Enable dm-verity support also for ext filesystems

Those need a block size of 4k to work.
2021-07-19 11:50:22 +02:00 · 2021-07-19 11:50:22 +02:00 · 1cd901cfa2
parent e02e2df4b9
commit 1cd901cfa2
3 changed files with 17 additions and 9 deletions
--- a/manpages/en/lb_config.1
+++ b/manpages/en/lb_config.1
@ -341,9 +341,9 @@ defines the distribution enabled in the resulting live system (defaults to the v
 .IP "\fB\-\-distribution\-chroot\fR \fICODENAME\fR" 4
 defines the distribution used to build the live system (defaults to the value set in \fB\-\-distribution\fR)
 .IP "\fB\-\-dm\-verity\fR" 4
-Enables dm-verity support for root file system. Currently only squashfs is supported. For more information see \fIlive\-boot\fR(7).
+Enables dm\-verity support for root file system. Only squashfs, ext2, ext3 and ext4 are supported. For more information see \fIlive\-boot\fR(7).
 .IP "\fB\-\-dm\-verity\-fec\fR \fINB_ROOTS\fR" 4
-Enables forward error correction for dm-verity. \fINB_ROOTS\fR is the number of error correction roots thas should be used. The value can between 2 and 24. Android uses 2 by default.
+Enables forward error correction for dm-verity. \fINB_ROOTS\fR is the number of error correction roots thas should be used. The value can be between 2 and 24. Android uses 2 by default.
 .IP "\fB\-\-dm\-verity\-sign\fR \fISIGN_SCRIPT\fR" 4
 Sign root hash of dm-verity device. Script takes two arguments: the root hash and a file to output the signature to.
 .IP "\fB\-\-dump\fR" 4
--- a/scripts/build/binary_dm-verity
+++ b/scripts/build/binary_dm-verity
@ -28,11 +28,14 @@ fi

 Echo_message "Begin creating dm-verity hash for rootfs"

-if [ "${LB_CHROOT_FILESYSTEM}" != "squashfs" ]
-then
-    Echo_error "dm-verity support is only implemented for squashfs"
-    exit 1
-fi
+case ${LB_CHROOT_FILESYSTEM} in
+    squashfs|ext2|ext3|ext4)
+        ;;
+    *)
+        Echo_error "dm-verity support is not implemented for ${LB_CHROOT_FILESYSTEM}!"
+        exit 1
+        ;;
+esac


 case "${LB_INITRAMFS}" in
--- a/scripts/build/binary_rootfs
+++ b/scripts/build/binary_rootfs
@ -111,8 +111,13 @@ case "${LB_CHROOT_FILESYSTEM}" in
 					Chroot chroot "ln -s /proc/mounts/mtab /etc/mtab"
 					FAKE_MTAB=true
 				fi
-
-				Chroot chroot "mkfs.${LB_CHROOT_FILESYSTEM} -F -b 1024 -N ${REAL_INODES} -m 0 filesystem.${LB_CHROOT_FILESYSTEM}"
+				BLOCK_SIZE=1024
+				if [ "${LB_DM_VERITY}" = "true" ]
+				then
+					# dm-verity needs a block size of at least 4k
+					BLOCK_SIZE=4096
+				fi
+				Chroot chroot "mkfs.${LB_CHROOT_FILESYSTEM} -F -b ${BLOCK_SIZE} -N ${REAL_INODES} -m 0 filesystem.${LB_CHROOT_FILESYSTEM}"

 				mkdir -p filesystem.tmp
 				mount -o loop chroot/filesystem.${LB_CHROOT_FILESYSTEM} filesystem.tmp