Skip to content
Merged
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
80 changes: 80 additions & 0 deletions qubes/ext/core_features.py
Original file line number Diff line number Diff line change
Expand Up @@ -104,6 +104,86 @@ async def qubes_features_request(self, vm, event, untrusted_features):
untrusted_value = untrusted_features["qubes-agent-version"]
if _version_re.fullmatch(untrusted_value):
vm.features["qubes-agent-version"] = untrusted_value

# handle boot mode advertisement
old_bootmode_info = {}
for feature_key, feature_val in vm.features.items():
if feature_key.startswith(
"boot-mode.kernelopts."
) or feature_key.startswith("boot-mode.name."):
old_bootmode_info[feature_key] = feature_val
new_bootmode_info = {}
new_bootmode_names = []
for (
untrusted_feature_key,
untrusted_feature_value,
) in untrusted_features.items():
if untrusted_feature_key.startswith("boot-mode.kernelopts."):
bootmode_key_parts = untrusted_feature_key.split(".")
if len(bootmode_key_parts) != 3:
# Boot mode key contains unexpected data, reject it
continue
bootmode_name = bootmode_key_parts[2]
if bootmode_name == "":
continue
if bootmode_name == "default":
# "default" is reserved, cannot set kernelopts for it
continue
bootmode_feature = untrusted_feature_key
bootmode_value = untrusted_feature_value
new_bootmode_info[bootmode_feature] = bootmode_value
for (
untrusted_feature_key,
untrusted_feature_value,
) in untrusted_features.items():
if untrusted_feature_key.startswith("boot-mode.name."):
bootmode_key_parts = untrusted_feature_key.split(".")
if len(bootmode_key_parts) != 3:
# Boot mode key contains unexpected data, reject it
continue
bootmode_name = bootmode_key_parts[2]
if bootmode_name == "":
continue
if (
f"boot-mode.kernelopts.{bootmode_name}"
not in new_bootmode_info
) and bootmode_name != "default":
continue
bootmode_feature = untrusted_feature_key
bootmode_value = untrusted_feature_value
new_bootmode_info[bootmode_feature] = bootmode_value
new_bootmode_names.append(bootmode_value)
if (
# Disallow duplicate boot mode names
len(new_bootmode_names) == len(set(new_bootmode_names))
# Don't allow more than 64 boot modes
and len(new_bootmode_info) <= 64
# Don't allow wiping all boot modes
and len(new_bootmode_info) > 0
):
for feature_key in old_bootmode_info:
if feature_key not in new_bootmode_info:
del vm.features[feature_key]
for feature_key, feature_val in new_bootmode_info.items():
vm.features[feature_key] = feature_val
if "boot-mode.active" in untrusted_features:
untrusted_feature_value = untrusted_features["boot-mode.active"]
if (
f"boot-mode.kernelopts.{untrusted_feature_value}" in vm.features
or untrusted_feature_value == "default"
):
bootmode_value = untrusted_feature_value
Comment thread
ArrayBolt3 marked this conversation as resolved.
vm.features["boot-mode.active"] = bootmode_value
if "boot-mode.appvm-default" in untrusted_features:
untrusted_feature_value = untrusted_features[
"boot-mode.appvm-default"
]
if (
f"boot-mode.kernelopts.{untrusted_feature_value}" in vm.features
or untrusted_feature_value == "default"
) and hasattr(vm, "appvm_default_bootmode"):
bootmode_value = untrusted_feature_value
Comment thread
ArrayBolt3 marked this conversation as resolved.
vm.features["boot-mode.appvm-default"] = bootmode_value
del untrusted_features

# default user for qvm-run etc
Expand Down
Loading