wic: add wks.in for intel dm-verity

Based on systemd-bootdisk-microcode.wks.in, this adds the dm-verity image similar to the beaglebone wks already in meta-security. Signed-off-by: Naveen Saini <naveen.kumar.saini@intel.com> Signed-off-by: Armin Kuster <akuster808@gmail.com>
author: Naveen Saini <naveen.kumar.saini@intel.com> 2020-10-02 10:53:51 +0800
committer: Armin Kuster <akuster@mvista.com> 2020-10-09 07:02:01 -0700
commit: 0de4f3bfb7fffe8d91026f00ce7f9384e13dfc54 (patch)
tree: a47d9dd24490a778cf7ac23ee8078a3a69a6cb4b
parent: e23767fc72040cc58e638b08925ab467221c91f9 (diff)
download: meta-security-0de4f3bfb7fffe8d91026f00ce7f9384e13dfc54.tar.gz
1 files changed, 15 insertions, 0 deletions
diff --git a/wic/systemd-bootdisk-dmverity.wks.in b/wic/systemd-bootdisk-dmverity.wks.in
new file mode 100644
index 0000000..ef114ca
--- /dev/null
+++ b/wic/systemd-bootdisk-dmverity.wks.in
@@ -0,0 +1,15 @@
+# A dm-verity variant of the regular wks for IA machines. We need to fetch
+# the partition images from the IMGDEPLOYDIR as the rootfs source plugin will
+# not recreate the exact block device corresponding with the hash tree. We must
+# not alter the label or any other setting on the image.
+# Based on OE-core's systemd-bootdisk.wks and meta-security's beaglebone-yocto-verity.wks.in file
+#
+# This .wks only works with the dm-verity-img class.
+part /boot --source bootimg-efi --sourceparams="loader=systemd-boot,initrd=microcode.cpio" --ondisk sda --label msdos --active --align 1024 --use-uuid
+part / --source rawcopy --ondisk sda  --sourceparams="file=${IMGDEPLOYDIR}/${DM_VERITY_IMAGE}-${MACHINE}.${DM_VERITY_IMAGE_TYPE}.verity" --use-uuid
+part swap --ondisk sda --size 44 --label swap1 --fstype=swap --use-uuid
+bootloader --ptable gpt --timeout=5 --append=" "
author	Naveen Saini <naveen.kumar.saini@intel.com>	2020-10-02 10:53:51 +0800
committer	Armin Kuster <akuster@mvista.com>	2020-10-09 07:02:01 -0700
commit	0de4f3bfb7fffe8d91026f00ce7f9384e13dfc54 (patch)
tree	a47d9dd24490a778cf7ac23ee8078a3a69a6cb4b
parent	e23767fc72040cc58e638b08925ab467221c91f9 (diff)
download	meta-security-0de4f3bfb7fffe8d91026f00ce7f9384e13dfc54.tar.gz

diff --git a/wic/systemd-bootdisk-dmverity.wks.in b/wic/systemd-bootdisk-dmverity.wks.in new file mode 100644 index 0000000..ef114ca --- /dev/null +++ b/wic/systemd-bootdisk-dmverity.wks.in
@@ -0,0 +1,15 @@
	1	# A dm-verity variant of the regular wks for IA machines. We need to fetch
	2	# the partition images from the IMGDEPLOYDIR as the rootfs source plugin will
	3	# not recreate the exact block device corresponding with the hash tree. We must
	4	# not alter the label or any other setting on the image.
	5	# Based on OE-core's systemd-bootdisk.wks and meta-security's beaglebone-yocto-verity.wks.in file
	6	#
	7	# This .wks only works with the dm-verity-img class.
	8
	9	part /boot --source bootimg-efi --sourceparams="loader=systemd-boot,initrd=microcode.cpio" --ondisk sda --label msdos --active --align 1024 --use-uuid
	10
	11	part / --source rawcopy --ondisk sda --sourceparams="file=${IMGDEPLOYDIR}/${DM_VERITY_IMAGE}-${MACHINE}.${DM_VERITY_IMAGE_TYPE}.verity" --use-uuid
	12
	13	part swap --ondisk sda --size 44 --label swap1 --fstype=swap --use-uuid
	14
	15	bootloader --ptable gpt --timeout=5 --append=" "