82 lines
2.5 KiB
Bash
Executable File
82 lines
2.5 KiB
Bash
Executable File
#!/bin/bash
|
|
|
|
help_info()
|
|
{
|
|
echo -e "Usage: $0 <rootfs> <verity_block>"
|
|
}
|
|
|
|
ROOT_DIR=$TINA_BUILD_TOP
|
|
OUT_DIR=$TINA_BUILD_TOP/out/$TARGET_BOARD
|
|
HOST_DIR=$TINA_BUILD_TOP/out/host/bin
|
|
|
|
if [ ! -d "$OUT_DIR/verity" ]; then
|
|
echo "Please run ./dm-verity-key.sh first to generate keys!"
|
|
exit
|
|
fi
|
|
|
|
if [ $# -eq 2 ]; then
|
|
IN=$1
|
|
OUT=$2
|
|
else
|
|
# default value
|
|
IN=$OUT_DIR/rootfs.img
|
|
OUT=$OUT_DIR/verity/verity_block
|
|
fi
|
|
|
|
VERITY_DIR=`dirname $OUT`
|
|
BLK_SIZE=4096
|
|
|
|
get_blk_size()
|
|
{
|
|
local size=`du -b $1 | awk '{print $1}'`
|
|
|
|
if [ `expr ${size} % ${BLK_SIZE}` = "0" ]; then
|
|
local blks=`(expr ${size} / ${BLK_SIZE})`
|
|
else
|
|
local blks=`(expr ${size} / ${BLK_SIZE} + 1 )`
|
|
fi
|
|
|
|
echo $blks
|
|
}
|
|
|
|
rm -rf $VERITY_DIR/rootfs_hash_table $VERITY_DIR/rootfs_hash_tree.bin $VERITY_DIR/sign $VERITY_DIR/hash_block $VERITY_DIR/verity_block
|
|
|
|
# 1. gen rootfs_hash_tree.bin and rootfs_hash_table
|
|
$HOST_DIR/veritysetup format $IN $VERITY_DIR/rootfs_hash_tree.bin > $VERITY_DIR/rootfs_hash_table
|
|
|
|
# 2. gen signature of rootfs_hash_table
|
|
openssl dgst -sha256 -binary -sign $VERITY_DIR/keys/rsa_key.pair $VERITY_DIR/rootfs_hash_table > $VERITY_DIR/sign
|
|
|
|
# verity_block structure
|
|
# 0----------------------------4K-----------------------4K*N--------------------------4K*M
|
|
# <sign><hash table size><000...><rootfs_hash_table><000...><rootfs_hash_tree.bin><000...>
|
|
|
|
# 3. merge verity_block
|
|
SIGN_BLK=`get_blk_size $VERITY_DIR/sign`
|
|
TABLE_BLK=`get_blk_size $VERITY_DIR/rootfs_hash_table`
|
|
TREE_BLK=`get_blk_size $VERITY_DIR/rootfs_hash_tree.bin`
|
|
|
|
# 3.1 copy sign
|
|
dd if=$VERITY_DIR/sign of=$VERITY_DIR/hash_block bs=${BLK_SIZE} count=${SIGN_BLK} >/dev/null 2>&1
|
|
|
|
# 3.2 save rootfs_hash_table size to the back of sign
|
|
TABLE_SIZE=`du -b $VERITY_DIR/rootfs_hash_table | awk '{print $1}'`
|
|
HIGH_BYTES=`expr $TABLE_SIZE / 256 `
|
|
LOW_BYTES=`expr $TABLE_SIZE % 256 `
|
|
if [ $HIGH_BYTES -gt 256 ]; then
|
|
echo "ERROR rootfs_hash_table size should < 64KB"
|
|
exit
|
|
fi
|
|
HIGH_BYTES_H=`echo "obase=16;ibase=10;$HIGH_BYTES" | bc`
|
|
LOW_BYTES_H=`echo "obase=16;ibase=10;$LOW_BYTES" | bc`
|
|
echo -e -n "\x$LOW_BYTES_H\x$HIGH_BYTES_H" >> $VERITY_DIR/hash_block
|
|
|
|
# 3.3 copy rootfs_hash_table
|
|
dd if=$VERITY_DIR/rootfs_hash_table of=$VERITY_DIR/hash_block bs=${BLK_SIZE} seek=${SIGN_BLK} count=${TABLE_BLK} > /dev/null 2>&1
|
|
|
|
# 3.4 copy rootfs_hash_tree.bin
|
|
dd if=$VERITY_DIR/rootfs_hash_tree.bin of=$VERITY_DIR/hash_block bs=${BLK_SIZE} seek=`expr ${SIGN_BLK} + ${TABLE_BLK}` count=${TREE_BLK} > /dev/null 2>&1
|
|
|
|
dd of=${OUT} if=$VERITY_DIR/hash_block bs=${BLK_SIZE} count=`expr ${SIGN_BLK} + ${TABLE_BLK} + ${TREE_BLK}`>/dev/null 2>&1
|
|
|