From cdfdb29a8928a0f1213454a0607740155fff9aa5 Mon Sep 17 00:00:00 2001 From: INSUN PYO Date: Tue, 28 Jul 2020 19:28:13 +0900 Subject: [PATCH] dm-verity: add /usr/bin/verityctl and implement "verityctl format" command Change-Id: I1d37793cc9344c1c42a532cd599cd3821053a685 --- packaging/initrd.spec | 10 ++++++++++ scripts/verityctl | 53 +++++++++++++++++++++++++++++++++++++++++++++++++++ 2 files changed, 63 insertions(+) create mode 100755 scripts/verityctl diff --git a/packaging/initrd.spec b/packaging/initrd.spec index 1d8eb8a..6cf2009 100644 --- a/packaging/initrd.spec +++ b/packaging/initrd.spec @@ -25,6 +25,11 @@ initial ramdisk. initrd does mount filesystems(/, /opt, /proc, /sys, /lib/module %package -n veritytool Summary: A tool for dm-verity License: Apache-2.0 +Requires: bash +Requires: gawk +Requires: grep +Requires: coreutils +Requires: cryptsetup %description -n veritytool verityctl tool for dm-verity. Similar with veritysetup of cryptsetup @@ -49,6 +54,10 @@ cp -f scripts/mkinitrd.sh %{buildroot}%{_initrd_dir} mkdir -p %{buildroot}%{_mnt_initrd_dir} +# veritytool +mkdir -p %{buildroot}%{_bindir} +cp -f scripts/verityctl %{buildroot}%{_bindir} + %post /sbin/ldconfig @@ -72,3 +81,4 @@ rm -rf %{_initrd_dir} %files -n veritytool %manifest initrd.manifest %license LICENSE.Apache-2.0 +%{_bindir}/verityctl diff --git a/scripts/verityctl b/scripts/verityctl new file mode 100755 index 0000000..554f250 --- /dev/null +++ b/scripts/verityctl @@ -0,0 +1,53 @@ +#!/bin/sh + +PATH=/bin:/usr/bin:/sbin:/usr/sbin + +usage() +{ + echo "Usage: verityctl " + echo "" + echo "Action commands:" + echo " format - format device" +} + +format() +{ + IMG_FILE=$1 + + if [ -f $IMG_FILE ] + then + echo "Run verityctl format $IMG_FILE" + else + echo "$IMG_FILE does not exist" + exit 1; + fi + + IMG_PATH=`dirname $IMG_FILE` + + /sbin/veritysetup format $IMG_FILE $IMG_PATH/hash_data | tee $IMG_PATH/verity_format_output.txt + root_hash=`grep "Root hash" $IMG_PATH/verity_format_output.txt | gawk '{print $3,$4}'` + + dd if=/dev/zero of=$IMG_PATH/meta_data bs=32768 count=1 2> /dev/null + echo "dm-verity0" | dd of=/$IMG_PATH/meta_data bs=1 seek=0 conv=notrunc 2> /dev/null + echo "b1b1b1b1" | dd of=/$IMG_PATH/meta_data bs=1 seek=16 conv=notrunc 2> /dev/null + echo $root_hash | dd of=/$IMG_PATH/meta_data bs=1 seek=32 conv=notrunc 2> /dev/null + + cat $IMG_PATH/meta_data $IMG_PATH/hash_data >> $IMG_FILE + + rm -f $IMG_PATH/hash_data + rm -f $IMG_PATH/meta_data + rm -f $IMG_PATH/verity_format_output.txt +} + +case $1 in + "format") + if [ $# -ne 2 ]; then usage; exit 1; fi + format $2 + exit 0; + ;; + + *) + usage + exit 0; + ;; +esac -- 2.7.4