pon., 13 kwi 2020 o 12:53 Ayoub Zaki <[email protected]> napisaĆ(a): > > Hi, > > > On 10.04.20 14:41, Bartosz Golaszewski wrote: > > From: Bartosz Golaszewski <[email protected]> > > > > This adds various bits and pieces to enable generating a working example > > of a full chain of trust up to dm-verity-protected rootfs level on Beagle > > Bone Black. > > > > The new initramfs is quite generic and should work for other SoCs as well > > when using fitImage. > > > > The following config can be used with current master poky, > > meta-openembedded & meta-security to generate a BBB image using verified > > boot and dm-verity. > > > > UBOOT_SIGN_KEYDIR = "/tmp/test-keys/" > > UBOOT_SIGN_KEYNAME = "dev" > > UBOOT_SIGN_ENABLE = "1" > > UBOOT_MKIMAGE_DTCOPTS = "-I dts -O dtb -p 2000" > > UBOOT_MACHINE_beaglebone-yocto = "am335x_boneblack_vboot_config" > > > > IMAGE_CLASSES += "dm-verity-img" > > IMAGE_FSTYPES += "wic.xz ext4" > > > > DM_VERITY_IMAGE = "core-image-full-cmdline" > > DM_VERITY_IMAGE_TYPE = "ext4" > > > > KERNEL_CLASSES += "kernel-fitimage" > > KERNEL_IMAGETYPE_beaglebone-yocto = "fitImage" > > > > IMAGE_INSTALL_remove = " kernel-image-zimage" > > IMAGE_BOOT_FILES_remove = " zImage" > > IMAGE_BOOT_FILES_append = " > > fitImage-${INITRAMFS_IMAGE}-${MACHINE}-${MACHINE};fitImage" > > > > # Using systemd is not strictly needed but deals nicely with read-only > > # filesystem by default. > > DISTRO_FEATURES_append = " systemd" > > DISTRO_FEATURES_BACKFILL_CONSIDERED += "sysvinit" > > VIRTUAL-RUNTIME_init_manager = "systemd" > > VIRTUAL-RUNTIME_initscripts = "systemd-compat-units" > > > > INITRAMFS_IMAGE = "dm-verity-image-initramfs" > > INITRAMFS_FSTYPES = "cpio.gz" > > INITRAMFS_IMAGE_BUNDLE = "1" > > > > WKS_FILE = "beaglebone-yocto-verity.wks.in" > > > > KERNEL_FEATURES_append = " features/device-mapper/dm-verity.scc" > > > > Signed-off-by: Bartosz Golaszewski <[email protected]> > > > Not sure if it's a working example...so where does the fitImage goes ? > > How did you solve the circular dependency ? > >
Please refer to the cover letter - it points to a patch series for OE-core where I fixed the problem in image and sstate bbclasses. Bart
-=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#83903): https://lists.openembedded.org/g/openembedded-devel/message/83903 Mute This Topic: https://lists.openembedded.org/mt/72920044/21656 Group Owner: [email protected] Unsubscribe: https://lists.openembedded.org/g/openembedded-devel/unsub [[email protected]] -=-=-=-=-=-=-=-=-=-=-=-
