wt., 10 mar 2020 o 22:33 Ayoub Zaki <ayoub.zaki@embexus.com> napisał(a):Do I implement do_install in image.bbclass so that initramfs can depend on core-image-full-cmdline:do_populate_sysroot and have the artifacts installed locally? But this would mean that the initramfs recipe deploys the main image artifact. Should we deploy the images earlier (before do_image_complete) for the initramfs recipe to fetch from DEPLOY_DIR_IMAGE? Any other ideas?I think that best thing is to implement the dm-verity stuffs as a wic plugin, check this example: https://github.com/intel/intel-iot-refkit/blob/master/meta-refkit-core/scripts/lib/wic/plugins/source/dm-verity.pyThis doesn't look like a correct solution. For starters: not every platform uses wic. The platform I'm aiming this at uses fastboot and requires separate images for each partition.
This plugin also seems to be unnecessarily complicated with additional signature for the verity hash tree. This is not needed as long as the root hash comes from a secure place - which it does in my case: the fitImage containing the initramfs is signed and the key is appended to u-boot's DTB. When do_image_wic starts, u-boot and initramfs assembly are long completed - another reason for not using a wic plugin.
I was referring to the plugin not the implementation which does
not work anyway...
Mit freundlichen Grüßen / Kind regards -- Ayoub Zaki Embedded Systems Consultant Vaihinger Straße 2/1 D-71634 Ludwigsburg Mobile : +4917662901545 Email : ayoub.zaki@embexus.com Homepage : https://embexus.com VAT No. : DE313902634