From 489f7c900c365e4b3198cff2f2fd7c38623b77e8 Mon Sep 17 00:00:00 2001
From: "niko.mauno@vaisala.com" <niko.mauno@vaisala.com>
Date: Thu, 10 Sep 2020 16:17:54 +0000
Subject: initramfs-framework: Add dmverity module

Add 'initramfs-module-dmverity' as an extension to poky upstream
provided initramfs-framework suite via matchingly named bbappend file.

Together with pre-existing 'initramfs-module-udev' this module can be
used to facilitate dm-verity rootfs mounting from initramfs context
that is bundled with Linux kernel.

Signed-off-by: Niko Mauno <niko.mauno@vaisala.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
---
 .../initrdscripts/initramfs-framework/dmverity     | 53 ++++++++++++++++++++++
 .../initrdscripts/initramfs-framework_1.0.bbappend | 16 +++++++
 2 files changed, 69 insertions(+)
 create mode 100644 recipes-core/initrdscripts/initramfs-framework/dmverity
 create mode 100644 recipes-core/initrdscripts/initramfs-framework_1.0.bbappend

diff --git a/recipes-core/initrdscripts/initramfs-framework/dmverity b/recipes-core/initrdscripts/initramfs-framework/dmverity
new file mode 100644
index 0000000..bb07aab
--- /dev/null
+++ b/recipes-core/initrdscripts/initramfs-framework/dmverity
@@ -0,0 +1,53 @@
+#!/bin/sh
+
+dmverity_enabled() {
+    return 0
+}
+
+dmverity_run() {
+    DATA_SIZE="__not_set__"
+    ROOT_HASH="__not_set__"
+
+    . /usr/share/misc/dm-verity.env
+
+    case "${bootparam_root}" in
+        ID=*)
+            RDEV="$(realpath /dev/disk/by-id/${bootparam_root#ID=})"
+            ;;
+        LABEL=*)
+            RDEV="$(realpath /dev/disk/by-label/${bootparam_root#LABEL=})"
+            ;;
+        PARTLABEL=*)
+            RDEV="$(realpath /dev/disk/by-partlabel/${bootparam_root#PARTLABEL=})"
+            ;;
+        PARTUUID=*)
+            RDEV="$(realpath /dev/disk/by-partuuid/${bootparam_root#PARTUUID=})"
+            ;;
+        PATH=*)
+            RDEV="$(realpath /dev/disk/by-path/${bootparam_root#PATH=})"
+            ;;
+        UUID=*)
+            RDEV="$(realpath /dev/disk/by-uuid/${bootparam_root#UUID=})"
+            ;;
+        *)
+            RDEV="${bootparam_root}"
+    esac
+
+    if ! [ -b "${RDEV}" ]; then
+        echo "Root device resolution failed"
+        exit 1
+    fi
+
+    veritysetup \
+        --data-block-size=1024 \
+        --hash-offset=${DATA_SIZE} \
+        create rootfs \
+        ${RDEV} \
+        ${RDEV} \
+        ${ROOT_HASH}
+
+    mount \
+        -o ro \
+        /dev/mapper/rootfs \
+        ${ROOTFS_DIR} || exit 2
+}
diff --git a/recipes-core/initrdscripts/initramfs-framework_1.0.bbappend b/recipes-core/initrdscripts/initramfs-framework_1.0.bbappend
new file mode 100644
index 0000000..dad9c96
--- /dev/null
+++ b/recipes-core/initrdscripts/initramfs-framework_1.0.bbappend
@@ -0,0 +1,16 @@
+FILESEXTRAPATHS_prepend := "${THISDIR}/${PN}:"
+
+SRC_URI_append = "\
+    file://dmverity \
+"
+
+do_install_append() {
+    # dm-verity
+    install ${WORKDIR}/dmverity ${D}/init.d/80-dmverity
+}
+
+PACKAGES_append = " initramfs-module-dmverity"
+
+SUMMARY_initramfs-module-dmverity = "initramfs dm-verity rootfs support"
+RDEPENDS_initramfs-module-dmverity = "${PN}-base"
+FILES_initramfs-module-dmverity = "/init.d/80-dmverity"
-- 
cgit v1.2.3-54-g00ecf