Open creates a read-only device-mapper target for transparent integrity verification. It supports both superblock and no-superblock modes: - Superblock mode (opts == nil or opts.NoSuperblock == false): Reads dm-verity parameters from the superblock at the specified hashOffset. Only rootHash needs t
(dataDevice string, name string, hashDevice string, rootHash string, hashOffset uint64, opts *DmverityOptions)
| 124 | // Uses explicitly provided parameters from opts. All dm-verity parameters must be |
| 125 | // supplied programmatically since there's no superblock to read from. |
| 126 | func Open(dataDevice string, name string, hashDevice string, rootHash string, hashOffset uint64, opts *DmverityOptions) (string, error) { |
| 127 | if rootHash == "" { |
| 128 | return "", fmt.Errorf("rootHash cannot be empty") |
| 129 | } |
| 130 | |
| 131 | rootDigest, err := utils.ParseRootHash(rootHash) |
| 132 | if err != nil { |
| 133 | return "", fmt.Errorf("invalid root hash: %w", err) |
| 134 | } |
| 135 | |
| 136 | var params verity.Params |
| 137 | |
| 138 | if opts != nil && opts.NoSuperblock { |
| 139 | params, err = convertToVerityParams(opts) |
| 140 | if err != nil { |
| 141 | return "", fmt.Errorf("failed to convert options: %w", err) |
| 142 | } |
| 143 | } else { |
| 144 | params = verity.DefaultParams() |
| 145 | params.HashAreaOffset = hashOffset |
| 146 | } |
| 147 | |
| 148 | loopParams := mount.LoopParams{ |
| 149 | Readonly: true, |
| 150 | Autoclear: true, |
| 151 | } |
| 152 | |
| 153 | dataLoop, err := mount.SetupLoop(dataDevice, loopParams) |
| 154 | if err != nil { |
| 155 | return "", fmt.Errorf("failed to setup loop device for data: %w", err) |
| 156 | } |
| 157 | dataLoopDevice := dataLoop.Name() |
| 158 | |
| 159 | var hashLoop *os.File |
| 160 | var hashLoopDevice string |
| 161 | if hashDevice != dataDevice { |
| 162 | hashLoop, err = mount.SetupLoop(hashDevice, loopParams) |
| 163 | if err != nil { |
| 164 | dataLoop.Close() |
| 165 | return "", fmt.Errorf("failed to setup loop device for hash: %w", err) |
| 166 | } |
| 167 | hashLoopDevice = hashLoop.Name() |
| 168 | } else { |
| 169 | hashLoopDevice = dataLoopDevice |
| 170 | } |
| 171 | |
| 172 | devicePath, err := verity.Open(¶ms, name, dataLoopDevice, hashLoopDevice, rootDigest, "", nil) |
| 173 | if err != nil { |
| 174 | dataLoop.Close() |
| 175 | if hashLoop != nil { |
| 176 | hashLoop.Close() |
| 177 | } |
| 178 | return "", fmt.Errorf("failed to open dm-verity device: %w", err) |
| 179 | } |
| 180 | |
| 181 | // Close file handles now that dm-verity holds a kernel reference to the loop devices. |
| 182 | dataLoop.Close() |
| 183 | if hashLoop != nil { |
nothing calls this directly
no test coverage detected
searching dependent graphs…