From 2b62e81a73228f1cf9b4cbc153b93d2b372df66d Mon Sep 17 00:00:00 2001
From: Michael Marineau <michael.marineau@coreos.com>
Date: Wed, 19 Oct 2016 14:48:50 -0700
Subject: [PATCH] loader: add support for passing verity hash to xen kernels

This only supports DomU Linux bzImage, ignoring bare ELF images and
Dom0 Xen+Linux but those cases are not applicable to us on CoreOS.
---
 grub-core/loader/i386/xen.c      |  4 +++-
 grub-core/loader/i386/xen_file.c | 13 +++++++++++++
 include/grub/xen_file.h          |  3 +++
 3 files changed, 19 insertions(+), 1 deletion(-)

diff --git a/grub-core/loader/i386/xen.c b/grub-core/loader/i386/xen.c
index 3073f64d5..e15f1d604 100644
--- a/grub-core/loader/i386/xen.c
+++ b/grub-core/loader/i386/xen.c
@@ -652,7 +652,9 @@ grub_cmd_xen (grub_command_t cmd __attribute__ ((unused)),
   if (!file)
     return grub_errno;
 
-  elf = grub_xen_file (file);
+  elf = grub_xen_file_and_cmdline (file,
+		                   (char *) xen_state.next_start.cmd_line,
+		                   sizeof (xen_state.next_start.cmd_line) - 1);
   if (!elf)
     goto fail;
 
diff --git a/grub-core/loader/i386/xen_file.c b/grub-core/loader/i386/xen_file.c
index 99fad4cad..ca1464d44 100644
--- a/grub-core/loader/i386/xen_file.c
+++ b/grub-core/loader/i386/xen_file.c
@@ -20,10 +20,20 @@
 #include <grub/i386/linux.h>
 #include <grub/misc.h>
 
+#include "verity-hash.h"
+
 #define XZ_MAGIC "\3757zXZ\0"
 
 grub_elf_t
 grub_xen_file (grub_file_t file)
+{
+  return grub_xen_file_and_cmdline (file, NULL, 0);
+}
+
+grub_elf_t
+grub_xen_file_and_cmdline (grub_file_t file,
+			   char *cmdline,
+			   grub_size_t cmdline_max_len)
 {
   grub_elf_t elf;
   struct linux_kernel_header lh;
@@ -64,6 +74,9 @@ grub_xen_file (grub_file_t file)
 		(unsigned long long) payload_offset,
 		(unsigned long long) lh.payload_length);
 
+  if (cmdline)
+    grub_pass_verity_hash (&lh, cmdline, cmdline_max_len);
+
   grub_file_seek (file, payload_offset);
 
   if (grub_file_read (file, &magic, sizeof (magic)) != sizeof (magic))
diff --git a/include/grub/xen_file.h b/include/grub/xen_file.h
index 658799952..f8d8b19a7 100644
--- a/include/grub/xen_file.h
+++ b/include/grub/xen_file.h
@@ -24,6 +24,9 @@
 #include <grub/elfload.h>
 
 grub_elf_t grub_xen_file (grub_file_t file);
+grub_elf_t grub_xen_file_and_cmdline (grub_file_t file,
+				      char *cmdline,
+				      grub_size_t cmdline_max_len);
 
 struct grub_xen_file_info
 {