diff options
author | takeshi_hoshina <takeshi_hoshina@mail.toyota.co.jp> | 2020-11-02 11:07:33 +0900 |
---|---|---|
committer | takeshi_hoshina <takeshi_hoshina@mail.toyota.co.jp> | 2020-11-02 11:07:33 +0900 |
commit | 1c7d6584a7811b7785ae5c1e378f14b5ba0971cf (patch) | |
tree | cd70a267a5ef105ba32f200aa088e281fbd85747 /external/meta-security/recipes-core/initrdscripts | |
parent | 4204309872da5cb401cbb2729d9e2d4869a87f42 (diff) |
basesystem-jjsandbox/ToshikazuOhiwa/master-jj
recipes
Diffstat (limited to 'external/meta-security/recipes-core/initrdscripts')
-rw-r--r-- | external/meta-security/recipes-core/initrdscripts/initramfs-dm-verity.bb | 13 | ||||
-rw-r--r-- | external/meta-security/recipes-core/initrdscripts/initramfs-dm-verity/init-dm-verity.sh | 46 |
2 files changed, 59 insertions, 0 deletions
diff --git a/external/meta-security/recipes-core/initrdscripts/initramfs-dm-verity.bb b/external/meta-security/recipes-core/initrdscripts/initramfs-dm-verity.bb new file mode 100644 index 00000000..b6149565 --- /dev/null +++ b/external/meta-security/recipes-core/initrdscripts/initramfs-dm-verity.bb @@ -0,0 +1,13 @@ +SUMMARY = "Simple init script that uses devmapper to mount the rootfs in read-only mode protected by dm-verity" +LICENSE = "MIT" +LIC_FILES_CHKSUM = "file://${COREBASE}/meta/COPYING.MIT;md5=3da9cfbcb788c80a0384361b4de20420" + +SRC_URI = "file://init-dm-verity.sh" + +do_install() { + install -m 0755 ${WORKDIR}/init-dm-verity.sh ${D}/init + install -d ${D}/dev + mknod -m 622 ${D}/dev/console c 5 1 +} + +FILES_${PN} = "/init /dev/console" diff --git a/external/meta-security/recipes-core/initrdscripts/initramfs-dm-verity/init-dm-verity.sh b/external/meta-security/recipes-core/initrdscripts/initramfs-dm-verity/init-dm-verity.sh new file mode 100644 index 00000000..307d2c74 --- /dev/null +++ b/external/meta-security/recipes-core/initrdscripts/initramfs-dm-verity/init-dm-verity.sh @@ -0,0 +1,46 @@ +#!/bin/sh + +PATH=/sbin:/bin:/usr/sbin:/usr/bin +RDEV="" +ROOT_DIR="/new_root" + +mkdir -p /proc +mkdir -p /sys +mkdir -p /run +mkdir -p /tmp +mount -t proc proc /proc +mount -t sysfs sysfs /sys +mount -t devtmpfs none /dev + +udevd --daemon +udevadm trigger --type=subsystems --action=add +udevadm trigger --type=devices --action=add +udevadm settle --timeout=10 + +for PARAM in $(cat /proc/cmdline); do + case $PARAM in + root=*) + RDEV=${PARAM#root=} + ;; + esac +done + +if ! [ -b $RDEV ]; then + echo "Missing root command line argument!" + exit 1 +fi + +case $RDEV in + UUID=*) + RDEV=$(realpath /dev/disk/by-uuid/${RDEV#UUID=}) + ;; +esac + +. /usr/share/dm-verity.env + +echo "Mounting $RDEV over dm-verity as the root filesystem" + +veritysetup --data-block-size=1024 --hash-offset=$DATA_SIZE create rootfs $RDEV $RDEV $ROOT_HASH +mkdir -p $ROOT_DIR +mount -o ro /dev/mapper/rootfs $ROOT_DIR +exec switch_root $ROOT_DIR /sbin/init |