Image trust management commands. More...

#include <stdint.h>
#include <stdio.h>
#include <string.h>
#include <getopt.h>
#include <ipxe/image.h>
#include <ipxe/command.h>
#include <ipxe/parseopt.h>
#include <usr/imgmgmt.h>
#include <usr/imgtrust.h>

Data Structures
struct	imgtrust_options
	"imgtrust" options More...
struct	imgverify_options
	"imgverify" options More...

Functions
	FILE_LICENCE (GPL2_OR_LATER_OR_UBDL)
	FILE_SECBOOT (PERMITTED)
static int	imgtrust_exec (int argc, char **argv)
	The "imgtrust" command.
static int	imgverify_exec (int argc, char **argv)
	The "imgverify" command.
	COMMAND (imgtrust, imgtrust_exec)
	Image trust management commands.
	COMMAND (imgverify, imgverify_exec)

Variables
static struct option_descriptor	imgtrust_opts []
	"imgtrust" option list
static struct command_descriptor	imgtrust_cmd
	"imgtrust" command descriptor
static struct option_descriptor	imgverify_opts []
	"imgverify" option list
static struct command_descriptor	imgverify_cmd
	"imgverify" command descriptor

Detailed Description

Image trust management commands.

Definition in file image_trust_cmd.c.

Function Documentation

◆ FILE_LICENCE()

FILE_LICENCE ( GPL2_OR_LATER_OR_UBDL )

◆ FILE_SECBOOT()

FILE_SECBOOT ( PERMITTED )

◆ imgtrust_exec()

int imgtrust_exec	(	int	argc,
		char **	argv )

static

The "imgtrust" command.

Parameters

argc	Argument count
argv	Argument list

Return values

rc	Return status code

Definition at line 70 of file image_trust_cmd.c.

                                                   {
        struct imgtrust_options opts;
        int rc;
 
        /* Parse options */
        if ( ( rc = parse_options ( argc, argv, &imgtrust_cmd, &opts ) ) != 0 )
                return rc;
 
        /* Set trust requirement */
        if ( ( rc = image_set_trust ( ( ! opts.allow ),
                                      opts.permanent ) ) != 0 ) {
                printf ( "Could not set image trust requirement: %s\n",
                         strerror ( rc ) );
                return rc;
        }
 
        return 0;
}

References image_set_trust(), imgtrust_cmd, opts, parse_options(), printf(), rc, and strerror().

Referenced by COMMAND().

◆ imgverify_exec()

int imgverify_exec	(	int	argc,
		char **	argv )

static

The "imgverify" command.

Parameters

argc	Argument count
argv	Argument list

Return values

rc	Return status code

Definition at line 121 of file image_trust_cmd.c.

                                                    {
        struct imgverify_options opts;
        const char *image_name_uri;
        const char *signature_name_uri;
        struct image *image;
        struct image *signature;
        int rc;
 
        /* Parse options */
        if ( ( rc = parse_options ( argc, argv, &imgverify_cmd, &opts ) ) != 0 )
                return rc;
 
        /* Parse image name/URI string */
        image_name_uri = argv[optind];
 
        /* Parse signature name/URI string */
        signature_name_uri = argv[ optind + 1 ];
 
        /* Acquire the image */
        if ( ( rc = imgacquire ( image_name_uri, opts.timeout, &image ) ) != 0 )
                goto err_acquire_image;
 
        /* Acquire the signature image */
        if ( ( rc = imgacquire ( signature_name_uri, opts.timeout,
                                 &signature ) ) != 0 )
                goto err_acquire_signature;
 
        /* Verify image */
        if ( ( rc = imgverify ( image, signature, opts.signer ) ) != 0 ) {
                printf ( "Could not verify: %s\n", strerror ( rc ) );
                goto err_verify;
        }
 
        /* Success */
        rc = 0;
 
 err_verify:
        /* Discard signature unless --keep was specified */
        if ( ! opts.keep )
                unregister_image ( signature );
 err_acquire_signature:
 err_acquire_image:
        return rc;
}

References imgacquire(), imgverify(), imgverify_cmd, optind, opts, parse_options(), printf(), rc, signature, strerror(), and unregister_image().

Referenced by COMMAND().

◆ COMMAND() [1/2]

COMMAND	(	imgtrust	,
		imgtrust_exec	)

Image trust management commands.

References imgtrust_exec().

◆ COMMAND() [2/2]

COMMAND	(	imgverify	,
		imgverify_exec	)

References imgverify(), and imgverify_exec().

Variable Documentation

◆ imgtrust_opts

struct option_descriptor imgtrust_opts[]

static

Initial value:

= {
        OPTION_DESC ( "allow", 'a', no_argument,
                      struct imgtrust_options, allow, parse_flag ),
        OPTION_DESC ( "permanent", 'p', no_argument,
                      struct imgtrust_options, permanent, parse_flag ),
}

"imgtrust" option list

Definition at line 52 of file image_trust_cmd.c.

                                                  {
        OPTION_DESC ( "allow", 'a', no_argument,
                      struct imgtrust_options, allow, parse_flag ),
        OPTION_DESC ( "permanent", 'p', no_argument,
                      struct imgtrust_options, permanent, parse_flag ),
};

◆ imgtrust_cmd

struct command_descriptor imgtrust_cmd

static

Initial value:

=

COMMAND_DESC ( struct imgtrust_options, imgtrust_opts, 0, 0, NULL )

NULL

#define NULL

NULL pointer (VOID *)

Definition Base.h:322

imgtrust_opts

static struct option_descriptor imgtrust_opts[]

"imgtrust" option list

Definition image_trust_cmd.c:52

COMMAND_DESC

#define COMMAND_DESC(_struct, _options, _min_args, _max_args, _usage)

Construct command descriptor.

Definition parseopt.h:109

"imgtrust" command descriptor

Definition at line 60 of file image_trust_cmd.c.

Referenced by imgtrust_exec().

◆ imgverify_opts

struct option_descriptor imgverify_opts[]

static

Initial value:

= {
        OPTION_DESC ( "signer", 's', required_argument,
                      struct imgverify_options, signer, parse_string ),
        OPTION_DESC ( "keep", 'k', no_argument,
                      struct imgverify_options, keep, parse_flag ),
        OPTION_DESC ( "timeout", 't', required_argument,
                      struct imgverify_options, timeout, parse_timeout),
}

"imgverify" option list

Definition at line 100 of file image_trust_cmd.c.

                                                   {
        OPTION_DESC ( "signer", 's', required_argument,
                      struct imgverify_options, signer, parse_string ),
        OPTION_DESC ( "keep", 'k', no_argument,
                      struct imgverify_options, keep, parse_flag ),
        OPTION_DESC ( "timeout", 't', required_argument,
                      struct imgverify_options, timeout, parse_timeout),
};

◆ imgverify_cmd

struct command_descriptor imgverify_cmd

static

Initial value:

=
        COMMAND_DESC ( struct imgverify_options, imgverify_opts, 2, 2,
                       "<uri|image> <signature uri|image>" )

"imgverify" command descriptor

Definition at line 110 of file image_trust_cmd.c.

Referenced by imgverify_exec().

Data Structures

Functions

Variables

Detailed Description

Function Documentation

◆ FILE_LICENCE()

◆ FILE_SECBOOT()

◆ imgtrust_exec()

◆ imgverify_exec()

◆ COMMAND() [1/2]

◆ COMMAND() [2/2]

Variable Documentation

◆ imgtrust_opts

◆ imgtrust_cmd

◆ imgverify_opts

◆ imgverify_cmd