diff options
Diffstat (limited to 'recipes-core/initrdscripts')
5 files changed, 110 insertions, 59 deletions
diff --git a/recipes-core/initrdscripts/initramfs-dm-verity.bb b/recipes-core/initrdscripts/initramfs-dm-verity.bb deleted file mode 100644 index b614956..0000000 --- a/recipes-core/initrdscripts/initramfs-dm-verity.bb +++ /dev/null @@ -1,13 +0,0 @@ -SUMMARY = "Simple init script that uses devmapper to mount the rootfs in read-only mode protected by dm-verity" -LICENSE = "MIT" -LIC_FILES_CHKSUM = "file://${COREBASE}/meta/COPYING.MIT;md5=3da9cfbcb788c80a0384361b4de20420" - -SRC_URI = "file://init-dm-verity.sh" - -do_install() { - install -m 0755 ${WORKDIR}/init-dm-verity.sh ${D}/init - install -d ${D}/dev - mknod -m 622 ${D}/dev/console c 5 1 -} - -FILES_${PN} = "/init /dev/console" diff --git a/recipes-core/initrdscripts/initramfs-dm-verity/init-dm-verity.sh b/recipes-core/initrdscripts/initramfs-dm-verity/init-dm-verity.sh deleted file mode 100644 index 307d2c7..0000000 --- a/recipes-core/initrdscripts/initramfs-dm-verity/init-dm-verity.sh +++ /dev/null @@ -1,46 +0,0 @@ -#!/bin/sh - -PATH=/sbin:/bin:/usr/sbin:/usr/bin -RDEV="" -ROOT_DIR="/new_root" - -mkdir -p /proc -mkdir -p /sys -mkdir -p /run -mkdir -p /tmp -mount -t proc proc /proc -mount -t sysfs sysfs /sys -mount -t devtmpfs none /dev - -udevd --daemon -udevadm trigger --type=subsystems --action=add -udevadm trigger --type=devices --action=add -udevadm settle --timeout=10 - -for PARAM in $(cat /proc/cmdline); do - case $PARAM in - root=*) - RDEV=${PARAM#root=} - ;; - esac -done - -if ! [ -b $RDEV ]; then - echo "Missing root command line argument!" - exit 1 -fi - -case $RDEV in - UUID=*) - RDEV=$(realpath /dev/disk/by-uuid/${RDEV#UUID=}) - ;; -esac - -. /usr/share/dm-verity.env - -echo "Mounting $RDEV over dm-verity as the root filesystem" - -veritysetup --data-block-size=1024 --hash-offset=$DATA_SIZE create rootfs $RDEV $RDEV $ROOT_HASH -mkdir -p $ROOT_DIR -mount -o ro /dev/mapper/rootfs $ROOT_DIR -exec switch_root $ROOT_DIR /sbin/init diff --git a/recipes-core/initrdscripts/initramfs-framework-dm/dmverity b/recipes-core/initrdscripts/initramfs-framework-dm/dmverity new file mode 100644 index 0000000..1923490 --- /dev/null +++ b/recipes-core/initrdscripts/initramfs-framework-dm/dmverity @@ -0,0 +1,93 @@ +#!/bin/sh + +dmverity_enabled() { + return 0 +} + +dmverity_run() { + DATA_SIZE="__not_set__" + DATA_BLOCK_SIZE="__not_set__" + ROOT_HASH="__not_set__" + SEPARATE_HASH="__not_set__" + + . /usr/share/misc/dm-verity.env + + C=0 + delay=${bootparam_rootdelay:-1} + timeout=${bootparam_roottimeout:-5} + + # we know exactly what we are looking for; don't need the wide hunt below + if [ "${SEPARATE_HASH}" -eq "1" ]; then + while [ ! -b "/dev/disk/by-partuuid/${ROOT_UUID}" ]; do + if [ $(( $C * $delay )) -gt $timeout ]; then + fatal "Root device (data) resolution failed" + exit 1 + fi + debug "Sleeping for $delay second(s) to wait for root data to settle..." + sleep $delay + C=$(( $C + 1 )) + done + + veritysetup \ + --data-block-size=${DATA_BLOCK_SIZE} \ + create rootfs \ + /dev/disk/by-partuuid/${ROOT_UUID} \ + /dev/disk/by-partuuid/${RHASH_UUID} \ + ${ROOT_HASH} + + mount \ + -o ro \ + /dev/mapper/rootfs \ + ${ROOTFS_DIR} || exit 2 + + return + fi + + RDEV="$(realpath /dev/disk/by-partuuid/${bootparam_root#PARTUUID=} 2>/dev/null)" + while [ ! -b "${RDEV}" ]; do + if [ $(( $C * $delay )) -gt $timeout ]; then + fatal "Root device resolution failed" + exit 1 + fi + + case "${bootparam_root}" in + ID=*) + RDEV="$(realpath /dev/disk/by-id/${bootparam_root#ID=} 2>/dev/null)" + ;; + LABEL=*) + RDEV="$(realpath /dev/disk/by-label/${bootparam_root#LABEL=} 2>/dev/null)" + ;; + PARTLABEL=*) + RDEV="$(realpath /dev/disk/by-partlabel/${bootparam_root#PARTLABEL=} 2>/dev/null)" + ;; + PARTUUID=*) + RDEV="$(realpath /dev/disk/by-partuuid/${bootparam_root#PARTUUID=} 2>/dev/null)" + ;; + PATH=*) + RDEV="$(realpath /dev/disk/by-path/${bootparam_root#PATH=} 2>/dev/null)" + ;; + UUID=*) + RDEV="$(realpath /dev/disk/by-uuid/${bootparam_root#UUID=} 2>/dev/null)" + ;; + *) + RDEV="${bootparam_root}" + esac + debug "Sleeping for $delay second(s) to wait root to settle..." + sleep $delay + C=$(( $C + 1 )) + + done + + veritysetup \ + --data-block-size=${DATA_BLOCK_SIZE} \ + --hash-offset=${DATA_SIZE} \ + create rootfs \ + ${RDEV} \ + ${RDEV} \ + ${ROOT_HASH} + + mount \ + -o ro \ + /dev/mapper/rootfs \ + ${ROOTFS_DIR} || exit 2 +} diff --git a/recipes-core/initrdscripts/initramfs-framework.inc b/recipes-core/initrdscripts/initramfs-framework.inc new file mode 100644 index 0000000..aa04348 --- /dev/null +++ b/recipes-core/initrdscripts/initramfs-framework.inc @@ -0,0 +1,16 @@ +FILESEXTRAPATHS:prepend := "${THISDIR}/initramfs-framework-dm:" + +SRC_URI:append = "\ + file://dmverity \ +" + +do_install:append() { + # dm-verity + install ${S}/dmverity ${D}/init.d/80-dmverity +} + +PACKAGES:append = " initramfs-module-dmverity" + +SUMMARY:initramfs-module-dmverity = "initramfs dm-verity rootfs support" +RDEPENDS:initramfs-module-dmverity = "${PN}-base" +FILES:initramfs-module-dmverity = "/init.d/80-dmverity" diff --git a/recipes-core/initrdscripts/initramfs-framework_1.0.bbappend b/recipes-core/initrdscripts/initramfs-framework_1.0.bbappend new file mode 100644 index 0000000..f5d476e --- /dev/null +++ b/recipes-core/initrdscripts/initramfs-framework_1.0.bbappend @@ -0,0 +1 @@ +require ${@bb.utils.contains('IMAGE_CLASSES', 'dm-verity-img', 'initramfs-framework.inc', '', d)} |