initramfs-framework: Add dmverity module

Add 'initramfs-module-dmverity' as an extension to poky upstream provided initramfs-framework suite via matchingly named bbappend file. Together with pre-existing 'initramfs-module-udev' this module can be used to facilitate dm-verity rootfs mounting from initramfs context that is bundled with Linux kernel. Signed-off-by: Niko Mauno <niko.mauno@vaisala.com> Signed-off-by: Armin Kuster <akuster808@gmail.com>
2026-04-20 11:29:37 +00:00 · 2020-09-10 16:17:54 +00:00
parent 170945ff9f
commit 489f7c900c
2 changed files with 69 additions and 0 deletions
--- a/recipes-core/initrdscripts/initramfs-framework/dmverity
+++ b/recipes-core/initrdscripts/initramfs-framework/dmverity
@@ -0,0 +1,53 @@
+#!/bin/sh
+
+dmverity_enabled() {
+    return 0
+}
+
+dmverity_run() {
+    DATA_SIZE="__not_set__"
+    ROOT_HASH="__not_set__"
+
+    . /usr/share/misc/dm-verity.env
+
+    case "${bootparam_root}" in
+        ID=*)
+            RDEV="$(realpath /dev/disk/by-id/${bootparam_root#ID=})"
+            ;;
+        LABEL=*)
+            RDEV="$(realpath /dev/disk/by-label/${bootparam_root#LABEL=})"
+            ;;
+        PARTLABEL=*)
+            RDEV="$(realpath /dev/disk/by-partlabel/${bootparam_root#PARTLABEL=})"
+            ;;
+        PARTUUID=*)
+            RDEV="$(realpath /dev/disk/by-partuuid/${bootparam_root#PARTUUID=})"
+            ;;
+        PATH=*)
+            RDEV="$(realpath /dev/disk/by-path/${bootparam_root#PATH=})"
+            ;;
+        UUID=*)
+            RDEV="$(realpath /dev/disk/by-uuid/${bootparam_root#UUID=})"
+            ;;
+        *)
+            RDEV="${bootparam_root}"
+    esac
+
+    if ! [ -b "${RDEV}" ]; then
+        echo "Root device resolution failed"
+        exit 1
+    fi
+
+    veritysetup \
+        --data-block-size=1024 \
+        --hash-offset=${DATA_SIZE} \
+        create rootfs \
+        ${RDEV} \
+        ${RDEV} \
+        ${ROOT_HASH}
+
+    mount \
+        -o ro \
+        /dev/mapper/rootfs \
+        ${ROOTFS_DIR} || exit 2
+}
--- a/recipes-core/initrdscripts/initramfs-framework_1.0.bbappend
+++ b/recipes-core/initrdscripts/initramfs-framework_1.0.bbappend
@@ -0,0 +1,16 @@
+FILESEXTRAPATHS_prepend := "${THISDIR}/${PN}:"
+
+SRC_URI_append = "\
+    file://dmverity \
+"
+
+do_install_append() {
+    # dm-verity
+    install ${WORKDIR}/dmverity ${D}/init.d/80-dmverity
+}
+
+PACKAGES_append = " initramfs-module-dmverity"
+
+SUMMARY_initramfs-module-dmverity = "initramfs dm-verity rootfs support"
+RDEPENDS_initramfs-module-dmverity = "${PN}-base"
+FILES_initramfs-module-dmverity = "/init.d/80-dmverity"