From 0f53b8ed209d240c7a4e74cb9b3c3497ac517b19 Mon Sep 17 00:00:00 2001 From: Thore Sommer Date: Sat, 10 Jul 2021 16:52:02 +0200 Subject: Adding dm-verity support for rootfs This adds support for dm-vertiy on the root filesystem. Currently only squashfs is supported. Three new flags are introduced. * --dm-verity: Enable basic dm-verity support * --dm-verity-fec NB_ROOTS: Enable forward error correction. Optional * --dm-verity-sign SCRIPT: Specify signing script for the root hash. Optional --- scripts/build/config | 30 +++++++++++++++++++++++++++++- 1 file changed, 29 insertions(+), 1 deletion(-) (limited to 'scripts/build/config') diff --git a/scripts/build/config b/scripts/build/config index 59fcf1f3f..14cff154b 100755 --- a/scripts/build/config +++ b/scripts/build/config @@ -65,6 +65,9 @@ USAGE="${PROGRAM} [--apt apt|apt-get|aptitude]\n\ \t [-d|--distribution CODENAME]\n\ \t [--distribution-binary CODENAME]\n\ \t [--distribution-chroot CODENAME]\n\ +\t [--dm-verity]\n\ +\t [--dm-verity-fec NB_ROOTS]\n\ +\t [--dm-verity-sign SIGN_SCRIPT]\n\ \t [--dump]\n\ \t [--firmware-binary true|false]\n\ \t [--firmware-chroot true|false]\n\ @@ -145,7 +148,8 @@ Local_arguments () config:,debconf-frontend:,debconf-priority:,debian-installer:, debian-installer-distribution:,debian-installer-gui:, debian-installer-preseedfile:,debootstrap-options:,debootstrap-script:, - debug,distribution:,distribution-binary:,distribution-chroot:,dump, + debug,dm-verity,dm-verity-fec:,dm-verity-sign:, + distribution:,distribution-binary:,distribution-chroot:,dump, fdisk:,firmware-binary:,firmware-chroot:,force, grub-splash:,gzip-options:, hdd-label:,hdd-partition-start:,hdd-size:,help, @@ -492,6 +496,21 @@ Local_arguments () shift 2 ;; + --dm-verity) + LB_DM_VERITY="true" + shift + ;; + + --dm-verity-fec) + LB_DM_VERITY_FEC_ROOTS="${2}" + shift 2 + ;; + + --dm-verity-sign) + LB_DM_VERITY_SIGN="${2}" + shift 2 + ;; + --fdisk) Echo_warning "--fdisk is an obsolete option" shift 2 @@ -1214,6 +1233,15 @@ LB_CHECKSUMS="${LB_CHECKSUMS}" # Set compression LB_COMPRESSION="${LB_COMPRESSION}" +# Support dm-verity on rootfs +LB_DM_VERITY="${LB_DM_VERITY}" + +# Support FEC on dm-verity rootfs +LB_DM_VERITY_FEC_ROOTS="${LB_DM_VERITY_FEC_ROOTS}" + +# Set sign script for roothash for dm-verity rootfs +LB_DM_VERITY_SIGN="${LB_DM_VERITY_SIGN}" + # Set zsync LB_ZSYNC="${LB_ZSYNC}" -- cgit v1.2.3