64 lines
3.1 KiB
Plaintext
64 lines
3.1 KiB
Plaintext
|
NFSBVERITY="/sbin/veritysetup"
|
||
|
|
NFSB_TOOLS_DIR="${TOPDIR}/../src/devtools/nfsb"
|
||
|
|
MKNFSBIMG="${NFSB_TOOLS_DIR}/mknfsbimg3"
|
||
|
|
ZERO_PADDING_TOOL="${NFSB_TOOLS_DIR}/zero_padding.sh"
|
||
|
|
NFSB_WORKING_PATH="${IMGDEPLOYDIR}"
|
||
|
|
NFSB_BLOCK_SIZE="1024"
|
||
|
|
OLD_ROOTFS_NAME="${IMAGE_NAME}.rootfs.${IMAGE_FSTYPES}"
|
||
|
|
OLD_RECOVERY_ROOTFS_NAME="recovery.${IMAGE_FSTYPES}"
|
||
|
|
NEW_ROOTFS_NAME="nfsb_rootfs.${IMAGE_FSTYPES}"
|
||
|
|
NEW_RECOVERY_ROOTFS_NAME = "tmp_recovery.${IMAGE_FSTYPES}"
|
||
|
|
ZERO_PADDING_SIZE="1048576"
|
||
|
|
KEY_FILE_MOD="${NFSB_TOOLS_DIR}/rsa.key.pub_out"
|
||
|
|
KEY_FILE_PRI="${NFSB_TOOLS_DIR}/rsa.key.pri_out"
|
||
|
|
|
||
|
|
add_nfsb_for_rootfs() {
|
||
|
|
|
||
|
|
mod_key=""
|
||
|
|
pri_key=""
|
||
|
|
|
||
|
|
#backwards compatible for FORCE_DISABLE_DM_VERITY which only for NFSB actually
|
||
|
|
if [ "${SECURE_BOOT_ENABLE}" = "yes" ] && [ "${SECURE_BOOT_TYPE}" = "" ]; then
|
||
|
|
ENABLE_DM_NFSB="yes"
|
||
|
|
fi
|
||
|
|
if [ "${FORCE_DISABLE_DM_VERITY}" = "yes" ]; then
|
||
|
|
ENABLE_DM_NFSB="no"
|
||
|
|
fi
|
||
|
|
|
||
|
|
if [ "${SECURE_BOOT_ENABLE}" = "yes" ] && [ "${ENABLE_DM_NFSB}" == "yes" ]; then
|
||
|
|
if [ -e ${KEY_FILE_MOD} ]; then
|
||
|
|
mod_key=${KEY_FILE_MOD}
|
||
|
|
pri_key=${KEY_FILE_PRI}
|
||
|
|
else
|
||
|
|
bbfatal "${KEY_FILE_MOD} does not exist!"
|
||
|
|
fi
|
||
|
|
else
|
||
|
|
exit 0
|
||
|
|
fi
|
||
|
|
|
||
|
|
${NFSBVERITY} --hash=md5 --no-superblock --data-block-size=${NFSB_BLOCK_SIZE} --hash-block-size=${NFSB_BLOCK_SIZE} format ${NFSB_WORKING_PATH}/${OLD_ROOTFS_NAME} ${NFSB_WORKING_PATH}/rootfs_hashes | tee ${NFSB_WORKING_PATH}/rootfs_table
|
||
|
|
${MKNFSBIMG} ${NFSB_WORKING_PATH}/${OLD_ROOTFS_NAME} ${NFSB_WORKING_PATH}/rootfs_hashes ${NFSB_WORKING_PATH}/${NEW_ROOTFS_NAME} ${NFSB_WORKING_PATH}/rootfs_table ${mod_key} ${pri_key};
|
||
|
|
rm -f ${NFSB_WORKING_PATH}/${OLD_ROOTFS_NAME}
|
||
|
|
mv ${NFSB_WORKING_PATH}/${NEW_ROOTFS_NAME} ${NFSB_WORKING_PATH}/${OLD_ROOTFS_NAME}
|
||
|
|
${ZERO_PADDING_TOOL} ${NFSB_WORKING_PATH}/${OLD_ROOTFS_NAME} ${ZERO_PADDING_SIZE}
|
||
|
|
rm -f ${NFSB_WORKING_PATH}/rootfs_hashes
|
||
|
|
rm -f ${NFSB_WORKING_PATH}/rootfs_table
|
||
|
|
|
||
|
|
if [ -e ${NFSB_WORKING_PATH}/${OLD_RECOVERY_ROOTFS_NAME} ]; then
|
||
|
|
${NFSBVERITY} --hash=md5 --no-superblock --data-block-size=${NFSB_BLOCK_SIZE} --hash-block-size=${NFSB_BLOCK_SIZE} format ${NFSB_WORKING_PATH}/${OLD_RECOVERY_ROOTFS_NAME} ${NFSB_WORKING_PATH}/recovery_rootfs_hashes | tee ${NFSB_WORKING_PATH}/recovery_rootfs_table
|
||
|
|
${MKNFSBIMG} ${NFSB_WORKING_PATH}/${OLD_RECOVERY_ROOTFS_NAME} ${NFSB_WORKING_PATH}/recovery_rootfs_hashes ${NFSB_WORKING_PATH}/${NEW_RECOVERY_ROOTFS_NAME} ${NFSB_WORKING_PATH}/recovery_rootfs_table ${mod_key} ${pri_key};
|
||
|
|
rm -f ${NFSB_WORKING_PATH}/${OLD_RECOVERY_ROOTFS_NAME}
|
||
|
|
mv ${NFSB_WORKING_PATH}/${NEW_RECOVERY_ROOTFS_NAME} ${NFSB_WORKING_PATH}/${OLD_RECOVERY_ROOTFS_NAME}
|
||
|
|
${ZERO_PADDING_TOOL} ${NFSB_WORKING_PATH}/${OLD_RECOVERY_ROOTFS_NAME} ${ZERO_PADDING_SIZE}
|
||
|
|
rm -f ${NFSB_WORKING_PATH}/recovery_rootfs_hashes
|
||
|
|
rm -f ${NFSB_WORKING_PATH}/recovery_rootfs_table
|
||
|
|
fi
|
||
|
|
|
||
|
|
rm -f ${mod_key}
|
||
|
|
rm -f ${pri_key}
|
||
|
|
|
||
|
|
|
||
|
|
}
|
||
|
|
|
||
|
|
IMAGE_POSTPROCESS_COMMAND += " add_nfsb_for_rootfs;"
|