From 29d46054c2a3c71ae1ad164a6f32bd6ecbe1b07b Mon Sep 17 00:00:00 2001
From: gr embeter <grembeter=gmail.com@lists.yoctoproject.org>
Date: Sat, 9 Nov 2024 12:31:45 +0100
Subject: dm-verity-img.bbclass: add DM_VERITY_SETUP_ARGS

Useful to pass additional arguments to veritysetup, for example
'--no-superblock' to make system less vulnerable to certain types of
attacks and data maniputaion on the disk.

Signed-off-by: Grygorii Tertychnyi <grembeter@gmail.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
---
 classes/dm-verity-img.bbclass | 4 ++++
 1 file changed, 4 insertions(+)

(limited to 'classes')

diff --git a/classes/dm-verity-img.bbclass b/classes/dm-verity-img.bbclass
index 7f79548..9a3a97e 100644
--- a/classes/dm-verity-img.bbclass
+++ b/classes/dm-verity-img.bbclass
@@ -46,6 +46,9 @@ DM_VERITY_IMAGE_HASH_BLOCK_SIZE ?= "4096"
 # Should we store the hash data on a separate device/partition?
 DM_VERITY_SEPARATE_HASH ?= "0"
 
+# Additional arguments for veritysetup
+DM_VERITY_SETUP_ARGS ?= ""
+
 # These are arch specific.  We could probably intelligently auto-assign these?
 # Take x86-64 values as defaults. No impact on functionality currently.
 # See SD_GPT_ROOT_X86_64 and SD_GPT_ROOT_X86_64_VERITY in the spec.
@@ -146,6 +149,7 @@ verity_setup() {
     cp -a $INPUT $OUTPUT
 
     SETUP_ARGS=" \
+        ${DM_VERITY_SETUP_ARGS} \
         --data-block-size=${DM_VERITY_IMAGE_DATA_BLOCK_SIZE} \
         --hash-block-size=${DM_VERITY_IMAGE_HASH_BLOCK_SIZE} \
         $HASH_OFFSET format $OUTPUT $OUTPUT_HASH \
-- 
cgit v1.2.3-54-g00ecf