initramfs: re-wrote devices checking on init.sh

Re-wrote the logic of init.sh to follow the rules: * the root device MUST exist always because it will be either mounted or verified (then mounted) * if rootfs verifier is enabled then the hash device MUST exist. Avoid the case where dm-verity is set but the hash device does not exist and so the verification is silently skipped Signed-off-by: Wainer dos Santos Moschetta <wainersm@redhat.com>
2025-08-22 17:59:31 +00:00 · 2023-10-24 15:22:06 -03:00 · 2023-10-24 15:22:06 -03:00 · ba4f806c30
commit ba4f806c30
parent 72ef82368c
1 changed files with 17 additions and 1 deletions
--- a/tools/packaging/static-build/initramfs/init.sh
+++ b/tools/packaging/static-build/initramfs/init.sh
@ -30,8 +30,24 @@ rootfs_hash=$(get_option rootfs_verity.hash)
 root_device=$(get_option root)
 hash_device=${root_device%?}2

-if [ -e ${root_device} ] && [ -e ${hash_device} ] && [ "${rootfs_verifier}" = "dm-verity" ]
+# The root device should exist to be either verified then mounted or
+# just mounted when verification is disabled.
+if [ ! -e "${root_device}" ]
 then
+	echo "No root device ${root_device} found"
+	exit 1
+fi
+
+if [ "${rootfs_verifier}" = "dm-verity" ]
+then
+	echo "Verify the root device with ${rootfs_verifier}"
+
+	if [ ! -e "${hash_device}" ]
+	then
+		echo "No hash device ${hash_device} found. Cannot verify the root device"
+		exit 1
+	fi
+
 	veritysetup open "${root_device}" root "${hash_device}" "${rootfs_hash}"
 	mount /dev/mapper/root /mnt
 else