dm-verity: add a working example for BeagleBone Black

This adds various bits and pieces to enable generating a working example
of a full chain of trust up to dm-verity-protected rootfs level on Beagle
Bone Black.

The new initramfs is quite generic and should work for other SoCs as well
when using fitImage.

The following config can be used with current master poky,
meta-openembedded & meta-security to generate a BBB image using verified
boot and dm-verity.

  UBOOT_SIGN_KEYDIR = "/tmp/test-keys/"
  UBOOT_SIGN_KEYNAME = "dev"
  UBOOT_SIGN_ENABLE = "1"
  UBOOT_MKIMAGE_DTCOPTS = "-I dts -O dtb -p 2000"
  UBOOT_MACHINE_beaglebone-yocto = "am335x_boneblack_vboot_config"

  IMAGE_CLASSES += "dm-verity-img"
  IMAGE_FSTYPES += "wic.xz ext4"

  DM_VERITY_IMAGE = "core-image-full-cmdline"
  DM_VERITY_IMAGE_TYPE = "ext4"

  KERNEL_CLASSES += "kernel-fitimage"
  KERNEL_IMAGETYPE_beaglebone-yocto = "fitImage"

  IMAGE_INSTALL_remove = " kernel-image-zimage"
  IMAGE_BOOT_FILES_remove = " zImage"
  IMAGE_BOOT_FILES_append = " fitImage-${INITRAMFS_IMAGE}-${MACHINE}-${MACHINE};fitImage"

  # Using systemd is not strictly needed but deals nicely with read-only
  # filesystem by default.
  DISTRO_FEATURES_append = " systemd"
  DISTRO_FEATURES_BACKFILL_CONSIDERED += "sysvinit"
  VIRTUAL-RUNTIME_init_manager = "systemd"
  VIRTUAL-RUNTIME_initscripts = "systemd-compat-units"

  INITRAMFS_IMAGE = "dm-verity-image-initramfs"
  INITRAMFS_FSTYPES = "cpio.gz"
  INITRAMFS_IMAGE_BUNDLE = "1"

  WKS_FILE = "beaglebone-yocto-verity.wks.in"

  KERNEL_FEATURES_append = " features/device-mapper/dm-verity.scc"

Signed-off-by: Bartosz Golaszewski <bgolaszewski@baylibre.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>

recipes-core/images/dm-verity-image-initramfs.bb

@@ -0,0 +1,26 @@
+DESCRIPTION = "Simple initramfs image for mounting the rootfs over the verity device mapper."
+
+# We want a clean, minimal image.
+IMAGE_FEATURES = ""
+
+PACKAGE_INSTALL = " \
+    initramfs-dm-verity \
+    base-files \
+    busybox \
+    util-linux-mount \
+    udev \
+    cryptsetup \
+    lvm2-udevrules \
+"
+
+# Can we somehow inspect reverse dependencies to avoid these variables?
+do_rootfs[depends] += "${DM_VERITY_IMAGE}:do_image_${DM_VERITY_IMAGE_TYPE}"
+
+IMAGE_FSTYPES = "${INITRAMFS_FSTYPES}"
+
+inherit core-image
+
+deploy_verity_hash() {
+    install -D -m 0644 ${DEPLOY_DIR_IMAGE}/${DM_VERITY_IMAGE}-${MACHINE}.${DM_VERITY_IMAGE_TYPE}.verity.env ${IMAGE_ROOTFS}/${datadir}/dm-verity.env
+}
+ROOTFS_POSTPROCESS_COMMAND += "deploy_verity_hash;"

recipes-core/initrdscripts/initramfs-dm-verity.bb

@@ -0,0 +1,13 @@
+SUMMARY = "Simple init script that uses devmapper to mount the rootfs in read-only mode protected by dm-verity"
+LICENSE = "MIT"
+LIC_FILES_CHKSUM = "file://${COREBASE}/meta/COPYING.MIT;md5=3da9cfbcb788c80a0384361b4de20420"
+
+SRC_URI = "file://init-dm-verity.sh"
+
+do_install() {
+    install -m 0755 ${WORKDIR}/init-dm-verity.sh ${D}/init
+    install -d ${D}/dev
+    mknod -m 622 ${D}/dev/console c 5 1
+}
+
+FILES_${PN} = "/init /dev/console"

recipes-core/initrdscripts/initramfs-dm-verity/init-dm-verity.sh

@@ -0,0 +1,46 @@
+#!/bin/sh
+
+PATH=/sbin:/bin:/usr/sbin:/usr/bin
+RDEV=""
+ROOT_DIR="/new_root"
+
+mkdir -p /proc
+mkdir -p /sys
+mkdir -p /run
+mkdir -p /tmp
+mount -t proc proc /proc
+mount -t sysfs sysfs /sys
+mount -t devtmpfs none /dev
+
+udevd --daemon
+udevadm trigger --type=subsystems --action=add
+udevadm trigger --type=devices --action=add
+udevadm settle --timeout=10
+
+for PARAM in $(cat /proc/cmdline); do
+	case $PARAM in
+		root=*)
+			RDEV=${PARAM#root=}
+			;;
+	esac
+done
+
+if ! [ -b $RDEV ]; then
+	echo "Missing root command line argument!"
+	exit 1
+fi
+
+case $RDEV in
+	UUID=*)
+		RDEV=$(realpath /dev/disk/by-uuid/${RDEV#UUID=})
+		;;
+esac
+
+. /usr/share/dm-verity.env
+
+echo "Mounting $RDEV over dm-verity as the root filesystem"
+
+veritysetup --data-block-size=1024 --hash-offset=$DATA_SIZE create rootfs $RDEV $RDEV $ROOT_HASH
+mkdir -p $ROOT_DIR
+mount -o ro /dev/mapper/rootfs $ROOT_DIR
+exec switch_root $ROOT_DIR /sbin/init

wic/beaglebone-yocto-verity.wks.in

@@ -0,0 +1,15 @@
+# SPDX-License-Identifier: MIT
+#
+# Copyright (C) 2020 BayLibre SAS
+# Author: Bartosz Golaszewski <bgolaszewski@baylibre.com>
+#
+# A dm-verity variant of the regular wks for beaglebone black. We need to fetch
+# the partition images from the DEPLOY_DIR_IMAGE as the rootfs source plugin will
+# not recreate the exact block device corresponding with the hash tree. We must
+# not alter the label or any other setting on the image.
+#
+# This .wks only works with the dm-verity-img class.
+
+part /boot --source bootimg-partition --ondisk mmcblk0 --fstype=vfat --label boot --active --align 4 --size 16 --sourceparams="loader=u-boot" --use-uuid
+part / --source rawcopy --ondisk mmcblk0 --sourceparams="file=${DEPLOY_DIR_IMAGE}/${DM_VERITY_IMAGE}-${MACHINE}.${DM_VERITY_IMAGE_TYPE}.verity"
+bootloader --append="console=ttyS0,115200"