Skip to content

Commit 3063b72

Browse files
kostkokostko
committed
feat(cmd/rofl): Display SHA256 hash of init binary during build
1 parent a93baa5 commit 3063b72

File tree

2 files changed

+26
-9
lines changed

2 files changed

+26
-9
lines changed

cmd/rofl/build/artifacts.go

Lines changed: 19 additions & 9 deletions
Original file line numberDiff line numberDiff line change
@@ -305,6 +305,22 @@ func createSquashFs(buildEnv env.ExecEnv, fn, dir string) (int64, error) {
305305
return fi.Size(), nil
306306
}
307307

308+
// sha256File computes a SHA-256 digest of the file with the given filename and returns a
309+
// hex-encoded hash.
310+
func sha256File(fn string) (string, error) {
311+
f, err := os.Open(fn)
312+
if err != nil {
313+
return "", fmt.Errorf("failed to open filesystem file: %w", err)
314+
}
315+
defer f.Close()
316+
317+
h := sha256.New()
318+
if _, err = io.Copy(h, f); err != nil {
319+
return "", fmt.Errorf("failed to read filesystem file: %w", err)
320+
}
321+
return hex.EncodeToString(h.Sum([]byte{})), nil
322+
}
323+
308324
// createVerityHashTree creates the verity Merkle hash tree and returns the root hash.
309325
func createVerityHashTree(buildEnv env.ExecEnv, fsFn, hashFn string) (string, error) {
310326
// Print a nicer error message in case veritysetup is missing.
@@ -314,16 +330,10 @@ func createVerityHashTree(buildEnv env.ExecEnv, fsFn, hashFn string) (string, er
314330
}
315331

316332
// Generate a deterministic salt by hashing the filesystem.
317-
f, err := os.Open(fsFn)
333+
salt, err := sha256File(fsFn)
318334
if err != nil {
319-
return "", fmt.Errorf("failed to open filesystem file: %w", err)
320-
}
321-
defer f.Close()
322-
h := sha256.New()
323-
if _, err = io.Copy(h, f); err != nil {
324-
return "", fmt.Errorf("failed to read filesystem file: %w", err)
335+
return "", err
325336
}
326-
salt := h.Sum([]byte{})
327337

328338
rootHashFn := hashFn + ".roothash"
329339

@@ -332,7 +342,7 @@ func createVerityHashTree(buildEnv env.ExecEnv, fsFn, hashFn string) (string, er
332342
"--data-block-size=4096",
333343
"--hash-block-size=4096",
334344
"--uuid=00000000-0000-0000-0000-000000000000",
335-
"--salt="+hex.EncodeToString(salt),
345+
"--salt="+salt,
336346
"--root-hash-file="+rootHashFn,
337347
fsFn,
338348
hashFn,

cmd/rofl/build/tdx.go

Lines changed: 7 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -148,6 +148,13 @@ func tdxPrepareStage2(
148148

149149
// Add runtime as init.
150150
fmt.Println("Adding runtime as init...")
151+
152+
initHash, err := sha256File(initPath)
153+
if err != nil {
154+
return nil, err
155+
}
156+
fmt.Printf("Runtime hash: %s\n", initHash)
157+
151158
if err := copyFile(initPath, filepath.Join(rootfsDir, "init"), 0o755); err != nil {
152159
return nil, err
153160
}

0 commit comments

Comments
 (0)