| From f1f6ccb855ba3ae9b6b970304a28b9380d62367b Mon Sep 17 00:00:00 2001 |
| From: Meena Shanmugam <meenashanmugam@google.com> |
| Date: Mon, 10 Oct 2022 00:10:18 +0000 |
| Subject: [PATCH] LAKITU:chromeos-installer: Update postinstall programs to use |
| new dm format. |
| |
| COS uses upstream dm format for the upcoming releases. Automatic updates |
| update the bootloader configurations. Inorder to auto-update work with |
| the upstream format, these auto-update postinstall programs need to be |
| modified to support both new and old format. Once these changes are |
| approved and merged in chromeOS upstream, this patch can be removed. |
| |
| Change-Id: Icb9af46e0b2bed4aa7c44f658d1b49252fc993bc |
| --- |
| installer/chromeos_legacy.cc | 31 ++++++++++++++++++++++++------ |
| installer/chromeos_setimage.cc | 35 +++++++++++++++++++++++++++++----- |
| 2 files changed, 55 insertions(+), 11 deletions(-) |
| |
| diff --git a/installer/chromeos_legacy.cc b/installer/chromeos_legacy.cc |
| index 2ebc7e9d51..9bc2cd0813 100644 |
| --- a/installer/chromeos_legacy.cc |
| +++ b/installer/chromeos_legacy.cc |
| @@ -43,7 +43,10 @@ std::string EfiGrubCfg::GetKernelCommand(BootSlot slot, |
| if (line.find(kernel_pattern) == string::npos) |
| continue; |
| |
| - if (ExtractKernelArg(line, "dm").empty() == want_empty_dm) |
| + bool got_empty_dm = |
| + ExtractKernelArg(line, "dm").empty() && |
| + ExtractKernelArg(line, "dm-mod.create").empty(); |
| + if (got_empty_dm == want_empty_dm) |
| return line; |
| } |
| return ""; |
| @@ -59,7 +62,10 @@ bool EfiGrubCfg::ReplaceKernelCommand(BootSlot slot, |
| if (line.find(kernel_pattern) == string::npos) |
| continue; |
| |
| - if (ExtractKernelArg(line, "dm").empty() == want_empty_dm) { |
| + bool got_empty_dm = |
| + ExtractKernelArg(line, "dm").empty() && |
| + ExtractKernelArg(line, "dm-mod.create").empty(); |
| + if (got_empty_dm == want_empty_dm) { |
| DLOG(INFO) << "Replacing: " << line; |
| line = cmd; |
| // Continue to replace all matching lines. |
| @@ -100,15 +106,25 @@ bool EfiGrubCfg::UpdateBootParameters(BootSlot slot, |
| continue; |
| |
| DLOG(INFO) << "Updating command: " << line; |
| - if (ExtractKernelArg(line, "dm").empty()) { |
| + if (ExtractKernelArg(line, "dm").empty() && |
| + ExtractKernelArg(line, "dm-mod.create").empty()) { |
| // If it's an unverified boot line, just set the root partition to boot. |
| if (!SetKernelArg("root", "PARTUUID=" + root_uuid, &line)) { |
| LOG(ERROR) << "Unable to update unverified root flag in " << line; |
| return false; |
| } |
| - } else if (!SetKernelArg("dm", verity_args, &line)) { |
| - LOG(INFO) << "Unable to update verified dm flag."; |
| - return false; |
| + } else { |
| + if (!SetKernelArg("dm", verity_args, &line)) { |
| + if (!SetKernelArg("dm-mod.create", verity_args, &line)) { |
| + LOG(INFO) << "Unable to update verified dm flag."; |
| + return false; |
| + } |
| + } |
| + // Update grub.cfg with the new dm format |
| + std::size_t found = line.find("dm="); |
| + if (found != std::string::npos) { |
| + line.replace(found, 3, "dm-mod.create="); |
| + } |
| } |
| } |
| return true; |
| @@ -149,6 +165,9 @@ bool UpdateLegacyKernel(const InstallConfig& install_config) { |
| string ExpandVerityArguments(const string& kernel_config, |
| const string& root_uuid) { |
| string kernel_config_dm = ExtractKernelArg(kernel_config, "dm"); |
| + if ( kernel_config_dm.empty()) { |
| + kernel_config_dm = ExtractKernelArg(kernel_config, "dm-mod.create"); |
| + } |
| |
| // The verity config from the kernel contains short hand symbols for |
| // partition names that we have to expand to specific UUIDs. |
| diff --git a/installer/chromeos_setimage.cc b/installer/chromeos_setimage.cc |
| index ff13439430..3af4d6589c 100644 |
| --- a/installer/chromeos_setimage.cc |
| +++ b/installer/chromeos_setimage.cc |
| @@ -78,7 +78,12 @@ bool SetImage(const InstallConfig& install_config) { |
| |
| base::FilePath kernel_config_root = |
| base::FilePath(ExtractKernelArg(kernel_config, "root")); |
| + int version = 0; |
| string dm_config = ExtractKernelArg(kernel_config, "dm"); |
| + if (dm_config.empty()) { |
| + dm_config = ExtractKernelArg(kernel_config, "dm-mod.create"); |
| + version =1; |
| + } |
| std::vector<string> dm_parts = base::SplitString( |
| dm_config, ",", base::KEEP_WHITESPACE, base::SPLIT_WANT_ALL); |
| |
| @@ -96,11 +101,24 @@ bool SetImage(const InstallConfig& install_config) { |
| return false; |
| } |
| |
| + string rootfs_sectors; |
| + string verity_algorithm; |
| + string expected_hash; |
| + string salt; |
| // Extract specific verity arguments |
| - string rootfs_sectors = ExtractKernelArg(verity_args, "hashstart"); |
| - string verity_algorithm = ExtractKernelArg(verity_args, "alg"); |
| - string expected_hash = ExtractKernelArg(verity_args, "root_hexdigest"); |
| - string salt = ExtractKernelArg(verity_args, "salt"); |
| + if (version == 1) { |
| + std::vector<string> verity_parts = base::SplitString( |
| + verity_args, " ", base::KEEP_WHITESPACE, base::SPLIT_WANT_ALL); |
| + rootfs_sectors = verity_parts[9]; |
| + verity_algorithm = verity_parts[10]; |
| + expected_hash = verity_parts[11]; |
| + salt = verity_parts[12]; |
| + } else { |
| + rootfs_sectors = ExtractKernelArg(verity_args, "hashstart"); |
| + verity_algorithm = ExtractKernelArg(verity_args, "alg"); |
| + expected_hash = ExtractKernelArg(verity_args, "root_hexdigest"); |
| + salt = ExtractKernelArg(verity_args, "salt"); |
| + } |
| |
| bool enable_rootfs_verification = IsReadonly(kernel_config_root); |
| |
| @@ -110,9 +128,16 @@ bool SetImage(const InstallConfig& install_config) { |
| LOG(INFO) << "Setting up verity."; |
| LoggingTimerStart(); |
| verity::DmBht bht; |
| + uint64_t sectors; |
| + if (version == 1) { |
| + sectors = (atoi(rootfs_sectors.c_str()) << 3) / 8; |
| + } else { |
| + sectors = (atoi(rootfs_sectors.c_str())) / 8; |
| + } |
| + |
| int result = chromeos_verity(&bht, verity_algorithm, |
| install_config.root.device(), getpagesize(), |
| - (uint64_t)(atoi(rootfs_sectors.c_str()) / 8), |
| + sectors, |
| salt, expected_hash, enable_rootfs_verification); |
| LoggingTimerFinish(); |
| |
| -- |
| 2.41.0.390.g38632f3daf-goog |
| |