dm-verity-img.bbclass: add DM_VERITY_SETUP_ARGS

Useful to pass additional arguments to veritysetup, for example '--no-superblock' to make system less vulnerable to certain types of attacks and data maniputaion on the disk. Signed-off-by: Grygorii Tertychnyi <grembeter@gmail.com> Signed-off-by: Armin Kuster <akuster808@gmail.com>
2026-01-11 15:00:34 +00:00 · 2024-11-09 12:31:45 +01:00
parent c9585ebfe8
commit 29d46054c2
1 changed files with 4 additions and 0 deletions
--- a/classes/dm-verity-img.bbclass
+++ b/classes/dm-verity-img.bbclass
@@ -46,6 +46,9 @@ DM_VERITY_IMAGE_HASH_BLOCK_SIZE ?= "4096"
 # Should we store the hash data on a separate device/partition?
 DM_VERITY_SEPARATE_HASH ?= "0"

+# Additional arguments for veritysetup
+DM_VERITY_SETUP_ARGS ?= ""
+
 # These are arch specific.  We could probably intelligently auto-assign these?
 # Take x86-64 values as defaults. No impact on functionality currently.
 # See SD_GPT_ROOT_X86_64 and SD_GPT_ROOT_X86_64_VERITY in the spec.
@@ -146,6 +149,7 @@ verity_setup() {
    cp -a $INPUT $OUTPUT

    SETUP_ARGS=" \
+        ${DM_VERITY_SETUP_ARGS} \
        --data-block-size=${DM_VERITY_IMAGE_DATA_BLOCK_SIZE} \
        --hash-block-size=${DM_VERITY_IMAGE_HASH_BLOCK_SIZE} \
        $HASH_OFFSET format $OUTPUT $OUTPUT_HASH \