From 72ef82368c3e40d854b2c7580c9dba7fc52ffcef Mon Sep 17 00:00:00 2001 From: Wainer dos Santos Moschetta Date: Tue, 4 Jul 2023 14:58:48 -0300 Subject: [PATCH] shim-v2: ensure root hash exist when measured rootfs When measured toofs is enabled then the shim-v2 build should find the guest rootfs hash file, otherwise might (silently) generate configuration files with empty hash. Signed-off-by: Wainer dos Santos Moschetta --- tools/packaging/static-build/shim-v2/build.sh | 15 +++++++++------ 1 file changed, 9 insertions(+), 6 deletions(-) diff --git a/tools/packaging/static-build/shim-v2/build.sh b/tools/packaging/static-build/shim-v2/build.sh index e6efc51cee..8fc2f7bea6 100755 --- a/tools/packaging/static-build/shim-v2/build.sh +++ b/tools/packaging/static-build/shim-v2/build.sh @@ -27,12 +27,15 @@ EXTRA_OPTS="${EXTRA_OPTS:-""}" [ "${CROSS_BUILD}" == "true" ] && container_image_bk="${container_image}" && container_image="${container_image}-cross-build" if [ "${MEASURED_ROOTFS}" == "yes" ]; then EXTRA_OPTS+=" DEFSERVICEOFFLOAD=true" - if [ -f "${repo_root_dir}/tools/osbuilder/root_hash.txt" ]; then - info "Enable rootfs measurement config" - root_hash=$(sudo sed -e 's/Root hash:\s*//g;t;d' "${repo_root_dir}/tools/osbuilder/root_hash.txt") - root_measure_config="rootfs_verity.scheme=dm-verity rootfs_verity.hash=${root_hash}" - EXTRA_OPTS+=" ROOTMEASURECONFIG=\"${root_measure_config}\"" - fi + info "Enable rootfs measurement config" + + root_hash_file="${repo_root_dir}/tools/osbuilder/root_hash.txt" + [ -f "$root_hash_file" ] || \ + die "Root hash file for measured rootfs not found at ${root_hash_file}" + + root_hash=$(sudo sed -e 's/Root hash:\s*//g;t;d' "${root_hash_file}") + root_measure_config="rootfs_verity.scheme=dm-verity rootfs_verity.hash=${root_hash}" + EXTRA_OPTS+=" ROOTMEASURECONFIG=\"${root_measure_config}\"" fi sudo docker pull ${container_image} || \