From: Bartosz Golaszewski <bgolaszew...@baylibre.com> I'm terribly sorry for spamming, but I eventually decided to resend it: not only the tags were messed up but I also added a v2 on top. This time it should be good.
=== This series attempts to introduce support for dm-verity in meta-security. It depends on a series[1] I submitted for OE-core that introduces multi-stage image deployment that's currently pending review (although the general idea was accepted by Richard). This new way of deploying image artifacts is aimed at solving a circular dependency problem[2] which turned out to be impossible to resolve if all artifacts are deployed at once by the do_image_complete task. The first patch in this series introduces a generic bbclass that allows to generate and append dm-verity hash data at the end of the partition image. The second patch adds support for an example verified boot image for Beagle Bone Black where the root dm-verity hash is stored inside the signed fitImage in an initramfs which takes care of mouting the protected rootfs. Patch 2/2 - while made sure to work on BBB - should be generic enough to be reusable across many platforms. [1] https://www.mail-archive.com/openembedded-core@lists.openembedded.org/msg135694.html [2] https://www.mail-archive.com/openembedded-core@lists.openembedded.org/msg134825.html Bartosz Golaszewski (2): classes: provide a class for generating dm-verity meta-data images dm-verity: add a working example for BeagleBone Black classes/dm-verity-img.bbclass | 88 +++++++++++++++++++ .../images/dm-verity-image-initramfs.bb | 26 ++++++ .../initrdscripts/initramfs-dm-verity.bb | 13 +++ .../initramfs-dm-verity/init-dm-verity.sh | 46 ++++++++++ wic/beaglebone-yocto-verity.wks.in | 15 ++++ 5 files changed, 188 insertions(+) create mode 100644 classes/dm-verity-img.bbclass create mode 100644 recipes-core/images/dm-verity-image-initramfs.bb create mode 100644 recipes-core/initrdscripts/initramfs-dm-verity.bb create mode 100644 recipes-core/initrdscripts/initramfs-dm-verity/init-dm-verity.sh create mode 100644 wic/beaglebone-yocto-verity.wks.in -- 2.25.0
-=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#83854): https://lists.openembedded.org/g/openembedded-devel/message/83854 Mute This Topic: https://lists.openembedded.org/mt/72920040/21656 Group Owner: openembedded-devel+ow...@lists.openembedded.org Unsubscribe: https://lists.openembedded.org/g/openembedded-devel/unsub [arch...@mail-archive.com] -=-=-=-=-=-=-=-=-=-=-=-
