command.
static int imgtrust_exec(int argc, char **argv)
The "imgtrust" command.

Image trust management commands.

Definition at line 165 of file image_trust_cmd.c.