From 00d30ee9a056ff0e81ca92a2e8e9879614cc8886 Mon Sep 17 00:00:00 2001 From: Tatiana Leon Date: Wed, 1 Mar 2017 22:37:46 +0100 Subject: [PATCH] recovery init: cc6ul: set rootfs enc flag when setting a new key For CC6UL, when setting a new key, an "enc" flag must be added to the rootfs in the "mtdparts" U-Boot variable. After that a reboot is needed, so the recovery command must be modified to remove the encryption key and proceed with the rest of commands in the next boot. When updating the firmware, a format of the rootfs partition is always performed, independently if a new encryption key has just been configured. In case only the encryption key is being configured, we also need to reboot to format the rootfs properly. https://jira.digi.com/browse/DEL-3685 Signed-off-by: Tatiana Leon --- .../recovery-initramfs-init | 68 ++++++++++++++++++- 1 file changed, 67 insertions(+), 1 deletion(-) diff --git a/meta-digi-dey/recipes-core/recovery/recovery-initramfs/recovery-initramfs-init b/meta-digi-dey/recipes-core/recovery/recovery-initramfs/recovery-initramfs-init index 9e5b3e8cb..5fa2b168d 100644 --- a/meta-digi-dey/recipes-core/recovery/recovery-initramfs/recovery-initramfs-init +++ b/meta-digi-dey/recipes-core/recovery/recovery-initramfs/recovery-initramfs-init @@ -87,6 +87,18 @@ read_uboot_var() { eval "${2}=\"$(fw_printenv -n ${1} 2>/dev/null)\"" } +#------------------------------------------------------------------------------ +# Function - set_uboot_var +# +# Sets the given U-Boot variable. +# +# @param ${1} - U-Boot variable to set. +# @param ${2} - Value to set. +#------------------------------------------------------------------------------ +set_uboot_var() { + fw_setenv ${1} ${2} 2>/dev/null +} + #------------------------------------------------------------------------------ # Function - psplash_message # @@ -280,8 +292,10 @@ format_ubi_volume() { ubimkvol "/dev/ubi${dev_number}" -m -N "${1}" >/dev/null 2>&1 if [ "$?" = "0" ]; then # Configure the empty UBIFS partition to use ZLIB + [ "${1}" = "update" ] && UBIFS_COMPRESSION="-x zlib" + volid="$(ubinfo "/dev/ubi${dev_number}" -N "${1}" | sed -ne 's,Volume ID:[[:blank:]]\+\([0-9]\+\)[[:blank:]]\+.*,\1,g;T;p')" - mkfs.ubifs -x zlib -F /dev/ubi${dev_number}_${volid} + mkfs.ubifs ${UBIFS_COMPRESSION} -F /dev/ubi${dev_number}_${volid} psplash_progress "100" log "Partition '${1}' successfully erased!" # Detach MTD partition. @@ -343,6 +357,48 @@ swu_package_path() { fi } +#------------------------------------------------------------------------------ +# Function - set_encryption_flag +# +# Set the rootfs encryption flag to the mtdparts variable. +#------------------------------------------------------------------------------ +set_encryption_flag() { + if [ "$(is_nand)" = "no" ]; then + return + fi + + # Read the mtdparts variable. + read_uboot_var mtdparts mtdparts + + # Check if there is any command. + if [ -z "${mtdparts}" ]; then + quit_with_error "No mtdparts found" + fi + + # Parse the mtdparts value. + case "${mtdparts}" in + *\(rootfs\)enc*) + # Partition already flagged. + ;; + *\(rootfs\)*) + # Add the flag to the rootfs. + local new_mtdparts=$(echo "${mtdparts}" | sed "s/(rootfs)/(rootfs)enc/g") + set_uboot_var mtdparts "${new_mtdparts}" + ;; + *) + quit_with_error "Error flagging rootfs as encrypted" + ;; + esac + + if [ -n "${update_package_bool}" ]; then + # Modify the recovery command not to set again the key. + new_command=$(echo "${COMMAND}" | sed "s/encryption_key=[^ ]*//g") + set_uboot_var "${ENV_RECOVERY_COMMAND}" "${new_command}" + psplash_progress "100" + reboot_system + fi +} + # Main #------------------------------------------------------------------------------ # Setup the environment. @@ -421,6 +477,9 @@ if [ -n "${encryption_key_bool}" ]; then quit_with_error "Error configuring trustfence encryption key" fi + # Set the encryption flag to the rootfs. + set_encryption_flag + # Format partition. if [ "$(is_nand)" = "no" ]; then psplash_message "Formatting rootfs partition..." @@ -441,6 +500,13 @@ if [ -n "${update_package_bool}" ]; then # Give some time for the devices to settle down sleep 5 + # Format the UBI volume before updating. + if [ "$(is_nand)" = "yes" ]; then + psplash_message "Formatting rootfs partition..." + format_ubi_volume rootfs + psplash_progress "0" + fi + mount_external_disks mount_partition update "${UPDATE_MOUNT_DIR}"