Re: [meta-security][PATCH] dmverity: Make use of DATA_BLOCK_SIZE variable in initrdscript.


Armin Kuster
 

merged.

On 9/23/21 8:45 AM, Paulo Neves wrote:
From: Christer Fletcher <christer.fletcher@inter.ikea.com>

DATA_BLOCK_SIZE variable was set in dm-verity-img.bbclass at build
time but the initrdscript was not updated to pass the DATA_BLOCK_SIZE
to the veritysetup. Now the functionality is complete.

Signed-off-by: Paulo Neves <paulo.neves1@inter.ikea.com>
---
recipes-core/initrdscripts/initramfs-framework-dm/dmverity | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/recipes-core/initrdscripts/initramfs-framework-dm/dmverity b/recipes-core/initrdscripts/initramfs-framework-dm/dmverity
index 888052c..c815940 100644
--- a/recipes-core/initrdscripts/initramfs-framework-dm/dmverity
+++ b/recipes-core/initrdscripts/initramfs-framework-dm/dmverity
@@ -6,6 +6,7 @@ dmverity_enabled() {

dmverity_run() {
DATA_SIZE="__not_set__"
+ DATA_BLOCK_SIZE="__not_set__"
ROOT_HASH="__not_set__"

. /usr/share/misc/dm-verity.env
@@ -49,7 +50,7 @@ dmverity_run() {
done

veritysetup \
- --data-block-size=1024 \
+ --data-block-size=${DATA_BLOCK_SIZE} \
--hash-offset=${DATA_SIZE} \
create rootfs \
${RDEV} \


Join yocto@lists.yoctoproject.org to automatically receive all group messages.