Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit 83012663 authored by Sami Tolvanen's avatar Sami Tolvanen
Browse files

fs_mgr: validate corrected signatures

If signature verification fails and we have an error corrected
signature available, attempt to verify that instead.

Needs changes from
  Ie913c21ba1d07d6df4c6feeb7226b2ec963f4d19

Bug: 28943429
Change-Id: I7d48701916fe430b17aa05acb120f22a1802733d
parent 8c407629
Loading
Loading
Loading
Loading
+13 −2
Original line number Original line Diff line number Diff line
@@ -150,6 +150,18 @@ out:
    return retval;
    return retval;
}
}


static int verify_verity_signature(const struct fec_verity_metadata& verity)
{
    if (verify_table(verity.signature, verity.table,
            verity.table_length) == 0 ||
        verify_table(verity.ecc_signature, verity.table,
            verity.table_length) == 0) {
        return 0;
    }

    return -1;
}

static int invalidate_table(char *table, size_t table_length)
static int invalidate_table(char *table, size_t table_length)
{
{
    size_t n = 0;
    size_t n = 0;
@@ -919,8 +931,7 @@ int fs_mgr_setup_verity(struct fstab_rec *fstab)
    }
    }


    // verify the signature on the table
    // verify the signature on the table
    if (verify_table(verity.signature, verity.table,
    if (verify_verity_signature(verity) < 0) {
            verity.table_length) < 0) {
        if (params.mode == VERITY_MODE_LOGGING) {
        if (params.mode == VERITY_MODE_LOGGING) {
            // the user has been warned, allow mounting without dm-verity
            // the user has been warned, allow mounting without dm-verity
            retval = FS_MGR_SETUP_VERITY_SUCCESS;
            retval = FS_MGR_SETUP_VERITY_SUCCESS;