From 521e7b040a6011fd66d22be0c98b14ab40eca28b Mon Sep 17 00:00:00 2001
From: Paul Gortmaker <paul.gortmaker@windriver.com>
Date: Wed, 21 Jun 2023 10:13:34 -0700
Subject: dm-verity: hook separate hash into initramfs framework

The prior commits create the separate hash so now it is time to update
the initramfs framework so that veritysetup, which is responsible for
binding the data and hash, is aware of when separate hash is in use,
and can react accordingly.

The added code follows the existing appended hash code style, but is
considerably smaller because it doesn't have the large case statement
that supports all possible identification schemes (label, UUID, ...).

With the root hash split in two to create the respective partition
UUIDs, we know exactly how to identify it, and the UUIDs used.

Signed-off-by: Paul Gortmaker <paul.gortmaker@windriver.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
---
 .../initrdscripts/initramfs-framework-dm/dmverity  | 29 ++++++++++++++++++++++
 1 file changed, 29 insertions(+)

diff --git a/recipes-core/initrdscripts/initramfs-framework-dm/dmverity b/recipes-core/initrdscripts/initramfs-framework-dm/dmverity
index 71afc91..1923490 100644
--- a/recipes-core/initrdscripts/initramfs-framework-dm/dmverity
+++ b/recipes-core/initrdscripts/initramfs-framework-dm/dmverity
@@ -8,12 +8,41 @@ dmverity_run() {
     DATA_SIZE="__not_set__"
     DATA_BLOCK_SIZE="__not_set__"
     ROOT_HASH="__not_set__"
+    SEPARATE_HASH="__not_set__"
 
     . /usr/share/misc/dm-verity.env
 
     C=0
     delay=${bootparam_rootdelay:-1}
     timeout=${bootparam_roottimeout:-5}
+
+    # we know exactly what we are looking for; don't need the wide hunt below
+    if [ "${SEPARATE_HASH}" -eq "1" ]; then
+        while [ ! -b "/dev/disk/by-partuuid/${ROOT_UUID}" ]; do
+            if [ $(( $C * $delay )) -gt $timeout ]; then
+                fatal "Root device (data) resolution failed"
+                exit 1
+            fi
+            debug "Sleeping for $delay second(s) to wait for root data to settle..."
+            sleep $delay
+            C=$(( $C + 1 ))
+        done
+
+        veritysetup \
+            --data-block-size=${DATA_BLOCK_SIZE} \
+            create rootfs \
+            /dev/disk/by-partuuid/${ROOT_UUID} \
+            /dev/disk/by-partuuid/${RHASH_UUID} \
+            ${ROOT_HASH}
+
+            mount \
+                 -o ro \
+                /dev/mapper/rootfs \
+                ${ROOTFS_DIR} || exit 2
+
+	    return
+    fi
+
     RDEV="$(realpath /dev/disk/by-partuuid/${bootparam_root#PARTUUID=} 2>/dev/null)"
     while [ ! -b "${RDEV}" ]; do
         if [ $(( $C * $delay )) -gt $timeout ]; then
-- 
cgit v1.2.3-54-g00ecf