Re: [oe] [meta-security][RFC 2/2] dm-verity: add a working example for BeagleBone Black

Tue, 14 Apr 2020 02:08:04 -0700 

pon., 13 kwi 2020 o 12:53 Ayoub Zaki <ayoub.z...@embexus.com> napisaƂ(a):
>
> Hi,
>
>
> On 10.04.20 14:41, Bartosz Golaszewski wrote:
> > From: Bartosz Golaszewski <bgolaszew...@baylibre.com>
> >
> > This adds various bits and pieces to enable generating a working example
> > of a full chain of trust up to dm-verity-protected rootfs level on Beagle
> > Bone Black.
> >
> > The new initramfs is quite generic and should work for other SoCs as well
> > when using fitImage.
> >
> > The following config can be used with current master poky,
> > meta-openembedded & meta-security to generate a BBB image using verified
> > boot and dm-verity.
> >
> >    UBOOT_SIGN_KEYDIR = "/tmp/test-keys/"
> >    UBOOT_SIGN_KEYNAME = "dev"
> >    UBOOT_SIGN_ENABLE = "1"
> >    UBOOT_MKIMAGE_DTCOPTS = "-I dts -O dtb -p 2000"
> >    UBOOT_MACHINE_beaglebone-yocto = "am335x_boneblack_vboot_config"
> >
> >    IMAGE_CLASSES += "dm-verity-img"
> >    IMAGE_FSTYPES += "wic.xz ext4"
> >
> >    DM_VERITY_IMAGE = "core-image-full-cmdline"
> >    DM_VERITY_IMAGE_TYPE = "ext4"
> >
> >    KERNEL_CLASSES += "kernel-fitimage"
> >    KERNEL_IMAGETYPE_beaglebone-yocto = "fitImage"
> >
> >    IMAGE_INSTALL_remove = " kernel-image-zimage"
> >    IMAGE_BOOT_FILES_remove = " zImage"
> >    IMAGE_BOOT_FILES_append = " 
> > fitImage-${INITRAMFS_IMAGE}-${MACHINE}-${MACHINE};fitImage"
> >
> >    # Using systemd is not strictly needed but deals nicely with read-only
> >    # filesystem by default.
> >    DISTRO_FEATURES_append = " systemd"
> >    DISTRO_FEATURES_BACKFILL_CONSIDERED += "sysvinit"
> >    VIRTUAL-RUNTIME_init_manager = "systemd"
> >    VIRTUAL-RUNTIME_initscripts = "systemd-compat-units"
> >
> >    INITRAMFS_IMAGE = "dm-verity-image-initramfs"
> >    INITRAMFS_FSTYPES = "cpio.gz"
> >    INITRAMFS_IMAGE_BUNDLE = "1"
> >
> >    WKS_FILE = "beaglebone-yocto-verity.wks.in"
> >
> >    KERNEL_FEATURES_append = " features/device-mapper/dm-verity.scc"
> >
> > Signed-off-by: Bartosz Golaszewski <bgolaszew...@baylibre.com>
>
>
> Not sure if it's a working example...so where does the fitImage goes ?
>
> How did you solve the circular dependency ?
>
>

Please refer to the cover letter - it points to a patch series for
OE-core where I fixed the problem in image and sstate bbclasses.

Bart

-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.

View/Reply Online (#83903): 
https://lists.openembedded.org/g/openembedded-devel/message/83903
Mute This Topic: https://lists.openembedded.org/mt/72920044/21656
Group Owner: openembedded-devel+ow...@lists.openembedded.org
Unsubscribe: https://lists.openembedded.org/g/openembedded-devel/unsub  
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

Reply via email to