diff options
| author | Thore Sommer <debian@thson.de> | 2021-07-10 16:52:02 +0200 |
|---|---|---|
| committer | Thore Sommer <debian@thson.de> | 2021-07-11 10:33:48 +0200 |
| commit | 0f53b8ed209d240c7a4e74cb9b3c3497ac517b19 (patch) | |
| tree | 43523af83d348e095f2255877300b5609509eb5c /scripts/build/config | |
| parent | 873b2d4d7349514ad0e46ee6d028aaa40e7a528c (diff) | |
| download | vyos-live-build-0f53b8ed209d240c7a4e74cb9b3c3497ac517b19.tar.gz vyos-live-build-0f53b8ed209d240c7a4e74cb9b3c3497ac517b19.zip | |
Adding dm-verity support for rootfs
This adds support for dm-vertiy on the root filesystem.
Currently only squashfs is supported.
Three new flags are introduced.
* --dm-verity: Enable basic dm-verity support
* --dm-verity-fec NB_ROOTS: Enable forward error correction. Optional
* --dm-verity-sign SCRIPT: Specify signing script for the root hash. Optional
Diffstat (limited to 'scripts/build/config')
| -rwxr-xr-x | scripts/build/config | 30 |
1 files changed, 29 insertions, 1 deletions
diff --git a/scripts/build/config b/scripts/build/config index 59fcf1f3f..14cff154b 100755 --- a/scripts/build/config +++ b/scripts/build/config @@ -65,6 +65,9 @@ USAGE="${PROGRAM} [--apt apt|apt-get|aptitude]\n\ \t [-d|--distribution CODENAME]\n\ \t [--distribution-binary CODENAME]\n\ \t [--distribution-chroot CODENAME]\n\ +\t [--dm-verity]\n\ +\t [--dm-verity-fec NB_ROOTS]\n\ +\t [--dm-verity-sign SIGN_SCRIPT]\n\ \t [--dump]\n\ \t [--firmware-binary true|false]\n\ \t [--firmware-chroot true|false]\n\ @@ -145,7 +148,8 @@ Local_arguments () config:,debconf-frontend:,debconf-priority:,debian-installer:, debian-installer-distribution:,debian-installer-gui:, debian-installer-preseedfile:,debootstrap-options:,debootstrap-script:, - debug,distribution:,distribution-binary:,distribution-chroot:,dump, + debug,dm-verity,dm-verity-fec:,dm-verity-sign:, + distribution:,distribution-binary:,distribution-chroot:,dump, fdisk:,firmware-binary:,firmware-chroot:,force, grub-splash:,gzip-options:, hdd-label:,hdd-partition-start:,hdd-size:,help, @@ -492,6 +496,21 @@ Local_arguments () shift 2 ;; + --dm-verity) + LB_DM_VERITY="true" + shift + ;; + + --dm-verity-fec) + LB_DM_VERITY_FEC_ROOTS="${2}" + shift 2 + ;; + + --dm-verity-sign) + LB_DM_VERITY_SIGN="${2}" + shift 2 + ;; + --fdisk) Echo_warning "--fdisk is an obsolete option" shift 2 @@ -1214,6 +1233,15 @@ LB_CHECKSUMS="${LB_CHECKSUMS}" # Set compression LB_COMPRESSION="${LB_COMPRESSION}" +# Support dm-verity on rootfs +LB_DM_VERITY="${LB_DM_VERITY}" + +# Support FEC on dm-verity rootfs +LB_DM_VERITY_FEC_ROOTS="${LB_DM_VERITY_FEC_ROOTS}" + +# Set sign script for roothash for dm-verity rootfs +LB_DM_VERITY_SIGN="${LB_DM_VERITY_SIGN}" + # Set zsync LB_ZSYNC="${LB_ZSYNC}" |