[kirkstone][meta-security][PATCH 0/2] dm-verity-img support for squashfs and erofs

All of lore.kernel.org
 help / color / mirror / Atom feed

* [kirkstone][meta-security][PATCH 0/2] dm-verity-img support for squashfs and erofs
@ 2023-02-14  8:08 Maciek Borzecki
  2023-02-14  8:08 ` [kirkstone][meta-security][PATCH 1/2] Add EROFS support to dm-verity-img class Maciek Borzecki
                   ` (2 more replies)
  0 siblings, 3 replies; 4+ messages in thread
From: Maciek Borzecki @ 2023-02-14  8:08 UTC (permalink / raw)
  To: yocto; +Cc: Maciek Borzecki

A cherry pick of patches adding support for EROFS and squashfs in dm-verity-img.

Josh Harley (1):
  Add EROFS support to dm-verity-img class

Maciej Borzęcki (1):
  dm-verity-img.bbclass: add squashfs images

 classes/dm-verity-img.bbclass | 9 +++++++--
 1 file changed, 7 insertions(+), 2 deletions(-)

-- 
2.39.1



^ permalink raw reply	[flat|nested] 4+ messages in thread

* [kirkstone][meta-security][PATCH 1/2] Add EROFS support to dm-verity-img class
  2023-02-14  8:08 [kirkstone][meta-security][PATCH 0/2] dm-verity-img support for squashfs and erofs Maciek Borzecki
@ 2023-02-14  8:08 ` Maciek Borzecki
  2023-02-14  8:08 ` [kirkstone][meta-security][PATCH 2/2] dm-verity-img.bbclass: add squashfs images Maciek Borzecki
  2023-02-14  8:31 ` [yocto] [kirkstone][meta-security][PATCH 0/2] dm-verity-img support for squashfs and erofs Mikko Rapeli
  2 siblings, 0 replies; 4+ messages in thread
From: Maciek Borzecki @ 2023-02-14  8:08 UTC (permalink / raw)
  To: yocto; +Cc: Josh Harley, Armin Kuster, Maciek Borzecki

From: Josh Harley <jharley@orangedogsolutions.co.uk>

 [PATCH] Add support for the EROFS image, and it's compressed options,
 to the dm-verity-img.bbclass setup, theoretically this is a simple addition
 to the list of types however there is a quirk in how Poky handles the
 filesystems in poky/meta/classes/image_types.bbclass.

Specifically the 'IMAGE_CMD' and 'IMAGE_FSTYPES' use a hyphen, e.g.
erofs-lz4, however in the image_type bbclass the task for that would be
"do_image_erofs_lz4", replacing the hyphen with an underscore.

As the dm-verity-img.bbclass adds a dependency to the wic image creation
on the do_image_* task then it fails as there is no
"do_image_erofs-lz4", so simply replace the hypen with an underscore.

Signed-off-by: Armin Kuster <akuster808@gmail.com>
(cherry picked from commit 8ca6bb86e653a332f7cb5b30babc0cd6c58769d0)
Signed-off-by: Maciek Borzecki <maciek@thing.com>
---
 classes/dm-verity-img.bbclass | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/classes/dm-verity-img.bbclass b/classes/dm-verity-img.bbclass
index 93f667d6cdc11257ae8f2ba6300db9f62384a46c..dd447e661f6c0002fe3390ed598cddff6bc0ce8f 100644
--- a/classes/dm-verity-img.bbclass
+++ b/classes/dm-verity-img.bbclass
@@ -63,7 +63,7 @@ verity_setup() {
     veritysetup --data-block-size=${DM_VERITY_IMAGE_DATA_BLOCK_SIZE} --hash-offset=$SIZE format $OUTPUT $OUTPUT | tail -n +2 | process_verity
 }
 
-VERITY_TYPES = "ext2.verity ext3.verity ext4.verity btrfs.verity"
+VERITY_TYPES = "ext2.verity ext3.verity ext4.verity btrfs.verity erofs.verity erofs-lz4.verity erofs-lz4hc.verity"
 IMAGE_TYPES += "${VERITY_TYPES}"
 CONVERSIONTYPES += "verity"
 CONVERSION_CMD:verity = "verity_setup ${type}"
@@ -90,6 +90,6 @@ python __anonymous() {
     # If we're using wic: we'll have to use partition images and not the rootfs
     # source plugin so add the appropriate dependency.
     if 'wic' in image_fstypes:
-        dep = ' %s:do_image_%s' % (pn, verity_type)
+        dep = ' %s:do_image_%s' % (pn, verity_type.replace("-", "_"))
         d.appendVarFlag('do_image_wic', 'depends', dep)
 }
-- 
2.39.1



^ permalink raw reply related	[flat|nested] 4+ messages in thread

* [kirkstone][meta-security][PATCH 2/2] dm-verity-img.bbclass: add squashfs images
  2023-02-14  8:08 [kirkstone][meta-security][PATCH 0/2] dm-verity-img support for squashfs and erofs Maciek Borzecki
  2023-02-14  8:08 ` [kirkstone][meta-security][PATCH 1/2] Add EROFS support to dm-verity-img class Maciek Borzecki
@ 2023-02-14  8:08 ` Maciek Borzecki
  2023-02-14  8:31 ` [yocto] [kirkstone][meta-security][PATCH 0/2] dm-verity-img support for squashfs and erofs Mikko Rapeli
  2 siblings, 0 replies; 4+ messages in thread
From: Maciek Borzecki @ 2023-02-14  8:08 UTC (permalink / raw)
  To: yocto; +Cc: Maciej Borzęcki, Armin Kuster

From: Maciej Borzęcki <maciek@thing.com>

Add squashfs to images supported by verity.

Signed-off-by: Maciek Borzecki <maciek@thing.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
(cherry picked from commit ab8651c139a05c476d7e8a6a987106b2f7e9a354)
Signed-off-by: Maciek Borzecki <maciek@thing.com>
---
 classes/dm-verity-img.bbclass | 7 ++++++-
 1 file changed, 6 insertions(+), 1 deletion(-)

diff --git a/classes/dm-verity-img.bbclass b/classes/dm-verity-img.bbclass
index dd447e661f6c0002fe3390ed598cddff6bc0ce8f..e5946bc3279c4a200ea3404f7475860a24abd650 100644
--- a/classes/dm-verity-img.bbclass
+++ b/classes/dm-verity-img.bbclass
@@ -63,7 +63,12 @@ verity_setup() {
     veritysetup --data-block-size=${DM_VERITY_IMAGE_DATA_BLOCK_SIZE} --hash-offset=$SIZE format $OUTPUT $OUTPUT | tail -n +2 | process_verity
 }
 
-VERITY_TYPES = "ext2.verity ext3.verity ext4.verity btrfs.verity erofs.verity erofs-lz4.verity erofs-lz4hc.verity"
+VERITY_TYPES = " \
+    ext2.verity ext3.verity ext4.verity \
+    btrfs.verity \
+    erofs.verity erofs-lz4.verity erofs-lz4hc.verity \
+    squashfs.verity squashfs-xz.verity squashfs-lzo.verity squashfs-lz4.verity squashfs-zst.verity \
+"
 IMAGE_TYPES += "${VERITY_TYPES}"
 CONVERSIONTYPES += "verity"
 CONVERSION_CMD:verity = "verity_setup ${type}"
-- 
2.39.1



^ permalink raw reply related	[flat|nested] 4+ messages in thread

* Re: [yocto] [kirkstone][meta-security][PATCH 0/2] dm-verity-img support for squashfs and erofs
  2023-02-14  8:08 [kirkstone][meta-security][PATCH 0/2] dm-verity-img support for squashfs and erofs Maciek Borzecki
  2023-02-14  8:08 ` [kirkstone][meta-security][PATCH 1/2] Add EROFS support to dm-verity-img class Maciek Borzecki
  2023-02-14  8:08 ` [kirkstone][meta-security][PATCH 2/2] dm-verity-img.bbclass: add squashfs images Maciek Borzecki
@ 2023-02-14  8:31 ` Mikko Rapeli
  2 siblings, 0 replies; 4+ messages in thread
From: Mikko Rapeli @ 2023-02-14  8:31 UTC (permalink / raw)
  To: Maciej Borzęcki; +Cc: yocto

Hi,

On Tue, Feb 14, 2023 at 09:08:29AM +0100, Maciej Borzęcki wrote:
> A cherry pick of patches adding support for EROFS and squashfs in dm-verity-img.

Depending on stable branch policies for meta-security, backporting new
features may not be acceptable.

As an alternative, master branch may just work with kirkstone. At least it
does for me as long as I set kirkstone to compatible with the layer
in my private layer config:

# meta-security master removed kirkstone support but it still works for us
LAYERSERIES_COMPAT_security-layer += 'kirkstone'
LAYERSERIES_COMPAT_parsec-layer += 'kirkstone'
LAYERSERIES_COMPAT_tpm-layer += 'kirkstone'

Cheers,

-Mikko


^ permalink raw reply	[flat|nested] 4+ messages in thread

end of thread, other threads:[~2023-02-14  8:31 UTC | newest]

Thread overview: 4+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2023-02-14  8:08 [kirkstone][meta-security][PATCH 0/2] dm-verity-img support for squashfs and erofs Maciek Borzecki
2023-02-14  8:08 ` [kirkstone][meta-security][PATCH 1/2] Add EROFS support to dm-verity-img class Maciek Borzecki
2023-02-14  8:08 ` [kirkstone][meta-security][PATCH 2/2] dm-verity-img.bbclass: add squashfs images Maciek Borzecki
2023-02-14  8:31 ` [yocto] [kirkstone][meta-security][PATCH 0/2] dm-verity-img support for squashfs and erofs Mikko Rapeli

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.