From ba4f806c301d717b7aadb116ff9e25f1f71813c3 Mon Sep 17 00:00:00 2001 From: Wainer dos Santos Moschetta Date: Tue, 24 Oct 2023 15:22:06 -0300 Subject: [PATCH] initramfs: re-wrote devices checking on init.sh Re-wrote the logic of init.sh to follow the rules: * the root device MUST exist always because it will be either mounted or verified (then mounted) * if rootfs verifier is enabled then the hash device MUST exist. Avoid the case where dm-verity is set but the hash device does not exist and so the verification is silently skipped Signed-off-by: Wainer dos Santos Moschetta --- tools/packaging/static-build/initramfs/init.sh | 18 +++++++++++++++++- 1 file changed, 17 insertions(+), 1 deletion(-) diff --git a/tools/packaging/static-build/initramfs/init.sh b/tools/packaging/static-build/initramfs/init.sh index 4b224280b7..302ff475b2 100755 --- a/tools/packaging/static-build/initramfs/init.sh +++ b/tools/packaging/static-build/initramfs/init.sh @@ -30,8 +30,24 @@ rootfs_hash=$(get_option rootfs_verity.hash) root_device=$(get_option root) hash_device=${root_device%?}2 -if [ -e ${root_device} ] && [ -e ${hash_device} ] && [ "${rootfs_verifier}" = "dm-verity" ] +# The root device should exist to be either verified then mounted or +# just mounted when verification is disabled. +if [ ! -e "${root_device}" ] then + echo "No root device ${root_device} found" + exit 1 +fi + +if [ "${rootfs_verifier}" = "dm-verity" ] +then + echo "Verify the root device with ${rootfs_verifier}" + + if [ ! -e "${hash_device}" ] + then + echo "No hash device ${hash_device} found. Cannot verify the root device" + exit 1 + fi + veritysetup open "${root_device}" root "${hash_device}" "${rootfs_hash}" mount /dev/mapper/root /mnt else