wt., 14 kwi 2020 o 18:28 Ayoub Zaki <[email protected]> napisał(a): > > > On 14.04.20 18:19, Bartosz Golaszewski wrote: > > wt., 14 kwi 2020 o 11:17 Ayoub Zaki <[email protected]> napisał(a): > >> Hi, > >> > >> On 14.04.20 11:05, Bartosz Golaszewski wrote: > >> > >> pon., 13 kwi 2020 o 12:58 Ayoub Zaki <[email protected]> napisał(a): > >> > >> basically this class generate a dm-verity hash that needs to be injected > >> inside the initramfs...it's a bit hacky. > >> > >> wouldn't be signing the hash, include the verifiication public key in > >> initramfs more portable ? > >> > >> Sorry, but I don't see how this is a better solution. You then have to > >> store two things somewhere: the hash and its signature. If the > >> fitImage is already signed - there's no reason to have a second > >> signature for the hash: it already comes from a trusted source. > >> > >> This would also inflate the size of the initramfs - not only would it > >> need to include the cryptsetup tools but also additional tools for > >> signature verification. > >> > >> > >> The hash + signature doesn't need to be stored in initramfs in this case > >> but appended to the rootfs image. > >> > >> yes you would need in this case a signature verification tool inside your > >> initramfs and the corresponding public key. > >> > > But how is this better? I know this is how Android does dm-verity, but > > it's not any simpler - I'd argue the actual implementation is more > > complicated. > > > In case you do OTA Update with your approach you will need to always > update kernel+initramfs and rootfs even nothing has changed in kernel > oder initramfs for example to make sure that the Hash inside the > initramfs is updated!
This is negligible in terms of size and doesn't add to the complication. I know this, because we've been doing it like this in real-life applications. > > > Another case is if your kernel+initramfs are part of the rootfs how you > will deal with it ? it's chicken/egg problem. > Of course they're not. I never said that. It boils down to a matter of taste. If you want to implement a different approach - there's nothing stopping you from adding some switch that would result in a different way of storing the root hash. For now: I'm still waiting for reviews on the OE-code part. Bart PS Could you set up your e-mail client to properly format quoted parts? It's hard to tell who said what and what to respond to.
-=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#83941): https://lists.openembedded.org/g/openembedded-devel/message/83941 Mute This Topic: https://lists.openembedded.org/mt/72920041/21656 Group Owner: [email protected] Unsubscribe: https://lists.openembedded.org/g/openembedded-devel/unsub [[email protected]] -=-=-=-=-=-=-=-=-=-=-=-
