59 lines
2.4 KiB
Plaintext
59 lines
2.4 KiB
Plaintext
# Copyright (C) 2023 Vincent BENOIT <vincent.benoit@scle.fr>
|
|
# Release under the MIT license (see COPYING.MIT for the terms)
|
|
SUMMARY = "Simple init script that uses devmapper to mount the rootfs in read-only mode protected by dm-verity"
|
|
LICENSE = "CLOSED"
|
|
FILESEXTRAPATHS:prepend := "${THISDIR}/files:"
|
|
|
|
SRC_URI:append = " \
|
|
file://dmverity \
|
|
file://cryptfs \
|
|
file://cryptfs_tpm2 \
|
|
"
|
|
|
|
PACKAGES:append = " \
|
|
initramfs-module-verity \
|
|
initramfs-module-cryptfs \
|
|
initramfs-module-cryptfs-tpm2 \
|
|
"
|
|
|
|
do_install:append() {
|
|
# dm-verity
|
|
install ${WORKDIR}/dmverity ${D}/init.d/80-dmverity
|
|
# cryptfs
|
|
install -d ${D}/${sysconfdir}/cryptfs
|
|
install -m 0644 ${WORKDIR}/cryptfs_tpm2 ${D}/${sysconfdir}/cryptfs/tpm2
|
|
install -m 0755 ${WORKDIR}/cryptfs ${D}/init.d/95-cryptfs
|
|
}
|
|
|
|
SUMMARY:initramfs-module-verity = "initramfs support for dm-verity filesystems"
|
|
RDEPENDS:initramfs-module-verity = " \
|
|
"
|
|
|
|
FILES:initramfs-module-verity = " \
|
|
/init.d/80-dmverity \
|
|
"
|
|
|
|
SUMMARY:initramfs-module-cryptfs = "initramfs support for encrypted filesystems"
|
|
RDEPENDS:initramfs-module-cryptfs = " \
|
|
e2fsprogs-resize2fs \
|
|
e2fsprogs-e2fsck \
|
|
e2fsprogs \
|
|
e2fsprogs-mke2fs \
|
|
cryptsetup \
|
|
clevis \
|
|
"
|
|
|
|
FILES:initramfs-module-cryptfs = " \
|
|
/init.d/95-cryptfs \
|
|
"
|
|
|
|
SUMMARY:initramfs-module-cryptfs-tpm2 = "encrypted filesystems with support for tpm 2.0"
|
|
RDEPENDS:initramfs-module-cryptfs-tpm2 = " \
|
|
initramfs-module-cryptfs \
|
|
${@bb.utils.contains('MACHINE_FEATURES', 'tpm2', 'libtss2 libtss2-mu libtss2-tcti-device', '', d)} \
|
|
tpm2-tools \
|
|
"
|
|
FILES:initramfs-module-cryptfs-tpm2 = " \
|
|
${sysconfdir}/cryptfs/tpm2 \
|
|
"
|