| b.liu | e958203 | 2025-04-17 19:18:16 +0800 | [diff] [blame] | 1 | #!/bin/bash |
| 2 | |
| 3 | TOPDIR=$1 |
| 4 | STAGING_DIR_HOST=$2 |
| 5 | squashfs=$3 |
| 6 | dm_crypt_cfg=$4 |
| 7 | |
| 8 | SECTOR_SIZE=512 |
| 9 | BLOCK_SIZE=4096 |
| 10 | |
| 11 | align_up() { |
| 12 | local offset=$1 |
| 13 | local size=$2 |
| 14 | |
| 15 | echo $(((($offset + ($size - 1)) / $size) * $size)) |
| 16 | } |
| 17 | |
| 18 | verity_get_meta() { |
| 19 | local needle="$1" |
| 20 | local haystack="$2" |
| 21 | |
| 22 | echo "$haystack" | grep "$needle" | cut -d: -f2 | tr -d '[ \t]' |
| 23 | } |
| 24 | |
| 25 | |
| 26 | if [[ "$dm_crypt_cfg" == "y" ]]; then |
| 27 | CRYPT_KEY_SIZE=32 |
| 28 | FIXED_KEY=2f54e5b40c9de5e4700d52f5d3938c1fd19a1d5e05b9dcf74c34a653b4b73ff5 |
| 29 | RANDOM_KEY=$(openssl rand -hex $CRYPT_KEY_SIZE) |
| 30 | |
| 31 | openssl enc -aes-$(($CRYPT_KEY_SIZE * 8))-ecb -e -in $squashfs -out "$squashfs"_enc -K $RANDOM_KEY |
| 32 | mv "$squashfs"_enc $squashfs |
| 33 | |
| 34 | ENCRYPTED_KEY=$(echo -ne $RANDOM_KEY | perl -ne 'print pack "H*", $_' | openssl enc \ |
| 35 | -aes-$(($CRYPT_KEY_SIZE * 8))-ecb -K $FIXED_KEY -nopad | perl -ne 'print unpack "H*", $_' | tr -d '\n') |
| 36 | fi |
| 37 | |
| 38 | VERITY_HASH_OFFSET=$(align_up $(stat --format=%s $squashfs) $BLOCK_SIZE) |
| 39 | VERITY_HASH_BLOCKS=$(($VERITY_HASH_OFFSET / $BLOCK_SIZE)) |
| 40 | #echo "hash-blocks:"${VERITY_HASH_BLOCKS} |
| 41 | |
| 42 | VERITY_META="$(veritysetup format \ |
| 43 | --hash-offset=$VERITY_HASH_OFFSET \ |
| 44 | "$squashfs" "$squashfs")" |
| 45 | |
| 46 | #echo "VERITY_META= :"${VERITY_META} |
| 47 | |
| 48 | VERITY_SALT=$(verity_get_meta Salt "$VERITY_META") |
| 49 | VERITY_ROOT=$(verity_get_meta Root "$VERITY_META") |
| 50 | |
| 51 | ROOT_SECTORS=$(($VERITY_HASH_OFFSET / $SECTOR_SIZE)) |
| 52 | |
| 53 | ROOT_VERITY="$VERITY_ROOT $VERITY_SALT" |
| 54 | SMASH_DM_MOD_CREATE="ROOT_SECTORS=$ROOT_SECTORS:HASH_BLOCKS=$VERITY_HASH_BLOCKS:HASHSALT=$ROOT_VERITY" |
| 55 | if [[ "$dm_crypt_cfg" == "y" ]]; then |
| 56 | SMASH_DM_MOD_CREATE="$SMASH_DM_MOD_CREATE:ENCRYPTED_KEY=$ENCRYPTED_KEY" |
| 57 | fi |
| 58 | DM_SIZE=`echo ${#SMASH_DM_MOD_CREATE}` |
| 59 | |
| 60 | DM_ALIGN_SIZE=0x20000 |
| 61 | ROOT_FS_SIZE=$(stat -c%s "$squashfs") |
| 62 | |
| 63 | BLOCK_MUL_SIZE=$(($ROOT_FS_SIZE / $DM_ALIGN_SIZE)) |
| 64 | |
| 65 | if [ $(($ROOT_FS_SIZE % $DM_ALIGN_SIZE)) -eq 0 ]; then |
| 66 | APPEND_POS=$ROOT_FS_SIZE |
| 67 | else |
| 68 | APPEND_POS=$((($BLOCK_MUL_SIZE + 1) * $DM_ALIGN_SIZE)) |
| 69 | fi |
| 70 | |
| 71 | FILL_SIZE=$(($APPEND_POS - $ROOT_FS_SIZE)) |
| 72 | dd if=/dev/zero of=$squashfs conv=notrunc bs=1 seek=$ROOT_FS_SIZE count=$FILL_SIZE |
| 73 | echo -n -e "DM_SIZE=$DM_SIZE:"${SMASH_DM_MOD_CREATE} | dd of=$squashfs conv=notrunc bs=1 seek=$APPEND_POS |
| 74 | |