Jan Luebbe
d6de210817
Add support to generate a dm-verity image and the parameters required to
assemble the corresponding table for the device-mapper driver. The latter will
be stored in the file ${DEPLOY_DIR_IMAGE}/<IMAGE_LINK_NAME>.verity-params.
Note that in the resulting image the hash tree data is appended to the contents
of the original image without an explicit superblock to keep things simple and
compact.
The above mentioned parameter file can be sourced by a shell to finally create
the desired blockdevice via "dmsetup" (found in meta-oe's recipe
"libdevmapper"), e.g.
. <IMAGE_LINK_NAME>.verity-params
dmsetup create <dm_dev_name> --readonly --table "0 $VERITY_DATA_SECTORS verity \
1 <dev> <hash_dev> \
$VERITY_DATA_BLOCK_SIZE $VERITY_HASH_BLOCK_SIZE \
$VERITY_DATA_BLOCKS $VERITY_DATA_BLOCKS \
$VERITY_HASH_ALGORITHM $VERITY_ROOT_HASH $VERITY_SALT \
1 ignore_zero_blocks"
As the hash tree data is found at the end of the image, <dev> and <hash_dev>
should be the same blockdevice in the command shown above while <dm_dev_name> is
the name of the to be created dm-verity-device.
The root hash is calculated using a salt to make attacks more difficult. Thus,
please grant each image recipe its own salt which could be generated e.g. via
dd if=/dev/random bs=1k count=1 | sha256sum
and assign it to the parameter VERITY_SALT.
Signed-off-by: Jan Luebbe <jlu@pengutronix.de>
Signed-off-by: Rouven Czerwinski <r.czerwinski@pengutronix.de>
Signed-off-by: Marco Felsch <m.felsch@pengutronix.de>
Signed-off-by: Ulrich Ölmann <u.oelmann@pengutronix.de>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
meta-oe
This layer depends on:
URI: git://github.com/openembedded/openembedded-core.git branch: scarthgap
luajit recipe requires host compiler to be able to generate 32bit code when target is 32bit e.g. arm, so ensure that $CC -m32 is functional on build host, if building this recipe, needed packages to fullfit this might have different names on different host distributions e.g. on archlinux based distributions install prerequisites like below
pacman -S lib32-gcc-libs lib32-glibc
Ubuntu sudo apt-get install gcc-multilib linux-libc-dev:i386
Send pull requests to openembedded-devel@lists.openembedded.org with '[meta-oe][scarthgap]' in the subject'
When sending single patches, please use something like: 'git send-email -M -1 --to openembedded-devel@lists.openembedded.org --subject-prefix="meta-oe][scarthgap][PATCH"'
You are encouraged to fork the mirror on GitHub https://github.com/openembedded/meta-openembedded to share your patches, this is preferred for patch sets consisting of more than one patch.
Other services like GitLab, repo.or.cz or self-hosted setups are of course accepted as well, 'git fetch ' works the same on all of them. We recommend GitHub because it is free, easy to use, has been proven to be reliable and has a really good web GUI.
layer maintainer: Armin Kuster akuster808@gmail.com