From ca01932fb526e97faa4b7cf945efba3dccc502aa Mon Sep 17 00:00:00 2001 From: Martin McConnell Date: Wed, 21 Feb 2024 12:25:50 +0000 Subject: [PATCH 1/2] Integrate veritysetup format command for dm-verity hash generation Signed-off-by: Martin McConnell --- bin/initoverlayfs-install | 3 +++ 1 file changed, 3 insertions(+) diff --git a/bin/initoverlayfs-install b/bin/initoverlayfs-install index f4b60bc..5f2616f 100755 --- a/bin/initoverlayfs-install +++ b/bin/initoverlayfs-install @@ -37,6 +37,9 @@ exec_erofs() { popd rm -f "${INITRAMFS_DIR}/initoverlayfs-$kver.img" mkfs.erofs $erofs_compression "${INITRAMFS_DIR}/initoverlayfs-$kver.img" ${INITRAMFS_DUMP_DIR} + if false; then + veritysetup format "${INITRAMFS_DIR}/initoverlayfs-$kver.img" "/etc/initoverlayfs-hash-$kver.img" + fi } # Support for ext4 is currently under development. From f93e7ec700f8da03db1f76703f5e631b2d52e3ab Mon Sep 17 00:00:00 2001 From: Martin McConnell Date: Wed, 21 Feb 2024 12:28:56 +0000 Subject: [PATCH 2/2] Include dynamic kernel version dm-verity hash in initramfs Signed-off-by: Martin McConnell --- lib/dracut/modules.d/81initoverlayfs/module-setup.sh | 1 + 1 file changed, 1 insertion(+) diff --git a/lib/dracut/modules.d/81initoverlayfs/module-setup.sh b/lib/dracut/modules.d/81initoverlayfs/module-setup.sh index dc98511..ee467d9 100644 --- a/lib/dracut/modules.d/81initoverlayfs/module-setup.sh +++ b/lib/dracut/modules.d/81initoverlayfs/module-setup.sh @@ -11,6 +11,7 @@ depends() { install() { inst_multiple -o /etc/initoverlayfs.conf /usr/sbin/initoverlayfs \ + "/etc/initoverlayfs-hash-$kernel.img" \ "$systemdsystemunitdir/pre-initoverlayfs.target" \ "$systemdsystemunitdir/pre-initoverlayfs.service" \ "$systemdsystemunitdir/pre-initoverlayfs-switch-root.service"