| Message ID | 20231221075730.201111-4-mikko.rapeli@linaro.org |
|---|---|
| State | New |
| Headers | show |
| Series | [meta-security,1/4] tpm2-tss: support native builds | expand |
On Thu Dec 21, 2023 at 8:57 AM CET, Mikko Rapeli wrote: > If image recipe A wants to embed another image B which used > dm-verity-img.bbclass and generated the .wks file, then > recipe B must deploy everything to IMGDEPLOYDIR but recipe A > finds the output from DM_VERITY_DEPLOY_DIR = "${DEPLOY_DIR_IMAGE}". > > Now both A and B images can use dm-verity-img.bbclass. > > Signed-off-by: Mikko Rapeli <mikko.rapeli@linaro.org> > --- > classes/dm-verity-img.bbclass | 8 ++++++-- > 1 file changed, 6 insertions(+), 2 deletions(-) > > diff --git a/classes/dm-verity-img.bbclass b/classes/dm-verity-img.bbclass > index 7f35df5..2f212d6 100644 > --- a/classes/dm-verity-img.bbclass > +++ b/classes/dm-verity-img.bbclass > @@ -33,6 +33,10 @@ > # is stored where it can be installed into associated initramfs rootfs. > STAGING_VERITY_DIR ?= "${TMPDIR}/work-shared/${MACHINE}/dm-verity" > > +# location of images, default current image recipe. Set to DEPLOY_DIR_IMAGE > +# if non-verity images want to embed the .wks and verity image. > +DM_VERITY_DEPLOY_DIR ?= "${IMGDEPLOYDIR}" > + > # Define the data block size to use in veritysetup. > DM_VERITY_IMAGE_DATA_BLOCK_SIZE ?= "1024" > > @@ -107,10 +111,10 @@ process_verity() { > # Create wks.in fragment with build specific UUIDs for partitions. > # Unfortunately the wks.in does not support line continuations... > # First, the unappended filesystem data partition. > - echo 'part / --source rawcopy --ondisk sda --sourceparams="file=${IMGDEPLOYDIR}/${DM_VERITY_IMAGE}-${MACHINE}.${DM_VERITY_IMAGE_TYPE}.verity" --part-name verityroot --part-type="${DM_VERITY_ROOT_GUID}"'" --uuid=\"$ROOT_UUID\"" > $WKS_INC > + echo 'part / --source rawcopy --ondisk sda --sourceparams="file=${DM_VERITY_DEPLOY_DIR}/${DM_VERITY_IMAGE}-${MACHINE}.rootfs.${DM_VERITY_IMAGE_TYPE}.verity" --part-name verityroot --part-type="${DM_VERITY_ROOT_GUID}"'" --uuid=\"$ROOT_UUID\"" > $WKS_INC > > # note: no default mount point for hash data partition > - echo 'part --source rawcopy --ondisk sda --sourceparams="file=${IMGDEPLOYDIR}/${DM_VERITY_IMAGE}-${MACHINE}.${DM_VERITY_IMAGE_TYPE}.vhash" --part-name verityhash --part-type="${DM_VERITY_RHASH_GUID}"'" --uuid=\"$RHASH_UUID\"" >> $WKS_INC > + echo 'part --source rawcopy --ondisk sda --sourceparams="file=${DM_VERITY_DEPLOY_DIR}/${DM_VERITY_IMAGE}-${MACHINE}.${DM_VERITY_IMAGE_TYPE}.vhash" --part-name verityhash --part-type="${DM_VERITY_RHASH_GUID}"'" --uuid=\"$RHASH_UUID\"" >> $WKS_INC > } > > verity_setup() { Reviewed-by: Erik Schilling <erik.schilling@linaro.org>
diff --git a/classes/dm-verity-img.bbclass b/classes/dm-verity-img.bbclass index 7f35df5..2f212d6 100644 --- a/classes/dm-verity-img.bbclass +++ b/classes/dm-verity-img.bbclass @@ -33,6 +33,10 @@ # is stored where it can be installed into associated initramfs rootfs. STAGING_VERITY_DIR ?= "${TMPDIR}/work-shared/${MACHINE}/dm-verity" +# location of images, default current image recipe. Set to DEPLOY_DIR_IMAGE +# if non-verity images want to embed the .wks and verity image. +DM_VERITY_DEPLOY_DIR ?= "${IMGDEPLOYDIR}" + # Define the data block size to use in veritysetup. DM_VERITY_IMAGE_DATA_BLOCK_SIZE ?= "1024" @@ -107,10 +111,10 @@ process_verity() { # Create wks.in fragment with build specific UUIDs for partitions. # Unfortunately the wks.in does not support line continuations... # First, the unappended filesystem data partition. - echo 'part / --source rawcopy --ondisk sda --sourceparams="file=${IMGDEPLOYDIR}/${DM_VERITY_IMAGE}-${MACHINE}.${DM_VERITY_IMAGE_TYPE}.verity" --part-name verityroot --part-type="${DM_VERITY_ROOT_GUID}"'" --uuid=\"$ROOT_UUID\"" > $WKS_INC + echo 'part / --source rawcopy --ondisk sda --sourceparams="file=${DM_VERITY_DEPLOY_DIR}/${DM_VERITY_IMAGE}-${MACHINE}.rootfs.${DM_VERITY_IMAGE_TYPE}.verity" --part-name verityroot --part-type="${DM_VERITY_ROOT_GUID}"'" --uuid=\"$ROOT_UUID\"" > $WKS_INC # note: no default mount point for hash data partition - echo 'part --source rawcopy --ondisk sda --sourceparams="file=${IMGDEPLOYDIR}/${DM_VERITY_IMAGE}-${MACHINE}.${DM_VERITY_IMAGE_TYPE}.vhash" --part-name verityhash --part-type="${DM_VERITY_RHASH_GUID}"'" --uuid=\"$RHASH_UUID\"" >> $WKS_INC + echo 'part --source rawcopy --ondisk sda --sourceparams="file=${DM_VERITY_DEPLOY_DIR}/${DM_VERITY_IMAGE}-${MACHINE}.${DM_VERITY_IMAGE_TYPE}.vhash" --part-name verityhash --part-type="${DM_VERITY_RHASH_GUID}"'" --uuid=\"$RHASH_UUID\"" >> $WKS_INC } verity_setup() {
If image recipe A wants to embed another image B which used dm-verity-img.bbclass and generated the .wks file, then recipe B must deploy everything to IMGDEPLOYDIR but recipe A finds the output from DM_VERITY_DEPLOY_DIR = "${DEPLOY_DIR_IMAGE}". Now both A and B images can use dm-verity-img.bbclass. Signed-off-by: Mikko Rapeli <mikko.rapeli@linaro.org> --- classes/dm-verity-img.bbclass | 8 ++++++-- 1 file changed, 6 insertions(+), 2 deletions(-)