mirror of
https://github.com/linuxboot/heads.git
synced 2024-12-19 04:57:55 +00:00
convert veritysetup into a dmsetup table
This commit is contained in:
parent
97a0c3662c
commit
e5e16bd47f
92
verity-sign
Executable file
92
verity-sign
Executable file
@ -0,0 +1,92 @@
|
||||
#!/usr/bin/perl
|
||||
# Generate dm-verity hashes and sign the root hash
|
||||
#
|
||||
# Output looks like
|
||||
#
|
||||
# VERITY header information for hdd.img
|
||||
# UUID: 73532888-a3e9-4f16-a50a-1d03a265b94f
|
||||
# Hash type: 1
|
||||
# Data blocks: 7680
|
||||
# Data block size: 4096
|
||||
# Hash block size: 4096
|
||||
# Hash algorithm: sha256
|
||||
# Salt: 3d0cd593d29715005794c4e1cd5164c14ba6456c3dbd2c6d8a26007c01ca9937
|
||||
# Root hash: 91beda90d7fa1ab92463344966eb56ec9706f4f26063933a86d701a02a961a10
|
||||
#
|
||||
my $usage = <<"";
|
||||
Usage:
|
||||
size=32
|
||||
dd if=/dev/zero of=hdd.img bs=1M count=$size
|
||||
mkfs.ext4 -b 4096 ./hdd.img
|
||||
mkdir /tmp/loop
|
||||
sudo mount -o loop hdd.img /tmp/loop
|
||||
(populate /tmp/loop)
|
||||
sudo umount /tmp/loop
|
||||
veritysetup \
|
||||
--hash-offset $[$size*1024*1024] \
|
||||
--data-blocks $[$size*1024*1024/4096] \
|
||||
format hdd.img hdd.img \
|
||||
| ./verity-sign /dev/sda1 \
|
||||
| tee hdd.table
|
||||
|
||||
|
||||
use warnings;
|
||||
use strict;
|
||||
|
||||
my $dev = shift;
|
||||
|
||||
local $_ = <STDIN>;
|
||||
chomp;
|
||||
|
||||
my ($orig_device) = /^VERITY header information for (.*)/
|
||||
or die "Missing VERITY header\n";
|
||||
|
||||
my %params;
|
||||
|
||||
$dev ||= $orig_device;
|
||||
|
||||
while(<>)
|
||||
{
|
||||
chomp;
|
||||
my ($key,$value) = split /:\s+/;
|
||||
$params{$key} = $value;
|
||||
}
|
||||
|
||||
my @missing;
|
||||
|
||||
|
||||
# All the necessary parameters were in the header, generate
|
||||
# the command to mount the filesystem
|
||||
my $data_blocks = $params{'Data blocks'}
|
||||
or push @missing, 'Data blocks';
|
||||
my $data_block_size = $params{'Data block size'}
|
||||
or push @missing, 'Data block size';
|
||||
my $hash_block_size = $params{'Hash block size'}
|
||||
or push @missing, 'Hash block size';
|
||||
my $salt = $params{'Salt'}
|
||||
or push @missing, 'Salt';
|
||||
my $root_hash = $params{'Root hash'}
|
||||
or push @missing, 'Root hash';
|
||||
my $hash_type = $params{'Hash type'}
|
||||
or push @missing, 'Hash type';
|
||||
my $hash_algorithm = $params{'Hash algorithm'}
|
||||
or push @missing, 'Hash algorithm';
|
||||
|
||||
# Check for any missing parameters
|
||||
die "Missing parameter: ", join(', ', @missing), "\n"
|
||||
if @missing;
|
||||
|
||||
my $data_size = $data_blocks * $data_block_size;
|
||||
my $data_size_512b = $data_size / 512;
|
||||
my $first_hash_block = $data_blocks + 1;
|
||||
|
||||
print <<"";
|
||||
0 $data_size_512b verity $hash_type
|
||||
$dev $dev
|
||||
$data_block_size $hash_block_size
|
||||
$data_blocks $first_hash_block
|
||||
$hash_algorithm
|
||||
$root_hash
|
||||
$salt
|
||||
|
||||
__END__
|
Loading…
Reference in New Issue
Block a user