Add support for rootfs with dm-verity

Change-Id: I549bae94aeedfd979d1086f26ed43bc7fc7f0bcc

diff --git a/scripts/fota-init.sh b/scripts/fota-init.sh
index ec80554cd73e238d7e1440cd97764218899fdb3f..7a89fe4d766aed8415bc1b1c8478c290a2e9a10b 100755 (executable)
--- a/scripts/fota-init.sh
+++ b/scripts/fota-init.sh
@@ -360,12 +360,43 @@ commit_partition()
        fi
 }
 
+mount_rootfs()
+{
+       /usr/bin/verityctl create rootfs "${PART_ROOTFS}" "${FAKE_ROOT}"
+        case $? in
+            0)
+                echo "verifyboot: disabled"
+                # do nothing
+                ;;
+            1)
+                echo "verityboot: enabled";
+                return
+                ;;
+            2)
+                echo "verifyboot: enabled but corrupted"
+                # should deal with the error like reboot.
+                ;;
+            3)
+                echo "verifyboot: disabling"
+                ;;
+        esac
+       "$MOUNT" -o ro "${PART_ROOTFS}" "${FAKE_ROOT}"
+}
+
 #------------------------------------------------
 #       mount_partitions
 #------------------------------------------------
 mount_partitions() {
-       if ! restore_mount_checkpoint_partition rootfs "${PART_ROOTFS}" "${FAKE_ROOT}"; then
-               return 1
+
+       if [[ "${P_SLOT}" != "" ]]
+       then
+               # For A/B Update rootfs should be updated before the system boots in fota mode.
+               # Therefore rootfs should be mounted as RO.
+               mount_rootfs
+       else
+               if ! restore_mount_checkpoint_partition rootfs "${PART_ROOTFS}" "${FAKE_ROOT}"; then
+                       return 1
+               fi
        fi
 
        if ! restore_mount_checkpoint_partition system-data "${PART_SYSTEM_DATA}" "${FAKE_ROOT}/${SYSTEM_DATA_MNT}"; then
@@ -450,10 +481,15 @@ umount_partitions() {
        fi
        umount_partition system-data "${FAKE_ROOT}/${SYSTEM_DATA_MNT}"
 
-       if [ "${UPGRADE_SUCCESS}" = "1" ]; then
-               commit_partition rootfs "${FAKE_ROOT}"
+       if [[ "${P_SLOT}" != "" ]]
+       then
+               "$UMOUNT" "${FAKE_ROOT}"
+       else
+               if [ "${UPGRADE_SUCCESS}" = "1" ]; then
+                       commit_partition rootfs "${FAKE_ROOT}"
+               fi
+               umount_partition rootfs "${FAKE_ROOT}"
        fi
-       umount_partition rootfs "${FAKE_ROOT}"
 }
 
 #------------------------------------------------

diff --git a/scripts/fus_rw-init.sh b/scripts/fus_rw-init.sh
index 53091fda941d8a79db1da2c4bef8dfd5fc456401..df46cc758295a9e1b85fb40da96da6613acc045a 100755 (executable)
--- a/scripts/fus_rw-init.sh
+++ b/scripts/fus_rw-init.sh
@@ -55,6 +55,31 @@ get_partition_id() {
     PART_USER=$("$BLKID" --match-token PARTLABEL=user -o device || "$BLKID" --match-token LABEL=user -o device)
 }
 
+#------------------------------------------------
+#       mount_rootfs
+#------------------------------------------------
+mount_rootfs()
+{
+       /usr/bin/verityctl create rootfs "${PART_ROOTFS}" "${FAKE_ROOT}"
+        case $? in
+            0)
+                echo "verifyboot: disabled"
+                # do nothing
+                ;;
+            1)
+                echo "verityboot: enabled";
+                return
+                ;;
+            2)
+                echo "verifyboot: enabled but corrupted"
+                # should deal with the error like reboot.
+                ;;
+            3)
+                echo "verifyboot: disabling"
+                ;;
+        esac
+       "$MOUNT" -o ro "${PART_ROOTFS}" "${FAKE_ROOT}"
+}
 
 #------------------------------------------------
 #       mount_partitions
@@ -62,7 +87,7 @@ get_partition_id() {
 mount_partitions() {
     get_partition_id
 
-    "$MOUNT" -o ro ${PART_ROOTFS} ${FAKE_ROOT}
+    mount_rootfs
     "$MOUNT" -t proc none ${FAKE_ROOT}/proc
     "$MOUNT" -t sysfs none ${FAKE_ROOT}/sys
     "$MOUNT" -t devtmpfs devtmpfs ${FAKE_ROOT}/dev