* [kirkstone][meta-security][PATCH 0/2] dm-verity-img support for squashfs and erofs
@ 2023-02-14 8:08 Maciek Borzecki
2023-02-14 8:08 ` [kirkstone][meta-security][PATCH 1/2] Add EROFS support to dm-verity-img class Maciek Borzecki
` (2 more replies)
0 siblings, 3 replies; 4+ messages in thread
From: Maciek Borzecki @ 2023-02-14 8:08 UTC (permalink / raw)
To: yocto; +Cc: Maciek Borzecki
A cherry pick of patches adding support for EROFS and squashfs in dm-verity-img.
Josh Harley (1):
Add EROFS support to dm-verity-img class
Maciej Borzęcki (1):
dm-verity-img.bbclass: add squashfs images
classes/dm-verity-img.bbclass | 9 +++++++--
1 file changed, 7 insertions(+), 2 deletions(-)
--
2.39.1
^ permalink raw reply [flat|nested] 4+ messages in thread
* [kirkstone][meta-security][PATCH 1/2] Add EROFS support to dm-verity-img class
2023-02-14 8:08 [kirkstone][meta-security][PATCH 0/2] dm-verity-img support for squashfs and erofs Maciek Borzecki
@ 2023-02-14 8:08 ` Maciek Borzecki
2023-02-14 8:08 ` [kirkstone][meta-security][PATCH 2/2] dm-verity-img.bbclass: add squashfs images Maciek Borzecki
2023-02-14 8:31 ` [yocto] [kirkstone][meta-security][PATCH 0/2] dm-verity-img support for squashfs and erofs Mikko Rapeli
2 siblings, 0 replies; 4+ messages in thread
From: Maciek Borzecki @ 2023-02-14 8:08 UTC (permalink / raw)
To: yocto; +Cc: Josh Harley, Armin Kuster, Maciek Borzecki
From: Josh Harley <jharley@orangedogsolutions.co.uk>
[PATCH] Add support for the EROFS image, and it's compressed options,
to the dm-verity-img.bbclass setup, theoretically this is a simple addition
to the list of types however there is a quirk in how Poky handles the
filesystems in poky/meta/classes/image_types.bbclass.
Specifically the 'IMAGE_CMD' and 'IMAGE_FSTYPES' use a hyphen, e.g.
erofs-lz4, however in the image_type bbclass the task for that would be
"do_image_erofs_lz4", replacing the hyphen with an underscore.
As the dm-verity-img.bbclass adds a dependency to the wic image creation
on the do_image_* task then it fails as there is no
"do_image_erofs-lz4", so simply replace the hypen with an underscore.
Signed-off-by: Armin Kuster <akuster808@gmail.com>
(cherry picked from commit 8ca6bb86e653a332f7cb5b30babc0cd6c58769d0)
Signed-off-by: Maciek Borzecki <maciek@thing.com>
---
classes/dm-verity-img.bbclass | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/classes/dm-verity-img.bbclass b/classes/dm-verity-img.bbclass
index 93f667d6cdc11257ae8f2ba6300db9f62384a46c..dd447e661f6c0002fe3390ed598cddff6bc0ce8f 100644
--- a/classes/dm-verity-img.bbclass
+++ b/classes/dm-verity-img.bbclass
@@ -63,7 +63,7 @@ verity_setup() {
veritysetup --data-block-size=${DM_VERITY_IMAGE_DATA_BLOCK_SIZE} --hash-offset=$SIZE format $OUTPUT $OUTPUT | tail -n +2 | process_verity
}
-VERITY_TYPES = "ext2.verity ext3.verity ext4.verity btrfs.verity"
+VERITY_TYPES = "ext2.verity ext3.verity ext4.verity btrfs.verity erofs.verity erofs-lz4.verity erofs-lz4hc.verity"
IMAGE_TYPES += "${VERITY_TYPES}"
CONVERSIONTYPES += "verity"
CONVERSION_CMD:verity = "verity_setup ${type}"
@@ -90,6 +90,6 @@ python __anonymous() {
# If we're using wic: we'll have to use partition images and not the rootfs
# source plugin so add the appropriate dependency.
if 'wic' in image_fstypes:
- dep = ' %s:do_image_%s' % (pn, verity_type)
+ dep = ' %s:do_image_%s' % (pn, verity_type.replace("-", "_"))
d.appendVarFlag('do_image_wic', 'depends', dep)
}
--
2.39.1
^ permalink raw reply related [flat|nested] 4+ messages in thread
* [kirkstone][meta-security][PATCH 2/2] dm-verity-img.bbclass: add squashfs images
2023-02-14 8:08 [kirkstone][meta-security][PATCH 0/2] dm-verity-img support for squashfs and erofs Maciek Borzecki
2023-02-14 8:08 ` [kirkstone][meta-security][PATCH 1/2] Add EROFS support to dm-verity-img class Maciek Borzecki
@ 2023-02-14 8:08 ` Maciek Borzecki
2023-02-14 8:31 ` [yocto] [kirkstone][meta-security][PATCH 0/2] dm-verity-img support for squashfs and erofs Mikko Rapeli
2 siblings, 0 replies; 4+ messages in thread
From: Maciek Borzecki @ 2023-02-14 8:08 UTC (permalink / raw)
To: yocto; +Cc: Maciej Borzęcki, Armin Kuster
From: Maciej Borzęcki <maciek@thing.com>
Add squashfs to images supported by verity.
Signed-off-by: Maciek Borzecki <maciek@thing.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
(cherry picked from commit ab8651c139a05c476d7e8a6a987106b2f7e9a354)
Signed-off-by: Maciek Borzecki <maciek@thing.com>
---
classes/dm-verity-img.bbclass | 7 ++++++-
1 file changed, 6 insertions(+), 1 deletion(-)
diff --git a/classes/dm-verity-img.bbclass b/classes/dm-verity-img.bbclass
index dd447e661f6c0002fe3390ed598cddff6bc0ce8f..e5946bc3279c4a200ea3404f7475860a24abd650 100644
--- a/classes/dm-verity-img.bbclass
+++ b/classes/dm-verity-img.bbclass
@@ -63,7 +63,12 @@ verity_setup() {
veritysetup --data-block-size=${DM_VERITY_IMAGE_DATA_BLOCK_SIZE} --hash-offset=$SIZE format $OUTPUT $OUTPUT | tail -n +2 | process_verity
}
-VERITY_TYPES = "ext2.verity ext3.verity ext4.verity btrfs.verity erofs.verity erofs-lz4.verity erofs-lz4hc.verity"
+VERITY_TYPES = " \
+ ext2.verity ext3.verity ext4.verity \
+ btrfs.verity \
+ erofs.verity erofs-lz4.verity erofs-lz4hc.verity \
+ squashfs.verity squashfs-xz.verity squashfs-lzo.verity squashfs-lz4.verity squashfs-zst.verity \
+"
IMAGE_TYPES += "${VERITY_TYPES}"
CONVERSIONTYPES += "verity"
CONVERSION_CMD:verity = "verity_setup ${type}"
--
2.39.1
^ permalink raw reply related [flat|nested] 4+ messages in thread
* Re: [yocto] [kirkstone][meta-security][PATCH 0/2] dm-verity-img support for squashfs and erofs
2023-02-14 8:08 [kirkstone][meta-security][PATCH 0/2] dm-verity-img support for squashfs and erofs Maciek Borzecki
2023-02-14 8:08 ` [kirkstone][meta-security][PATCH 1/2] Add EROFS support to dm-verity-img class Maciek Borzecki
2023-02-14 8:08 ` [kirkstone][meta-security][PATCH 2/2] dm-verity-img.bbclass: add squashfs images Maciek Borzecki
@ 2023-02-14 8:31 ` Mikko Rapeli
2 siblings, 0 replies; 4+ messages in thread
From: Mikko Rapeli @ 2023-02-14 8:31 UTC (permalink / raw)
To: Maciej Borzęcki; +Cc: yocto
Hi,
On Tue, Feb 14, 2023 at 09:08:29AM +0100, Maciej Borzęcki wrote:
> A cherry pick of patches adding support for EROFS and squashfs in dm-verity-img.
Depending on stable branch policies for meta-security, backporting new
features may not be acceptable.
As an alternative, master branch may just work with kirkstone. At least it
does for me as long as I set kirkstone to compatible with the layer
in my private layer config:
# meta-security master removed kirkstone support but it still works for us
LAYERSERIES_COMPAT_security-layer += 'kirkstone'
LAYERSERIES_COMPAT_parsec-layer += 'kirkstone'
LAYERSERIES_COMPAT_tpm-layer += 'kirkstone'
Cheers,
-Mikko
^ permalink raw reply [flat|nested] 4+ messages in thread
end of thread, other threads:[~2023-02-14 8:31 UTC | newest]
Thread overview: 4+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2023-02-14 8:08 [kirkstone][meta-security][PATCH 0/2] dm-verity-img support for squashfs and erofs Maciek Borzecki
2023-02-14 8:08 ` [kirkstone][meta-security][PATCH 1/2] Add EROFS support to dm-verity-img class Maciek Borzecki
2023-02-14 8:08 ` [kirkstone][meta-security][PATCH 2/2] dm-verity-img.bbclass: add squashfs images Maciek Borzecki
2023-02-14 8:31 ` [yocto] [kirkstone][meta-security][PATCH 0/2] dm-verity-img support for squashfs and erofs Mikko Rapeli
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox