Verity hash in kernel bootscript

($INBOX_DIR/description missing)
 help / color / mirror / Atom feed

From: f.louveau@lacroix.group
To: yocto@lists.yoctoproject.org
Subject: Verity hash in kernel bootscript
Date: Thu, 02 May 2024 02:28:03 -0700	[thread overview]
Message-ID: <pS1t.1714642083190660050.4DTn@lists.yoctoproject.org> (raw)

[-- Attachment #1: Type: text/plain, Size: 1237 bytes --]

Hello,

I have a project where I want to implement dm-verity on my rootfs (no initramfs here).

I modify image recipe to split rootfs in multiple partition (weird this is not supported upstream).
I generate rootfs as a squashfs with verity has table at the end.
I also obtain a verity.env file as output in ${TMPDIR}/work-shared/${MACHINE}/dm-verity/

My idea is to convert verity.env into a bootscript and inject it inside fitimage using UBOOT_ENV variable.

My issue is the overall dependency. I need my rootfs before creating my bootfs (/boot) containing my fitimage.

Ideally I want to

* generate a first rootfs without uboot and fitimage (not possible as it is defined using KERNEL_IMAGETYPES).
* convert verity.env into bootscript.txt and configure UBOOT_ENV
* generate fitimage and create my bootfs

I explore several ideas like multiconfig without success, multiple images (works but recompile several elements twice, not perfect), define new fstype or image (no success for now)

Any advice or suggestion are welcomed.

Additional question: why UBOOT_ENV is linked to UBOOT as it is only generated in u-boot recipe and then injected in do_assemble_fitimage. Maybe an independent recipe could be simpler.

[-- Attachment #2: Type: text/html, Size: 1338 bytes --]

next             reply	other threads:[~2024-05-02 10:18 UTC|newest]

Thread overview: 4+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2024-05-02  9:28 f.louveau [this message]
2024-05-02 10:34 ` [yocto] Verity hash in kernel bootscript Mikko Rapeli
2024-05-02 12:11   ` f.louveau
2024-05-06  8:07     ` f.louveau

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=pS1t.1714642083190660050.4DTn@lists.yoctoproject.org \
    --to=f.louveau@lacroix.group \
    --cc=yocto@lists.yoctoproject.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).