summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorPaul Gortmaker <paul.gortmaker@windriver.com>2023-03-10 13:11:17 -0500
committerArmin Kuster <akuster808@gmail.com>2023-03-20 16:27:24 -0400
commit2b2b112b056e2e01d00e6905b8908bbde0e3a8de (patch)
treec1a013840f110ae772558814743918b4c468e344
parentb6b483902ad8d74f2d2e2081c42fe4cd13d4001f (diff)
downloadmeta-security-2b2b112b056e2e01d00e6905b8908bbde0e3a8de.tar.gz
dm-verity: document board specifics for Beaglebone Black
This is meant to augment the generic dm-verity instructions with the board specifics for this platform. Signed-off-by: Paul Gortmaker <paul.gortmaker@windriver.com> Signed-off-by: Armin Kuster <akuster808@gmail.com>
-rw-r--r--docs/dm-verity-beaglebone.txt37
1 files changed, 37 insertions, 0 deletions
diff --git a/docs/dm-verity-beaglebone.txt b/docs/dm-verity-beaglebone.txt
new file mode 100644
index 0000000..5f0caa4
--- /dev/null
+++ b/docs/dm-verity-beaglebone.txt
@@ -0,0 +1,37 @@
1dm-verity and beaglebone-black
2------------------------------
3Set/uncomment the MACHINE line for "beaglebone-yocto" if you haven't yet.
4
5In addition to the basic dm-verity settings, you'll also want in local.conf:
6
7IMAGE_BOOT_FILES:remove = "zImage"
8IMAGE_BOOT_FILES:append = " zImage-initramfs-${MACHINE}.bin;zImage"
9WKS_FILES = "${MACHINE}-verity.wks.in"
10
11Read-only issues: The beaglebone BSP by default declares the following:
12
13 SERIAL_CONSOLES ?= "115200;ttyS0 115200;ttyO0 115200;ttyAMA0"
14 SERIAL_CONSOLES_CHECK = "${SERIAL_CONSOLES}"
15
16...which are variables used by sysV init, in order to determine the
17appropriate /etc/inittab entries. The problem that arises is that by
18default, an on-target runtime check of /proc/consoles is used to finalize
19the /etc/inittab -- and of course that fails a build with read-only-rootfs
20[see the pkg_postinst_ontarget rule in the sysvinit rule for details.]
21
22If you don't need a serial console, the quick fix is to add in local.conf
23
24SERIAL_CONSOLES = ""
25
26If you do need/want a serial console, then probably a local bbappend to
27manually set the /etc/inittab as desired is easiest.
28
29After running "wic create -e core-image-minimal beaglebone-yocto-verity"
30you should have a "direct" image ready to write to a u-SD card. Remember
31that the "direct" image contains the bootloader and partition table
32already, so you'll be writing it to a device such as /dev/sdb and not
33just a partition -- like /dev/sdb1
34
35Also recall that booting from u-SD requires pressing and holding the S2
36(SYSBOOT) button during power-on in order to divert the boot from the normal
37soldered on storage and to the removable u-SD card.