Add 'initramfs-module-dmverity' as an extension to poky upstream provided initramfs-framework suite via matchingly named bbappend file.
Together with pre-existing 'initramfs-module-udev' this module can be used to facilitate dm-verity rootfs mounting from initramfs context that is bundled with Linux kernel. Signed-off-by: Niko Mauno <[email protected]> --- .../initramfs-framework/dmverity | 53 +++++++++++++++++++ .../initramfs-framework_1.0.bbappend | 16 ++++++ 2 files changed, 69 insertions(+) create mode 100644 recipes-core/initrdscripts/initramfs-framework/dmverity create mode 100644 recipes-core/initrdscripts/initramfs-framework_1.0.bbappend diff --git a/recipes-core/initrdscripts/initramfs-framework/dmverity b/recipes-core/initrdscripts/initramfs-framework/dmverity new file mode 100644 index 00000000..bb07aab5 --- /dev/null +++ b/recipes-core/initrdscripts/initramfs-framework/dmverity @@ -0,0 +1,53 @@ +#!/bin/sh + +dmverity_enabled() { + return 0 +} + +dmverity_run() { + DATA_SIZE="__not_set__" + ROOT_HASH="__not_set__" + + . /usr/share/misc/dm-verity.env + + case "${bootparam_root}" in + ID=*) + RDEV="$(realpath /dev/disk/by-id/${bootparam_root#ID=})" + ;; + LABEL=*) + RDEV="$(realpath /dev/disk/by-label/${bootparam_root#LABEL=})" + ;; + PARTLABEL=*) + RDEV="$(realpath /dev/disk/by-partlabel/${bootparam_root#PARTLABEL=})" + ;; + PARTUUID=*) + RDEV="$(realpath /dev/disk/by-partuuid/${bootparam_root#PARTUUID=})" + ;; + PATH=*) + RDEV="$(realpath /dev/disk/by-path/${bootparam_root#PATH=})" + ;; + UUID=*) + RDEV="$(realpath /dev/disk/by-uuid/${bootparam_root#UUID=})" + ;; + *) + RDEV="${bootparam_root}" + esac + + if ! [ -b "${RDEV}" ]; then + echo "Root device resolution failed" + exit 1 + fi + + veritysetup \ + --data-block-size=1024 \ + --hash-offset=${DATA_SIZE} \ + create rootfs \ + ${RDEV} \ + ${RDEV} \ + ${ROOT_HASH} + + mount \ + -o ro \ + /dev/mapper/rootfs \ + ${ROOTFS_DIR} || exit 2 +} diff --git a/recipes-core/initrdscripts/initramfs-framework_1.0.bbappend b/recipes-core/initrdscripts/initramfs-framework_1.0.bbappend new file mode 100644 index 00000000..48e92c23 --- /dev/null +++ b/recipes-core/initrdscripts/initramfs-framework_1.0.bbappend @@ -0,0 +1,16 @@ +FILESEXTRAPATHS_prepend := "${THISDIR}/${PN}:" + +SRC_URI_append = "\ + file://dmverity \ +" + +do_install_append() { + # dm-verity + install ${WORKDIR}/dmverity ${D}/init.d/80-dmverity +} + +PACKAGES_append = " initramfs-module-dmverity" + +SUMMARY_initramfs-module-dmverity = "initramfs dm-verity rootfs support" +RDEPENDS_initramfs-module-dmverity = "${PN}-base" +FILES_initramfs-module-dmverity = "/init.d/80-dmverity" -- 2.20.1
-=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#50626): https://lists.yoctoproject.org/g/yocto/message/50626 Mute This Topic: https://lists.yoctoproject.org/mt/76759792/21656 Group Owner: [email protected] Unsubscribe: https://lists.yoctoproject.org/g/yocto/unsub [[email protected]] -=-=-=-=-=-=-=-=-=-=-=-
