mirror of
https://git.yoctoproject.org/meta-security
synced 2026-01-12 03:10:13 +00:00
650e6d6d4b
DATA_BLOCK_SIZE variable was set in dm-verity-img.bbclass at build time but the initrdscript was not updated to pass the DATA_BLOCK_SIZE to the veritysetup. Now the functionality is complete. Signed-off-by: Paulo Neves <paulo.neves1@inter.ikea.com> Signed-off-by: Armin Kuster <akuster808@gmail.com>
65 lines
1.7 KiB
Bash
65 lines
1.7 KiB
Bash
#!/bin/sh
|
|
|
|
dmverity_enabled() {
|
|
return 0
|
|
}
|
|
|
|
dmverity_run() {
|
|
DATA_SIZE="__not_set__"
|
|
DATA_BLOCK_SIZE="__not_set__"
|
|
ROOT_HASH="__not_set__"
|
|
|
|
. /usr/share/misc/dm-verity.env
|
|
|
|
C=0
|
|
delay=${bootparam_rootdelay:-1}
|
|
timeout=${bootparam_roottimeout:-5}
|
|
RDEV="$(realpath /dev/disk/by-partuuid/${bootparam_root#PARTUUID=})"
|
|
while [ ! -b "${RDEV}" ]; do
|
|
if [ $(( $C * $delay )) -gt $timeout ]; then
|
|
fatal "Root device resolution failed"
|
|
exit 1
|
|
fi
|
|
|
|
case "${bootparam_root}" in
|
|
ID=*)
|
|
RDEV="$(realpath /dev/disk/by-id/${bootparam_root#ID=})"
|
|
;;
|
|
LABEL=*)
|
|
RDEV="$(realpath /dev/disk/by-label/${bootparam_root#LABEL=})"
|
|
;;
|
|
PARTLABEL=*)
|
|
RDEV="$(realpath /dev/disk/by-partlabel/${bootparam_root#PARTLABEL=})"
|
|
;;
|
|
PARTUUID=*)
|
|
RDEV="$(realpath /dev/disk/by-partuuid/${bootparam_root#PARTUUID=})"
|
|
;;
|
|
PATH=*)
|
|
RDEV="$(realpath /dev/disk/by-path/${bootparam_root#PATH=})"
|
|
;;
|
|
UUID=*)
|
|
RDEV="$(realpath /dev/disk/by-uuid/${bootparam_root#UUID=})"
|
|
;;
|
|
*)
|
|
RDEV="${bootparam_root}"
|
|
esac
|
|
debug "Sleeping for $delay second(s) to wait root to settle..."
|
|
sleep $delay
|
|
C=$(( $C + 1 ))
|
|
|
|
done
|
|
|
|
veritysetup \
|
|
--data-block-size=${DATA_BLOCK_SIZE} \
|
|
--hash-offset=${DATA_SIZE} \
|
|
create rootfs \
|
|
${RDEV} \
|
|
${RDEV} \
|
|
${ROOT_HASH}
|
|
|
|
mount \
|
|
-o ro \
|
|
/dev/mapper/rootfs \
|
|
${ROOTFS_DIR} || exit 2
|
|
}
|