#!/bin/sh

PREREQ=""

prereqs()
{
	echo "$PREREQ"
}

case $1 in
# get pre-requisites
prereqs)
	prereqs
	exit 0
	;;
esac

# busybox

DIGSIG_ELF_MODE=0
DIGSIG_XATTR_MODE=0
DIGSIG_ELF_VERIFICATION_MODE=0
DIGSIG_IGNORE_XATTR_KEYS=0
DIGSIG_IGNORE_GOST2001=0

. /etc/digsig/digsig_initramfs.conf

modprobe digsig_verif

descend()
{
	find "$1" -mindepth 1 -maxdepth 1 -type f | while read f; do echo "  loading $f"; cat "$f" > "$2" || sleep 3; done
	find "$1" -mindepth 1 -maxdepth 1 -type d | while read d; do descend "$d" "$2"; done
}

if [ "$DIGSIG_ELF_MODE" != "0" ]; then
	echo "Loading DIGSIG keys"
	DIR=/etc/digsig/keys

	cat /etc/digsig/build_system_rbt_root_key_2018.gpg \
	    > /sys/digsig/keys 2>/dev/null
	cat /etc/digsig/partners_rbt_root_key_2018.gpg \
	    > /sys/digsig/keys 2>/dev/null
	sleep 1

	descend $DIR /sys/digsig/keys
fi

if [ "$DIGSIG_IGNORE_XATTR_KEYS" = "1" ]; then
	echo 1 > /sys/digsig/ignore_xattr_keys 2>/dev/null
fi

if [ "$DIGSIG_XATTR_MODE" != "0" ] || \
	[ "$DIGSIG_ELF_MODE" != "0" -a "$DIGSIG_ELF_VERIFICATION_MODE" != "0" ]; then
	echo "Loading DIGSIG xattr keys"
	DIR=/etc/digsig/xattr_keys

	descend $DIR /sys/digsig/xattr_keys
fi

awk 1 /etc/digsig/xattr_control > /sys/digsig/xattr_control

if [ "$DIGSIG_ELF_MODE" != "0" ]; then
	echo "Switching DIGSIG into elf/xattr mode $DIGSIG_ELF_VERIFICATION_MODE"
	echo "$DIGSIG_ELF_VERIFICATION_MODE" > /sys/digsig/elf_verification_mode 2>/dev/null

	echo "Switching DIGSIG into mode $DIGSIG_ELF_MODE for ELF"
	echo "$DIGSIG_ELF_MODE" > /sys/digsig/elf_mode 2>/dev/null
fi
if [ "$DIGSIG_XATTR_MODE" != "0" ]; then
	echo "Switching DIGSIG into mode $DIGSIG_XATTR_MODE for XATTR"
	echo "$DIGSIG_XATTR_MODE" > /sys/digsig/xattr_mode 2>/dev/null
fi

if [ "$DIGSIG_IGNORE_GOST2001" = "1" ]; then
	echo "Making DIGSIG ignore GOST-2001 keys and signatures"
	echo 1 > /sys/digsig/ignore_gost2001 2>/dev/null
fi
