blog
0%

dm-verity 移植

发表于 更新于 分类于 Valine:

buildroot 编译 cryptsetup

需要编译依赖包: libdevmapper libpopt libuuid libjson-c libcrypto (openssl包)
嵌入式平台编译比较麻烦, 交叉工具链会报很多头文件 库文件的错误, 建议直接由buildroot编译交叉工具链, 这样后续生成的库文件 头文件才能正常找到, 还有cmake 用到的.cmake 包, pkgconfig的路径等.

最终生成文件 cryptsetup veritysetup dmsetup libcryptsetup.so

测试

1
2
3
4
5
6
mkfs.ext4 -b 4096 fs.img 4096
veritysetup format fs.img hashtree.img
#as: Root hash:              d004843ab1abc42dbdcf320b7189d871536cdf6e5e6e2c03c2c0fd20dfc2fe9a
记下$root_hash
veritysetup create vroot fs.img hashtree.img $root_hash
mount /dev/mapper/vroot mount_point

编译kernel 支持dm-verity

1
2
3
4
5
make menuconfig
# Find the following options in the menuconfig and change them as described:
# Device Drivers → Multiple devices driver support (RAID and LVM) → Device mapper support → change to * (YES)
# Device Drivers → Multiple devices driver support (RAID and LVM) → Device mapper support → DM "dm-mod.create=" parameter support → change to * (YES)
# Device Drivers → Multiple devices driver support (RAID and LVM) → Device mapper support → Verity target support → change to * (YES)

kernel 调试

去掉优化

子模块中的Makefile可以通过CFLAGS_xxx.o += -O0 去掉某个源文件的编译优化
但还是有很多文件不支持 -O0 编译, 可以再细分, 按函数就行 -O0 编译
__attribute__((optimize("O0")))