load container key from DER file

Since we're inserting the key into the rootfs in the DER format,
we can read it directly and avoid doing any parsing on it.

BUG=chromium:718184
TEST=mount_extension_image still works

Change-Id: If3b6ce915cfda58e5cddba113445324ec90bde5c
Reviewed-on: https://chromium-review.googlesource.com/497948
Commit-Ready: Mike Frysinger <vapier@chromium.org>
Tested-by: Mike Frysinger <vapier@chromium.org>
Reviewed-by: Greg Kerr <kerrnel@chromium.org>
Reviewed-by: Eric Caruso <ejcaruso@chromium.org>
1 file changed
tree: 9406827a98e1a04395755481dccd2c690445a2a2
  1. .presubmitignore
  2. README.md
  3. component.cc
  4. component.h
  5. component_unittest.cc
  6. dbus_adaptors/
  7. dbus_permissions/
  8. dbus_service/
  9. helper_process.cc
  10. helper_process.h
  11. imageloader.cc
  12. imageloader.conf
  13. imageloader.gyp
  14. imageloader.h
  15. imageloader_impl.cc
  16. imageloader_impl.h
  17. imageloader_main.cc
  18. imageloader_unittest.cc
  19. imageloader_wrapper
  20. ipc.proto
  21. mock_helper_process.h
  22. mock_verity_mounter.h
  23. mount_helper.cc
  24. mount_helper.h
  25. public_keys/
  26. run_tests.cc
  27. seccomp/
  28. test_utilities.cc
  29. test_utilities.h
  30. testdata/
  31. verity_mounter.cc
  32. verity_mounter.h
README.md

src/platform/imageloader

This aims to provide a generic utility to verify and load (mount) signed disk images through DBUS IPC.

Binaries

  • imageloader

imageloader handles the mounting of disk images. imageloader should be executed via the imageloader_wrapper script, which ensures that imageloader's storage exists and is owned by imageloaderd user. When imageloader is not running, DBus will automatically invoke it. After 20 seconds of inactivity, the service exits.