From 1cd901cfa2821b1440179936db2582aa11f6debe Mon Sep 17 00:00:00 2001 From: Thore Sommer Date: Mon, 19 Jul 2021 11:50:22 +0200 Subject: Enable dm-verity support also for ext filesystems Those need a block size of 4k to work. --- manpages/en/lb_config.1 | 4 ++-- scripts/build/binary_dm-verity | 13 ++++++++----- scripts/build/binary_rootfs | 9 +++++++-- 3 files changed, 17 insertions(+), 9 deletions(-) diff --git a/manpages/en/lb_config.1 b/manpages/en/lb_config.1 index 7982079b6..3876ee57c 100644 --- a/manpages/en/lb_config.1 +++ b/manpages/en/lb_config.1 @@ -341,9 +341,9 @@ defines the distribution enabled in the resulting live system (defaults to the v .IP "\fB\-\-distribution\-chroot\fR \fICODENAME\fR" 4 defines the distribution used to build the live system (defaults to the value set in \fB\-\-distribution\fR) .IP "\fB\-\-dm\-verity\fR" 4 -Enables dm-verity support for root file system. Currently only squashfs is supported. For more information see \fIlive\-boot\fR(7). +Enables dm\-verity support for root file system. Only squashfs, ext2, ext3 and ext4 are supported. For more information see \fIlive\-boot\fR(7). .IP "\fB\-\-dm\-verity\-fec\fR \fINB_ROOTS\fR" 4 -Enables forward error correction for dm-verity. \fINB_ROOTS\fR is the number of error correction roots thas should be used. The value can between 2 and 24. Android uses 2 by default. +Enables forward error correction for dm-verity. \fINB_ROOTS\fR is the number of error correction roots thas should be used. The value can be between 2 and 24. Android uses 2 by default. .IP "\fB\-\-dm\-verity\-sign\fR \fISIGN_SCRIPT\fR" 4 Sign root hash of dm-verity device. Script takes two arguments: the root hash and a file to output the signature to. .IP "\fB\-\-dump\fR" 4 diff --git a/scripts/build/binary_dm-verity b/scripts/build/binary_dm-verity index fb33c7a5f..c9d899c42 100755 --- a/scripts/build/binary_dm-verity +++ b/scripts/build/binary_dm-verity @@ -28,11 +28,14 @@ fi Echo_message "Begin creating dm-verity hash for rootfs" -if [ "${LB_CHROOT_FILESYSTEM}" != "squashfs" ] -then - Echo_error "dm-verity support is only implemented for squashfs" - exit 1 -fi +case ${LB_CHROOT_FILESYSTEM} in + squashfs|ext2|ext3|ext4) + ;; + *) + Echo_error "dm-verity support is not implemented for ${LB_CHROOT_FILESYSTEM}!" + exit 1 + ;; +esac case "${LB_INITRAMFS}" in diff --git a/scripts/build/binary_rootfs b/scripts/build/binary_rootfs index 802bee9d7..135a2dbc0 100755 --- a/scripts/build/binary_rootfs +++ b/scripts/build/binary_rootfs @@ -111,8 +111,13 @@ case "${LB_CHROOT_FILESYSTEM}" in Chroot chroot "ln -s /proc/mounts/mtab /etc/mtab" FAKE_MTAB=true fi - - Chroot chroot "mkfs.${LB_CHROOT_FILESYSTEM} -F -b 1024 -N ${REAL_INODES} -m 0 filesystem.${LB_CHROOT_FILESYSTEM}" + BLOCK_SIZE=1024 + if [ "${LB_DM_VERITY}" = "true" ] + then + # dm-verity needs a block size of at least 4k + BLOCK_SIZE=4096 + fi + Chroot chroot "mkfs.${LB_CHROOT_FILESYSTEM} -F -b ${BLOCK_SIZE} -N ${REAL_INODES} -m 0 filesystem.${LB_CHROOT_FILESYSTEM}" mkdir -p filesystem.tmp mount -o loop chroot/filesystem.${LB_CHROOT_FILESYSTEM} filesystem.tmp -- cgit v1.2.3