dm-verity-img.bbclass: add DM_VERITY_SETUP_ARGS

Useful to pass additional arguments to veritysetup, for example
'--no-superblock' to make system less vulnerable to certain types of
attacks and data maniputaion on the disk.

Signed-off-by: Grygorii Tertychnyi <grembeter@gmail.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>

1 files changed, 4 insertions, 0 deletions

diff --git a/classes/dm-verity-img.bbclass b/classes/dm-verity-img.bbclass
index 7f79548..9a3a97e 100644
--- a/classes/dm-verity-img.bbclass
+++ b/classes/dm-verity-img.bbclass
@@ -46,6 +46,9 @@ DM_VERITY_IMAGE_HASH_BLOCK_SIZE ?= "4096"
 # Should we store the hash data on a separate device/partition?
 DM_VERITY_SEPARATE_HASH ?= "0"
 
+# Additional arguments for veritysetup
+DM_VERITY_SETUP_ARGS ?= ""
+
 # These are arch specific.  We could probably intelligently auto-assign these?
 # Take x86-64 values as defaults. No impact on functionality currently.
 # See SD_GPT_ROOT_X86_64 and SD_GPT_ROOT_X86_64_VERITY in the spec.
@@ -146,6 +149,7 @@ verity_setup() {
     cp -a $INPUT $OUTPUT
 
     SETUP_ARGS=" \
+        ${DM_VERITY_SETUP_ARGS} \
         --data-block-size=${DM_VERITY_IMAGE_DATA_BLOCK_SIZE} \
         --hash-block-size=${DM_VERITY_IMAGE_HASH_BLOCK_SIZE} \
         $HASH_OFFSET format $OUTPUT $OUTPUT_HASH \