| Commit message (Collapse) | Author | Age | Files | Lines |
|
|
|
|
|
|
|
|
|
|
|
| |
Detection of USB devices by the kernel is slow enough. We need to
keep trying for a while (default: 5s seconds, controlled by roottimeout=<seconds>)
and sleep between each attempt (default: one second, rootdelay=<seconds>).
Fix is based on https://git.yoctoproject.org/cgit.cgi/poky/commit/meta/recipes-core/initrdscripts/initramfs-framework/rootfs?id=ee6a6c3461694ce09789bf4d852cea2e22fc95e4
Signed-off-by: Naveen Saini <naveen.kumar.saini@intel.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
(cherry picked from commit e23767fc72040cc58e638b08925ab467221c91f9)
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Switch from this layer's initramfs-dm-verity recipe to poky-provided
initramfs-framework suite to manage veritysetup et al.
This commit also removes initramfs-dm-verity recipe which is not
referred from elsewhere in this meta layer.
Also update the install path of dm-verity.env from /usr/share to
/usr/share/misc in order to better comply with FHS3.0, see
https://refspecs.linuxfoundation.org/FHS_3.0/fhs/ch04s11.html#usrsharemiscMiscellaneousArchitecture
Signed-off-by: Niko Mauno <niko.mauno@vaisala.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
(cherry picked from commit 45e8b20cd022eb7b20d72c23db9fcc6824f08c7a)
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Add 'initramfs-module-dmverity' as an extension to poky upstream
provided initramfs-framework suite via matchingly named bbappend file.
Together with pre-existing 'initramfs-module-udev' this module can be
used to facilitate dm-verity rootfs mounting from initramfs context
that is bundled with Linux kernel.
Signed-off-by: Niko Mauno <niko.mauno@vaisala.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
(cherry picked from commit 489f7c900c365e4b3198cff2f2fd7c38623b77e8)
|
|
This adds various bits and pieces to enable generating a working example
of a full chain of trust up to dm-verity-protected rootfs level on Beagle
Bone Black.
The new initramfs is quite generic and should work for other SoCs as well
when using fitImage.
The following config can be used with current master poky,
meta-openembedded & meta-security to generate a BBB image using verified
boot and dm-verity.
UBOOT_SIGN_KEYDIR = "/tmp/test-keys/"
UBOOT_SIGN_KEYNAME = "dev"
UBOOT_SIGN_ENABLE = "1"
UBOOT_MKIMAGE_DTCOPTS = "-I dts -O dtb -p 2000"
UBOOT_MACHINE_beaglebone-yocto = "am335x_boneblack_vboot_config"
IMAGE_CLASSES += "dm-verity-img"
IMAGE_FSTYPES += "wic.xz ext4"
DM_VERITY_IMAGE = "core-image-full-cmdline"
DM_VERITY_IMAGE_TYPE = "ext4"
KERNEL_CLASSES += "kernel-fitimage"
KERNEL_IMAGETYPE_beaglebone-yocto = "fitImage"
IMAGE_INSTALL_remove = " kernel-image-zimage"
IMAGE_BOOT_FILES_remove = " zImage"
IMAGE_BOOT_FILES_append = " fitImage-${INITRAMFS_IMAGE}-${MACHINE}-${MACHINE};fitImage"
# Using systemd is not strictly needed but deals nicely with read-only
# filesystem by default.
DISTRO_FEATURES_append = " systemd"
DISTRO_FEATURES_BACKFILL_CONSIDERED += "sysvinit"
VIRTUAL-RUNTIME_init_manager = "systemd"
VIRTUAL-RUNTIME_initscripts = "systemd-compat-units"
INITRAMFS_IMAGE = "dm-verity-image-initramfs"
INITRAMFS_FSTYPES = "cpio.gz"
INITRAMFS_IMAGE_BUNDLE = "1"
WKS_FILE = "beaglebone-yocto-verity.wks.in"
KERNEL_FEATURES_append = " features/device-mapper/dm-verity.scc"
Signed-off-by: Bartosz Golaszewski <bgolaszewski@baylibre.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|