Merge "libfec: add a function to disable verity"

2 files changed, 43 insertions, 0 deletions

diff --git a/libfec/fec_verity.cpp b/libfec/fec_verity.cpp
index eaf56b4b..7537530b 100644
--- a/libfec/fec_verity.cpp
+++ b/libfec/fec_verity.cpp
@@ -602,3 +602,40 @@ int verity_parse_header(fec_handle *f, uint64_t offset)
 
     return 0;
 }
+
+int fec_verity_set_status(struct fec_handle *f, bool enabled)
+{
+    check(f);
+
+    if (!(f->mode & O_RDWR)) {
+        error("cannot update verity magic: read-only handle");
+        errno = EBADF;
+        return -1;
+    }
+
+    verity_info *v = &f->verity;
+
+    if (!v->metadata_start) {
+        error("cannot update verity magic: no metadata found");
+        errno = EINVAL;
+        return -1;
+    }
+
+    if (v->disabled == !enabled) {
+        return 0; /* nothing to do */
+    }
+
+    uint32_t magic = enabled ? VERITY_MAGIC : VERITY_MAGIC_DISABLE;
+
+    if (!raw_pwrite(f, &magic, sizeof(magic), v->metadata_start)) {
+        error("failed to update verity magic to %08x: %s", magic,
+            strerror(errno));
+        return -1;
+    }
+
+    warn("updated verity magic to %08x (%s)", magic,
+        enabled ? "enabled" : "disabled");
+    v->disabled = !enabled;
+
+    return 0;
+}
diff --git a/libfec/include/fec/io.h b/libfec/include/fec/io.h
index 5a9decb5..1a077f32 100644
--- a/libfec/include/fec/io.h
+++ b/libfec/include/fec/io.h
@@ -90,6 +90,8 @@ extern int fec_open(struct fec_handle **f, const char *path, int mode,
 
 extern int fec_close(struct fec_handle *f);
 
+extern int fec_verity_set_status(struct fec_handle *f, bool enabled);
+
 extern int fec_verity_get_metadata(struct fec_handle *f,
         struct fec_verity_metadata *data);
 
@@ -177,6 +179,10 @@ namespace fec {
             return get_ecc_metadata(data) && data.valid;
         }
 
+        bool set_verity_status(bool enabled) {
+            return !fec_verity_set_status(handle_.get(), enabled);
+        }
+
     private:
         handle handle_;
     };