aboutsummaryrefslogtreecommitdiffstats
path: root/classes
AgeCommit message (Collapse)Author
2020-09-12dm-verity-img.bbclass: Stage verity.env fileniko.mauno@vaisala.com
Introduce new STAGING_VERITY_DIR variable specific to this bbclass which defines the directory where the verity.env file is stored during <DM_VERITY_IMAGE>:do_image_<DM_VERITY_IMAGE_TYPE> task and can consequtively be picked up into associated initramfs rootfs (which facilitates executing 'veritysetup' and related actions). By doing this we mitigate failures that were thus far associated to this facility, such as install: cannot stat '.../build/tmp/deploy/images/qemux86-64/core-image-minimal-qemux86-64.ext4.verity.env': No such file or directory and install: cannot stat '.../build/tmp/deploy/images/beaglebone-yocto/core-image-minimal-beaglebone-yocto.ext4.verity.env': No such file or directory Signed-off-by: Niko Mauno <niko.mauno@vaisala.com> Signed-off-by: Armin Kuster <akuster808@gmail.com>
2020-09-12dm-verity-img.bbclass: Reorder parse-time checkniko.mauno@vaisala.com
Relocate checking if DM_VERITY_IMAGE and DM_VERITY_IMAGE_TYPE are defined as non-empty strings before DM_VERITY_IMAGE vs. PN comparison is performed. By doing so we start seeing following kind of bitbake parse-time console warnings in case either DM_VERITY_IMAGE or DM_VERITY_IMAGE_TYPE is not set, when 'dm-verity-img' is defined in IMAGE_CLASSES: WARNING: .../meta/recipes-core/images/core-image-minimal.bb: dm-verity-img class inherited but not used WARNING: .../meta-openembedded/meta-oe/recipes-core/images/meta-oe-ptest-image.bb: dm-verity-img class inherited but not used whereas before this change this warning was printed only once, when image pointed by <DM_VERITY_IMAGE> was parsed (and recipe with that name could be found in BBFILES mask scipe), and DM_VERITY_IMAGE_TYPE was not set. Signed-off-by: Niko Mauno <niko.mauno@vaisala.com> Signed-off-by: Armin Kuster <akuster808@gmail.com>
2020-09-12dm-verity-img.bbclass: Fix bashismsniko.mauno@vaisala.com
Resort to printf in order to avoid usage of non-POSIX compliant echo flags. This mitigates following errors visible in console during boot-up with image that has been built on a host that symlinks '/bin/sh' to 'dash': /init: /usr/share/dm-verity.env: line 1: -NE_UUID: not found /init: /usr/share/dm-verity.env: line 2: -ne: not found /init: /usr/share/dm-verity.env: line 3: 642864e8-6a17-46b9-ba1e-9386a3909c8d: not found /init: /usr/share/dm-verity.env: line 4: -NE_HASH_TYPE: not found /init: /usr/share/dm-verity.env: line 5: -ne: not found /init: /usr/share/dm-verity.env: line 6: 1: not found /init: /usr/share/dm-verity.env: line 7: -NE_DATA_BLOCKS: not found /init: /usr/share/dm-verity.env: line 8: -ne: not found /init: /usr/share/dm-verity.env: line 9: 12064: not found /init: /usr/share/dm-verity.env: line 10: -NE_DATA_BLOCK_SIZE: not found /init: /usr/share/dm-verity.env: line 11: -ne: not found /init: /usr/share/dm-verity.env: line 12: 1024: not found /init: /usr/share/dm-verity.env: line 13: -NE_HASH_BLOCK_SIZE: not found /init: /usr/share/dm-verity.env: line 14: -ne: not found /init: /usr/share/dm-verity.env: line 15: 4096: not found /init: /usr/share/dm-verity.env: line 16: -NE_HASH_ALGORITHM: not found /init: /usr/share/dm-verity.env: line 17: -ne: not found /init: /usr/share/dm-verity.env: line 18: sha256: not found /init: /usr/share/dm-verity.env: line 19: -NE_SALT: not found /init: /usr/share/dm-verity.env: line 20: -ne: not found /init: /usr/share/dm-verity.env: line 21: 19d98185b42a897a37db6c56c7470ab2d455f0de46daa0df735eee6263816439: not found /init: /usr/share/dm-verity.env: line 22: -NE_ROOT_HASH: not found /init: /usr/share/dm-verity.env: line 23: -ne: not found /init: /usr/share/dm-verity.env: line 24: 298d75fc2ea27fe594b6a37158a6ae7538e77d918bab98c475934f625de0e4ab: not found Signed-off-by: Niko Mauno <niko.mauno@vaisala.com> Signed-off-by: Armin Kuster <akuster808@gmail.com>
2020-05-15classes: provide a class for generating dm-verity meta-data imagesBartosz Golaszewski
This adds a class that allows to generate conversions of ext[234] and btrfs partitions images with dm-verity hash data appended at the end as well as a corresponding .env file containing the root hash and data offset that can be stored in a secure location (e.g. signed fitImage) or signed and verified at run-time on its own. The class depends on two variables: DM_VERITY_IMAGE: defines the name of the main image (normally the one that is used with the bitbake command to build the main image) DM_VERITY_IMAGE_TYPE: defines exactly one type for which to generate the protected image. Signed-off-by: Bartosz Golaszewski <bgolaszewski@baylibre.com> Signed-off-by: Armin Kuster <akuster808@gmail.com>
2013-10-23meta-security: Add a new .bbclass for meta-security layer.mulhern
Inheriting the class will cause the check_security function to run on the ROOTFS image. Currently the check_security function just invokes buck-security-native on the root filesystem of the image.
generated by cgit 1.2.3-korg (git 2.39.0) at 2024-04-28 06:42:21 +0000