Topics

[dunfell 14/32] initramfs-framework: Add dmverity module


akuster
 

From: "niko.mauno@..." <niko.mauno@...>

Add 'initramfs-module-dmverity' as an extension to poky upstream
provided initramfs-framework suite via matchingly named bbappend file.

Together with pre-existing 'initramfs-module-udev' this module can be
used to facilitate dm-verity rootfs mounting from initramfs context
that is bundled with Linux kernel.

Signed-off-by: Niko Mauno <niko.mauno@...>
Signed-off-by: Armin Kuster <@armpit>
(cherry picked from commit 489f7c900c365e4b3198cff2f2fd7c38623b77e8)
---
.../initramfs-framework/dmverity | 53 +++++++++++++++++++
.../initramfs-framework_1.0.bbappend | 16 ++++++
2 files changed, 69 insertions(+)
create mode 100644 recipes-core/initrdscripts/initramfs-framework/dmverity
create mode 100644 recipes-core/initrdscripts/initramfs-framework_1.0.bbappend

diff --git a/recipes-core/initrdscripts/initramfs-framework/dmverity b/recipes-core/initrdscripts/initramfs-framework/dmverity
new file mode 100644
index 0000000..bb07aab
--- /dev/null
+++ b/recipes-core/initrdscripts/initramfs-framework/dmverity
@@ -0,0 +1,53 @@
+#!/bin/sh
+
+dmverity_enabled() {
+ return 0
+}
+
+dmverity_run() {
+ DATA_SIZE="__not_set__"
+ ROOT_HASH="__not_set__"
+
+ . /usr/share/misc/dm-verity.env
+
+ case "${bootparam_root}" in
+ ID=*)
+ RDEV="$(realpath /dev/disk/by-id/${bootparam_root#ID=})"
+ ;;
+ LABEL=*)
+ RDEV="$(realpath /dev/disk/by-label/${bootparam_root#LABEL=})"
+ ;;
+ PARTLABEL=*)
+ RDEV="$(realpath /dev/disk/by-partlabel/${bootparam_root#PARTLABEL=})"
+ ;;
+ PARTUUID=*)
+ RDEV="$(realpath /dev/disk/by-partuuid/${bootparam_root#PARTUUID=})"
+ ;;
+ PATH=*)
+ RDEV="$(realpath /dev/disk/by-path/${bootparam_root#PATH=})"
+ ;;
+ UUID=*)
+ RDEV="$(realpath /dev/disk/by-uuid/${bootparam_root#UUID=})"
+ ;;
+ *)
+ RDEV="${bootparam_root}"
+ esac
+
+ if ! [ -b "${RDEV}" ]; then
+ echo "Root device resolution failed"
+ exit 1
+ fi
+
+ veritysetup \
+ --data-block-size=1024 \
+ --hash-offset=${DATA_SIZE} \
+ create rootfs \
+ ${RDEV} \
+ ${RDEV} \
+ ${ROOT_HASH}
+
+ mount \
+ -o ro \
+ /dev/mapper/rootfs \
+ ${ROOTFS_DIR} || exit 2
+}
diff --git a/recipes-core/initrdscripts/initramfs-framework_1.0.bbappend b/recipes-core/initrdscripts/initramfs-framework_1.0.bbappend
new file mode 100644
index 0000000..dad9c96
--- /dev/null
+++ b/recipes-core/initrdscripts/initramfs-framework_1.0.bbappend
@@ -0,0 +1,16 @@
+FILESEXTRAPATHS_prepend := "${THISDIR}/${PN}:"
+
+SRC_URI_append = "\
+ file://dmverity \
+"
+
+do_install_append() {
+ # dm-verity
+ install ${WORKDIR}/dmverity ${D}/init.d/80-dmverity
+}
+
+PACKAGES_append = " initramfs-module-dmverity"
+
+SUMMARY_initramfs-module-dmverity = "initramfs dm-verity rootfs support"
+RDEPENDS_initramfs-module-dmverity = "${PN}-base"
+FILES_initramfs-module-dmverity = "/init.d/80-dmverity"
--
2.17.1