[OE-core] Solving a circular dependency issue between the main image and initramfs
Bartosz Golaszewski
brgl at bgdev.pl
Tue Mar 10 22:02:51 UTC 2020
wt., 10 mar 2020 o 22:33 Ayoub Zaki <ayoub.zaki at embexus.com> napisał(a):
>
> >
> > Do I implement do_install in image.bbclass so that initramfs can
> > depend on core-image-full-cmdline:do_populate_sysroot and have the
> > artifacts installed locally? But this would mean that the initramfs
> > recipe deploys the main image artifact. Should we deploy the images
> > earlier (before do_image_complete) for the initramfs recipe to fetch
> > from DEPLOY_DIR_IMAGE? Any other ideas?
>
>
> I think that best thing is to implement the dm-verity stuffs as a wic
> plugin, check this example:
>
>
> https://github.com/intel/intel-iot-refkit/blob/master/meta-refkit-core/scripts/lib/wic/plugins/source/dm-verity.py
>
This doesn't look like a correct solution. For starters: not every
platform uses wic. The platform I'm aiming this at uses fastboot and
requires separate images for each partition.
This plugin also seems to be unnecessarily complicated with additional
signature for the verity hash tree. This is not needed as long as the
root hash comes from a secure place - which it does in my case: the
fitImage containing the initramfs is signed and the key is appended to
u-boot's DTB. When do_image_wic starts, u-boot and initramfs assembly
are long completed - another reason for not using a wic plugin.
Best regards,
Bartosz Golaszewski
More information about the Openembedded-core
mailing list