CaROS/meta-openembedded
3
1
Fork 0
mirror of git://git.openembedded.org/meta-openembedded synced 2026-01-01 13:58:06 +00:00
Code Issues Packages Projects Releases Wiki Activity
29,959 Commits 63 Branches 0 Tags 91 MiB
BitBake 71.9%
C++ 6.9%
Shell 6.5%
C 3.2%
Roff 2.3%
Other 9%
6f4501734f
Go to file
Jan Luebbe 6f4501734f
Add class for appending dm-verity hash data to block device images 
Add support to generate a dm-verity image and the parameters required to
assemble the corresponding table for the device-mapper driver. The latter will
be stored in the file ${DEPLOY_DIR_IMAGE}/<IMAGE_LINK_NAME>.verity-params.
Note that in the resulting image the hash tree data is appended to the contents
of the original image without an explicit superblock to keep things simple and
compact.

The above mentioned parameter file can be sourced by a shell to finally create
the desired blockdevice via "dmsetup" (found in meta-oe's recipe
"libdevmapper"), e.g.

  . <IMAGE_LINK_NAME>.verity-params
  dmsetup create <dm_dev_name> --readonly --table "0 $VERITY_DATA_SECTORS verity \
      1 <dev> <hash_dev> \
      $VERITY_DATA_BLOCK_SIZE  $VERITY_HASH_BLOCK_SIZE \
      $VERITY_DATA_BLOCKS  $VERITY_DATA_BLOCKS \
      $VERITY_HASH_ALGORITHM  $VERITY_ROOT_HASH  $VERITY_SALT \
      1 ignore_zero_blocks"

As the hash tree data is found at the end of the image, <dev> and <hash_dev>
should be the same blockdevice in the command shown above while <dm_dev_name> is
the name of the to be created dm-verity-device.

The root hash is calculated using a salt to make attacks more difficult. Thus,
please grant each image recipe its own salt which could be generated e.g. via

  dd if=/dev/random bs=1k count=1 | sha256sum

and assign it to the parameter VERITY_SALT.

Signed-off-by: Jan Luebbe <jlu@pengutronix.de>
Signed-off-by: Rouven Czerwinski <r.czerwinski@pengutronix.de>
Signed-off-by: Marco Felsch <m.felsch@pengutronix.de>
Signed-off-by: Ulrich Ölmann <u.oelmann@pengutronix.de>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
2024-04-23 15:18:30 -07:00
contrib contrib: oe-stylize: Use Python3 explicitly 2023-06-04 22:29:46 -07:00
meta-filesystems bindfs: upgrade 1.17.6 -> 1.17.7 2024-04-17 23:47:23 -07:00
meta-gnome gnome-remote-desktop: update 46.0 -> 46.1 2024-04-23 15:15:35 -07:00
meta-initramfs layer.conf: Prepare for release, drop nanbield LAYERSERIES 2024-03-17 13:10:12 -07:00
meta-multimedia aravis: fix LICENSE and enable viewer PACKAGECONFIG only with GTK3DISTROFEATURES 2024-04-23 15:15:31 -07:00
meta-networking spice-gtk: add PACKAGECONFIG for webdav 2024-04-23 15:15:35 -07:00
meta-oe Add class for appending dm-verity hash data to block device images 2024-04-23 15:18:30 -07:00
meta-perl libcrypt-openssl-random-perl: upgrade 0.15 -> 0.16 2024-04-17 23:47:24 -07:00
meta-python python3-txdbus: cleanup RDEPENDS 2024-04-23 15:18:30 -07:00
meta-webserver apache2: Upgrade v2.4.58 -> v2.4.59 2024-04-19 14:31:32 -07:00
meta-xfce layer.conf: Prepare for release, drop nanbield LAYERSERIES 2024-03-17 13:10:12 -07:00
.gitignore .gitignore: add *.pyc and *.pyo 2019-06-15 16:45:33 -07:00
COPYING.MIT
README.md layers: Move READMEs to markdown format 2023-06-17 08:30:01 -07:00

README.md

Collection of layers for the OE-core universe

Main layer maintainer: Khem Raj raj.khem@gmail.com

This repository is a collection of layers to suppliment OE-Core with additional packages, Each layer have designated maintainer Please see the respective READMEs in the layer subdirectories