mirror of
https://github.com/linuxboot/linuxboot
synced 2024-11-22 08:09:41 +00:00
convert veritysetup into a dmsetup table
This commit is contained in:
Trammell Hudson
parent
97a0c3662c
commit
e5e16bd47f
92
verity-sign
Executable file
92
verity-sign
Executable file
@ -0,0 +1,92 @@
|
|||||||
|
#!/usr/bin/perl
|
||||||
|
# Generate dm-verity hashes and sign the root hash
|
||||||
|
#
|
||||||
|
# Output looks like
|
||||||
|
#
|
||||||
|
# VERITY header information for hdd.img
|
||||||
|
# UUID: 73532888-a3e9-4f16-a50a-1d03a265b94f
|
||||||
|
# Hash type: 1
|
||||||
|
# Data blocks: 7680
|
||||||
|
# Data block size: 4096
|
||||||
|
# Hash block size: 4096
|
||||||
|
# Hash algorithm: sha256
|
||||||
|
# Salt: 3d0cd593d29715005794c4e1cd5164c14ba6456c3dbd2c6d8a26007c01ca9937
|
||||||
|
# Root hash: 91beda90d7fa1ab92463344966eb56ec9706f4f26063933a86d701a02a961a10
|
||||||
|
#
|
||||||
|
my $usage = <<"";
|
||||||
|
Usage:
|
||||||
|
size=32
|
||||||
|
dd if=/dev/zero of=hdd.img bs=1M count=$size
|
||||||
|
mkfs.ext4 -b 4096 ./hdd.img
|
||||||
|
mkdir /tmp/loop
|
||||||
|
sudo mount -o loop hdd.img /tmp/loop
|
||||||
|
(populate /tmp/loop)
|
||||||
|
sudo umount /tmp/loop
|
||||||
|
veritysetup \
|
||||||
|
--hash-offset $[$size*1024*1024] \
|
||||||
|
--data-blocks $[$size*1024*1024/4096] \
|
||||||
|
format hdd.img hdd.img \
|
||||||
|
| ./verity-sign /dev/sda1 \
|
||||||
|
| tee hdd.table
|
||||||
|
|
||||||
|
|
||||||
|
use warnings;
|
||||||
|
use strict;
|
||||||
|
|
||||||
|
my $dev = shift;
|
||||||
|
|
||||||
|
local $_ = <STDIN>;
|
||||||
|
chomp;
|
||||||
|
|
||||||
|
my ($orig_device) = /^VERITY header information for (.*)/
|
||||||
|
or die "Missing VERITY header\n";
|
||||||
|
|
||||||
|
my %params;
|
||||||
|
|
||||||
|
$dev ||= $orig_device;
|
||||||
|
|
||||||
|
while(<>)
|
||||||
|
{
|
||||||
|
chomp;
|
||||||
|
my ($key,$value) = split /:\s+/;
|
||||||
|
$params{$key} = $value;
|
||||||
|
}
|
||||||
|
|
||||||
|
my @missing;
|
||||||
|
|
||||||
|
|
||||||
|
# All the necessary parameters were in the header, generate
|
||||||
|
# the command to mount the filesystem
|
||||||
|
my $data_blocks = $params{'Data blocks'}
|
||||||
|
or push @missing, 'Data blocks';
|
||||||
|
my $data_block_size = $params{'Data block size'}
|
||||||
|
or push @missing, 'Data block size';
|
||||||
|
my $hash_block_size = $params{'Hash block size'}
|
||||||
|
or push @missing, 'Hash block size';
|
||||||
|
my $salt = $params{'Salt'}
|
||||||
|
or push @missing, 'Salt';
|
||||||
|
my $root_hash = $params{'Root hash'}
|
||||||
|
or push @missing, 'Root hash';
|
||||||
|
my $hash_type = $params{'Hash type'}
|
||||||
|
or push @missing, 'Hash type';
|
||||||
|
my $hash_algorithm = $params{'Hash algorithm'}
|
||||||
|
or push @missing, 'Hash algorithm';
|
||||||
|
|
||||||
|
# Check for any missing parameters
|
||||||
|
die "Missing parameter: ", join(', ', @missing), "\n"
|
||||||
|
if @missing;
|
||||||
|
|
||||||
|
my $data_size = $data_blocks * $data_block_size;
|
||||||
|
my $data_size_512b = $data_size / 512;
|
||||||
|
my $first_hash_block = $data_blocks + 1;
|
||||||
|
|
||||||
|
print <<"";
|
||||||
|
0 $data_size_512b verity $hash_type
|
||||||
|
$dev $dev
|
||||||
|
$data_block_size $hash_block_size
|
||||||
|
$data_blocks $first_hash_block
|
||||||
|
$hash_algorithm
|
||||||
|
$root_hash
|
||||||
|
$salt
|
||||||
|
|
||||||
|
__END__
|
||||||
Loading…
Reference in New Issue
Block a user