loader: add support for passing verity hash to xen kernels

This only supports DomU Linux bzImage, ignoring bare ELF images and
Dom0 Xen+Linux but those cases are not applicable to us on CoreOS.

grub-core/loader/i386/xen.c

@@ -652,7 +652,9 @@ grub_cmd_xen (grub_command_t cmd __attribute__ ((unused)),
   if (!file)
     return grub_errno;
 
-  elf = grub_xen_file (file);
+  elf = grub_xen_file_and_cmdline (file,
+		                   (char *) xen_state.next_start.cmd_line,
+		                   sizeof (xen_state.next_start.cmd_line) - 1);
   if (!elf)
     goto fail;
 

grub-core/loader/i386/xen_file.c

@@ -20,10 +20,20 @@
 #include <grub/i386/linux.h>
 #include <grub/misc.h>
 
+#include "verity-hash.h"
+
 #define XZ_MAGIC "\3757zXZ\0"
 
 grub_elf_t
 grub_xen_file (grub_file_t file)
+{
+  return grub_xen_file_and_cmdline (file, NULL, 0);
+}
+
+grub_elf_t
+grub_xen_file_and_cmdline (grub_file_t file,
+			   char *cmdline,
+			   grub_size_t cmdline_max_len)
 {
   grub_elf_t elf;
   struct linux_kernel_header lh;
@@ -64,6 +74,9 @@ grub_xen_file (grub_file_t file)
 		(unsigned long long) payload_offset,
 		(unsigned long long) lh.payload_length);
 
+  if (cmdline)
+    grub_pass_verity_hash (&lh, cmdline, cmdline_max_len);
+
   grub_file_seek (file, payload_offset);
 
   if (grub_file_read (file, &magic, sizeof (magic)) != sizeof (magic))

include/grub/xen_file.h

@@ -24,6 +24,9 @@
 #include <grub/elfload.h>
 
 grub_elf_t grub_xen_file (grub_file_t file);
+grub_elf_t grub_xen_file_and_cmdline (grub_file_t file,
+				      char *cmdline,
+				      grub_size_t cmdline_max_len);
 
 struct grub_xen_file_info
 {