iPXE
image_trust_cmd.c
Go to the documentation of this file.
1 /*
2  * Copyright (C) 2012 Michael Brown <mbrown@fensystems.co.uk>.
3  *
4  * This program is free software; you can redistribute it and/or
5  * modify it under the terms of the GNU General Public License as
6  * published by the Free Software Foundation; either version 2 of the
7  * License, or any later version.
8  *
9  * This program is distributed in the hope that it will be useful, but
10  * WITHOUT ANY WARRANTY; without even the implied warranty of
11  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
12  * General Public License for more details.
13  *
14  * You should have received a copy of the GNU General Public License
15  * along with this program; if not, write to the Free Software
16  * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
17  * 02110-1301, USA.
18  *
19  * You can also choose to distribute this program under the terms of
20  * the Unmodified Binary Distribution Licence (as given in the file
21  * COPYING.UBDL), provided that you have satisfied its requirements.
22  */
23 
24 FILE_LICENCE ( GPL2_OR_LATER_OR_UBDL );
25 
26 #include <stdint.h>
27 #include <stdio.h>
28 #include <getopt.h>
29 #include <ipxe/image.h>
30 #include <ipxe/command.h>
31 #include <ipxe/parseopt.h>
32 #include <usr/imgmgmt.h>
33 #include <usr/imgtrust.h>
34 
35 /** @file
36  *
37  * Image trust management commands
38  *
39  */
40 
41 /** "imgtrust" options */
43  /** Allow trusted images */
44  int allow;
45  /** Make trust requirement permanent */
46  int permanent;
47 };
48 
49 /** "imgtrust" option list */
50 static struct option_descriptor imgtrust_opts[] = {
51  OPTION_DESC ( "allow", 'a', no_argument,
52  struct imgtrust_options, allow, parse_flag ),
53  OPTION_DESC ( "permanent", 'p', no_argument,
54  struct imgtrust_options, permanent, parse_flag ),
55 };
56 
57 /** "imgtrust" command descriptor */
60 
61 /**
62  * The "imgtrust" command
63  *
64  * @v argc Argument count
65  * @v argv Argument list
66  * @ret rc Return status code
67  */
68 static int imgtrust_exec ( int argc, char **argv ) {
69  struct imgtrust_options opts;
70  int rc;
71 
72  /* Parse options */
73  if ( ( rc = parse_options ( argc, argv, &imgtrust_cmd, &opts ) ) != 0 )
74  return rc;
75 
76  /* Set trust requirement */
77  if ( ( rc = image_set_trust ( ( ! opts.allow ),
78  opts.permanent ) ) != 0 ) {
79  printf ( "Could not set image trust requirement: %s\n",
80  strerror ( rc ) );
81  return rc;
82  }
83 
84  return 0;
85 }
86 
87 /** "imgverify" options */
89  /** Required signer common name */
90  char *signer;
91  /** Keep signature after verification */
92  int keep;
93  /** Download timeout */
94  unsigned long timeout;
95 };
96 
97 /** "imgverify" option list */
98 static struct option_descriptor imgverify_opts[] = {
99  OPTION_DESC ( "signer", 's', required_argument,
100  struct imgverify_options, signer, parse_string ),
101  OPTION_DESC ( "keep", 'k', no_argument,
102  struct imgverify_options, keep, parse_flag ),
103  OPTION_DESC ( "timeout", 't', required_argument,
105 };
106 
107 /** "imgverify" command descriptor */
110  "<uri|image> <signature uri|image>" );
111 
112 /**
113  * The "imgverify" command
114  *
115  * @v argc Argument count
116  * @v argv Argument list
117  * @ret rc Return status code
118  */
119 static int imgverify_exec ( int argc, char **argv ) {
120  struct imgverify_options opts;
121  const char *image_name_uri;
122  const char *signature_name_uri;
123  struct image *image;
124  struct image *signature;
125  int rc;
126 
127  /* Parse options */
128  if ( ( rc = parse_options ( argc, argv, &imgverify_cmd, &opts ) ) != 0 )
129  return rc;
130 
131  /* Parse image name/URI string */
132  image_name_uri = argv[optind];
133 
134  /* Parse signature name/URI string */
135  signature_name_uri = argv[ optind + 1 ];
136 
137  /* Acquire the image */
138  if ( ( rc = imgacquire ( image_name_uri, opts.timeout, &image ) ) != 0 )
139  goto err_acquire_image;
140 
141  /* Acquire the signature image */
142  if ( ( rc = imgacquire ( signature_name_uri, opts.timeout,
143  &signature ) ) != 0 )
144  goto err_acquire_signature;
145 
146  /* Verify image */
147  if ( ( rc = imgverify ( image, signature, opts.signer ) ) != 0 ) {
148  printf ( "Could not verify: %s\n", strerror ( rc ) );
149  goto err_verify;
150  }
151 
152  /* Success */
153  rc = 0;
154 
155  err_verify:
156  /* Discard signature unless --keep was specified */
157  if ( ! opts.keep )
159  err_acquire_signature:
160  err_acquire_image:
161  return rc;
162 }
163 
164 /** Image trust management commands */
165 struct command image_trust_commands[] __command = {
166  {
167  .name = "imgtrust",
168  .exec = imgtrust_exec,
169  },
170  {
171  .name = "imgverify",
172  .exec = imgverify_exec,
173  },
174 };
int image_set_trust(int require_trusted, int permanent)
Change image trust requirement.
Definition: image.c:522
struct arbelprm_rc_send_wqe rc
Definition: arbel.h:14
int imgverify(struct image *image, struct image *signature, const char *name)
Verify image using downloaded signature.
Definition: imgtrust.c:51
int printf(const char *fmt,...)
Write a formatted string to the console.
Definition: vsprintf.c:464
static struct option_descriptor imgtrust_opts[]
"imgtrust" option list
int optind
Current option index.
Definition: getopt.c:51
"imgtrust" options
int allow
Allow trusted images.
A command-line command.
Definition: command.h:9
int parse_timeout(char *text, unsigned long *value)
Parse timeout value (in ms)
Definition: parseopt.c:114
int parse_options(int argc, char **argv, struct command_descriptor *cmd, void *opts)
Parse command-line options.
Definition: parseopt.c:484
int permanent
Make trust requirement permanent.
An executable image.
Definition: image.h:24
A command descriptor.
Definition: parseopt.h:77
int keep
Keep signature after verification.
"imgverify" options
Parse command-line options.
int parse_string(char *text, char **value)
Parse string value.
Definition: parseopt.c:73
Executable images.
static int imgverify_exec(int argc, char **argv)
The "imgverify" command.
Image trust management.
struct command image_trust_commands [] __command
Image trust management commands.
int parse_flag(char *text __unused, int *flag)
Parse flag.
Definition: parseopt.c:226
char * strerror(int errno)
Retrieve string representation of error number.
Definition: strerror.c:78
Command line option parsing.
Option does not take an argument.
Definition: getopt.h:16
static struct command_descriptor imgtrust_cmd
"imgtrust" command descriptor
static union @437 opts
"cert<xxx>" option list
static struct option_descriptor imgverify_opts[]
"imgverify" option list
const char * name
Name of the command.
Definition: command.h:11
void unregister_image(struct image *image)
Unregister executable image.
Definition: image.c:300
FILE_LICENCE(GPL2_OR_LATER_OR_UBDL)
Image management.
#define OPTION_DESC(_longopt, _shortopt, _has_arg, _struct, _field, _parse)
Construct option descriptor.
Definition: parseopt.h:67
Option requires an argument.
Definition: getopt.h:18
static int imgtrust_exec(int argc, char **argv)
The "imgtrust" command.
A command-line option descriptor.
Definition: parseopt.h:23
#define COMMAND_DESC(_struct, _options, _min_args, _max_args, _usage)
Construct command descriptor.
Definition: parseopt.h:108
void timeout(int)
unsigned long timeout
Download timeout.
u8 signature
Signature.
Definition: CIB_PRM.h:35
char * signer
Required signer common name.
#define NULL
NULL pointer (VOID *)
Definition: Base.h:321
int imgacquire(const char *name_uri, unsigned long timeout, struct image **image)
Acquire an image.
Definition: imgmgmt.c:141
static struct command_descriptor imgverify_cmd
"imgverify" command descriptor