chromeos-base/chromeos-installer/files/installer-support-new-dm-format.patch

From 5a583d1f3ff73c62a92cef6838412a212d8e94e2 Mon Sep 17 00:00:00 2001
From: Meena Shanmugam <meenashanmugam@google.com>
Date: Mon, 10 Oct 2022 00:10:18 +0000
Subject: [PATCH] LAKITU:chromeos-installer: Update postinstall programs to
 use new dm format.

COS uses upstream dm format for the upcoming releases. Automatic updates
update the bootloader configurations. Inorder to auto-update work with
the upstream format, these auto-update postinstall programs need to be
modified to support both new and old format. Once these changes are
approved and merged in chromeOS upstream, this patch can be removed.

Change-Id: Icb9af46e0b2bed4aa7c44f658d1b49252fc993bc
---
 installer/chromeos_legacy.cc   | 17 ++++++++++++++---
 installer/chromeos_setimage.cc | 35 +++++++++++++++++++++++++++++-----
 2 files changed, 44 insertions(+), 8 deletions(-)

diff --git a/installer/chromeos_legacy.cc b/installer/chromeos_legacy.cc
index 10f14ab991..276f633961 100644
--- a/installer/chromeos_legacy.cc
+++ b/installer/chromeos_legacy.cc
@@ -38,6 +38,9 @@ bool UpdateLegacyKernel(const InstallConfig& install_config) {
 string ExplandVerityArguments(const string& kernel_config,
                               const string& root_uuid) {
   string kernel_config_dm = ExtractKernelArg(kernel_config, "dm");
+  if ( kernel_config_dm.empty()) {
+    kernel_config_dm = ExtractKernelArg(kernel_config, "dm-mod.create");
+  }
 
   // The verity config from the kernel contains short hand symbols for
   // partition names that we have to expand to specific UUIDs.
@@ -228,7 +231,8 @@ bool EfiGrubUpdate(const string& input,
     base::ReplaceFirstSubstringAfterOffset(&(*line), 0, "linuxefi", "linux");
 
     if (line->find(kernel_pattern) != string::npos) {
-      if (ExtractKernelArg(*line, "dm").empty()) {
+      if (ExtractKernelArg(*line, "dm").empty() &&
+          ExtractKernelArg(*line, "dm-mod.create").empty()) {
         // If it's an unverified boot line, just set the root partition to boot.
         if (!SetKernelArg("root", "PARTUUID=" + root_uuid, &(*line))) {
           LOG(ERROR) << "Unable to update unverified root flag in " << *line;
@@ -236,8 +240,15 @@ bool EfiGrubUpdate(const string& input,
         }
       } else {
         if (!SetKernelArg("dm", verity_args, &(*line))) {
-          LOG(INFO) << "Unable to update verified dm flag.";
-          return false;
+          if (!SetKernelArg("dm-mod.create", verity_args, &(*line))) {
+            LOG(INFO) << "Unable to update verified dm flag.";
+            return false;
+          }
+        }
+        // Update grub.cfg with the new dm format
+        std::size_t found = line->find("dm=");
+        if (found != std::string::npos) {
+          line->replace(found, 3, "dm-mod.create=");
         }
       }
     }
diff --git a/installer/chromeos_setimage.cc b/installer/chromeos_setimage.cc
index b2772d3c25..0906a25d1c 100644
--- a/installer/chromeos_setimage.cc
+++ b/installer/chromeos_setimage.cc
@@ -77,7 +77,12 @@ bool SetImage(const InstallConfig& install_config) {
   //
 
   string kernel_config_root = ExtractKernelArg(kernel_config, "root");
+  int version = 0;
   string dm_config = ExtractKernelArg(kernel_config, "dm");
+  if (dm_config.empty()) {
+    dm_config = ExtractKernelArg(kernel_config, "dm-mod.create");
+    version =1;
+  }
   std::vector<string> dm_parts = base::SplitString(
       dm_config, ",", base::KEEP_WHITESPACE, base::SPLIT_WANT_ALL);
 
@@ -95,11 +100,24 @@ bool SetImage(const InstallConfig& install_config) {
     return false;
   }
 
+  string rootfs_sectors;
+  string verity_algorithm;
+  string expected_hash;
+  string salt;
   // Extract specific verity arguments
-  string rootfs_sectors = ExtractKernelArg(verity_args, "hashstart");
-  string verity_algorithm = ExtractKernelArg(verity_args, "alg");
-  string expected_hash = ExtractKernelArg(verity_args, "root_hexdigest");
-  string salt = ExtractKernelArg(verity_args, "salt");
+  if (version == 1) {
+    std::vector<string> verity_parts = base::SplitString(
+        verity_args, " ", base::KEEP_WHITESPACE, base::SPLIT_WANT_ALL);
+    rootfs_sectors = verity_parts[9];
+    verity_algorithm = verity_parts[10];
+    expected_hash = verity_parts[11];
+    salt = verity_parts[12];
+  } else {
+    rootfs_sectors = ExtractKernelArg(verity_args, "hashstart");
+    verity_algorithm = ExtractKernelArg(verity_args, "alg");
+    expected_hash = ExtractKernelArg(verity_args, "root_hexdigest");
+    salt = ExtractKernelArg(verity_args, "salt");
+  }
 
   bool enable_rootfs_verification = IsReadonly(kernel_config_root);
 
@@ -109,9 +127,16 @@ bool SetImage(const InstallConfig& install_config) {
   LOG(INFO) << "Setting up verity.";
   LoggingTimerStart();
   verity::DmBht bht;
+  uint64_t sectors;
+  if (version == 1) {
+    sectors = (atoi(rootfs_sectors.c_str()) << 3) / 8;
+  } else {
+    sectors = (atoi(rootfs_sectors.c_str())) / 8;
+  }
+
   int result = chromeos_verity(&bht, verity_algorithm,
                                install_config.root.device(), getpagesize(),
-                               (uint64_t)(atoi(rootfs_sectors.c_str()) / 8),
+                               sectors,
                                salt, expected_hash, enable_rootfs_verification);
   LoggingTimerFinish();
 
-- 
2.38.0.413.g74048e4d9e-goog