From e2cd4f6d9a251532aec12b07bb08d0e00ce05ee4 Mon Sep 17 00:00:00 2001 From: Gabriel Valcazar Date: Wed, 19 May 2021 14:31:50 +0200 Subject: [PATCH] trustfence-initramfs: remove support for platforms with NAND internal storage This initramfs only makes sense in platforms with an eMMC as the internal storage, due to how the partition encryption support is implemented. In plaatforms that use NAND instead, ths initramfs offers no functionality and increases the recovery image size, so remove it. https://onedigi.atlassian.net/browse/DEL-7534 Signed-off-by: Gabriel Valcazar --- meta-digi-dey/classes/trustfence.bbclass | 2 +- .../trustfence/trustfence-initramfs.bb | 18 ++---- ...mfs-init_mmc => trustfence-initramfs-init} | 0 .../trustfence-initramfs-init_mtd | 60 ------------------- 4 files changed, 6 insertions(+), 74 deletions(-) rename meta-digi-dey/recipes-core/trustfence/trustfence-initramfs/{trustfence-initramfs-init_mmc => trustfence-initramfs-init} (100%) delete mode 100644 meta-digi-dey/recipes-core/trustfence/trustfence-initramfs/trustfence-initramfs-init_mtd diff --git a/meta-digi-dey/classes/trustfence.bbclass b/meta-digi-dey/classes/trustfence.bbclass index f4fa2b2cc..6a82aa75b 100644 --- a/meta-digi-dey/classes/trustfence.bbclass +++ b/meta-digi-dey/classes/trustfence.bbclass @@ -99,7 +99,7 @@ python () { d.setVar("TRUSTFENCE_ENCRYPT_PARTITIONS", "1"); # Enable the trustfence initramfs if and only if partition encryption is enabled - if (d.getVar("TRUSTFENCE_ENCRYPT_PARTITIONS", True) == "1"): + if (d.getVar("TRUSTFENCE_ENCRYPT_PARTITIONS", True) == "1" and d.getVar("STORAGE_MEDIA", True) == "mmc"): d.setVar("TRUSTFENCE_INITRAMFS_IMAGE", "dey-image-trustfence-initramfs"); else: d.setVar("TRUSTFENCE_INITRAMFS_IMAGE", ""); diff --git a/meta-digi-dey/recipes-core/trustfence/trustfence-initramfs.bb b/meta-digi-dey/recipes-core/trustfence/trustfence-initramfs.bb index ad6620112..aaab98523 100644 --- a/meta-digi-dey/recipes-core/trustfence/trustfence-initramfs.bb +++ b/meta-digi-dey/recipes-core/trustfence/trustfence-initramfs.bb @@ -1,22 +1,15 @@ -# Copyright (C) 2016-2020 Digi International Inc. +# Copyright (C) 2016-2021 Digi International Inc. SUMMARY = "Trustfence initramfs required files" LICENSE = "GPL-2.0" LIC_FILES_CHKSUM = "file://${COMMON_LICENSE_DIR}/GPL-2.0;md5=801f80980d171dd6425610833a22dbe6" -SRC_URI = " \ - ${@bb.utils.contains('STORAGE_MEDIA', 'mmc', 'file://trustfence-initramfs-init_mmc', '', d)} \ - ${@bb.utils.contains('STORAGE_MEDIA', 'mtd', 'file://trustfence-initramfs-init_mtd', '', d)} \ -" +SRC_URI = "file://trustfence-initramfs-init" S = "${WORKDIR}" do_install() { - if [ "${STORAGE_MEDIA}" = "mmc" ]; then - install -m 0755 trustfence-initramfs-init_mmc ${D}/init - else - install -m 0755 trustfence-initramfs-init_mtd ${D}/init - fi + install -m 0755 trustfence-initramfs-init ${D}/init } # Do not create debug/devel packages @@ -27,12 +20,11 @@ FILES_${PN} = "/" # Runtime packages used in 'trustfence-initramfs-init' RDEPENDS_${PN} = " \ libubootenv-bin \ - ${@bb.utils.contains('STORAGE_MEDIA', 'mmc', 'cryptsetup', '', d)} \ - ${@bb.utils.contains('STORAGE_MEDIA', 'mtd', 'mtd-utils-ubifs', '', d)} \ + cryptsetup \ trustfence-tool \ util-linux-findfs \ wipe \ " PACKAGE_ARCH = "${MACHINE_ARCH}" -COMPATIBLE_MACHINE = "(ccimx6|ccimx6ul|ccimx8x|ccimx8m)" +COMPATIBLE_MACHINE = "(ccimx6|ccimx8x|ccimx8m)" diff --git a/meta-digi-dey/recipes-core/trustfence/trustfence-initramfs/trustfence-initramfs-init_mmc b/meta-digi-dey/recipes-core/trustfence/trustfence-initramfs/trustfence-initramfs-init similarity index 100% rename from meta-digi-dey/recipes-core/trustfence/trustfence-initramfs/trustfence-initramfs-init_mmc rename to meta-digi-dey/recipes-core/trustfence/trustfence-initramfs/trustfence-initramfs-init diff --git a/meta-digi-dey/recipes-core/trustfence/trustfence-initramfs/trustfence-initramfs-init_mtd b/meta-digi-dey/recipes-core/trustfence/trustfence-initramfs/trustfence-initramfs-init_mtd deleted file mode 100644 index 80739af78..000000000 --- a/meta-digi-dey/recipes-core/trustfence/trustfence-initramfs/trustfence-initramfs-init_mtd +++ /dev/null @@ -1,60 +0,0 @@ -#!/bin/sh -#=============================================================================== -# -# trustfence-initramfs-init -# -# Copyright (C) 2016, 2017 by Digi International Inc. -# All rights reserved. -# -# This program is free software; you can redistribute it and/or modify it -# under the terms of the GNU General Public License version 2 as published by -# the Free Software Foundation. -# -# -# !Description: Init script for Trustfence initramfs -# -#=============================================================================== - -export PATH=/bin:/sbin:/usr/bin:/usr/sbin - -mkdir -p /proc /sys /dev -mount -t proc proc /proc -mount -t sysfs sysfs /sys -mount -t devtmpfs devtmpfs /dev - -# Set kernel console loglevel -LOGLEVEL="$(sysctl -n kernel.printk)" -sysctl -q -w kernel.printk=4 - -for arg in $(cat /proc/cmdline); do - case "${arg}" in - init=*|rescue=1|root=*) eval ${arg};; - esac -done - -# Translate "PARTUUID=..." to real device -root="/dev/$(findfs ${root})" - -# Jump to a rescue shell if requested -if [ -n "${rescue}" ]; then - # Expand console and respawn if exited - while true; do - setsid cttyhack sh -l - sleep 1 - done -fi - -# Mount device -mkdir -p /newroot -mount -t "ubifs" ${root} /newroot - -# -# Clean-up and do the switch_root to the final rootfs -# -# - restore previous kernel console loglevel -# - umount virtual filesystems -# -[ -n "${LOGLEVEL}" ] && sysctl -q -w kernel.printk="${LOGLEVEL}" -mount --move /dev /newroot/dev -umount /sys /proc -exec switch_root /newroot ${init:-/sbin/init}