mirror of
https://git.yoctoproject.org/meta-security
synced 2026-01-11 15:00:34 +00:00
f1591a1579
Create a wks.in that allows an out-of-the-box build of a bootable USB image using systemd and the hash data as a separate device or partition. A focus here was to ensure we used proper GPT names and GPT types, and the GPT UUIDs that are based on splitting the root hash. Signed-off-by: Paul Gortmaker <paul.gortmaker@windriver.com> Signed-off-by: Armin Kuster <akuster808@gmail.com>
19 lines
1.1 KiB
Plaintext
19 lines
1.1 KiB
Plaintext
# short-description: Create an EFI disk image with systemd-boot and separate hash dm-verity
|
|
# A dm-verity variant of the regular wks for IA machines. We need to fetch
|
|
# the partition images from the IMGDEPLOYDIR as the rootfs source plugin will
|
|
# not recreate the exact block device corresponding with the hash tree. We must
|
|
# not alter the label or any other setting on the image.
|
|
# Based on OE-core's systemd-bootdisk.wks and meta-security's beaglebone-yocto-verity.wks.in file
|
|
#
|
|
# This .wks only works with the dm-verity-img class and separate hash data. (DM_VERITY_SEPARATE_HASH)
|
|
|
|
part /boot --source bootimg-efi --sourceparams="loader=systemd-boot,initrd=microcode.cpio" --ondisk sda --label msdos --active --align 1024 --use-uuid
|
|
|
|
# include the root+hash part with the dynamic hash/UUIDs from the build.
|
|
include ${STAGING_VERITY_DIR}/${IMAGE_BASENAME}.${DM_VERITY_IMAGE_TYPE}.wks.in
|
|
|
|
# add "console=ttyS0,115200" or whatever you need to the --append="..."
|
|
bootloader --ptable gpt --timeout=5 --append="root=/dev/mapper/rootfs"
|
|
|
|
part swap --ondisk sda --size 44 --label swap1 --fstype=swap --use-uuid
|