우리는 squashfs 루트 파일 시스템에 dm-verity를 사용합니다.
커널 4.8.4에서는 모든 것이 잘 작동합니다. 커널 4.14.14로 업그레이드한 후 veritysetup verify명령이 이미지를 확인하더라도 설치가 실패합니다.
# veritysetup verify /dev/mmcblk0p5 /dev/mmcblk0p6 --hash-offset 4096 d35f95a4
b47c92332fbcf5aced9c4ed58eb2d5115bad4aa52bd9d64cc0ee676b --debug
# cryptsetup 1.7.4 processing "veritysetup verify /dev/mmcblk0p5 /dev/mmcblk0p6 --hash-offset 4096 d35f95a4b47c92332fbcf5aced9c4ed58eb2d5115bad4aa52bd9d64cc0ee676b --debug"
# Running command verify.
# Allocating crypt device /dev/mmcblk0p6 context.
# Trying to open and read device /dev/mmcblk0p6 with direct-io.
# Initialising device-mapper backend library.
# Trying to load VERITY crypt type from device /dev/mmcblk0p6.
# Crypto backend (OpenSSL 1.0.2m 2 Nov 2017) initialized in cryptsetup library version 1.7.4.
# Detected kernel Linux 4.14.14-yocto-standard armv7l.
# Reading VERITY header of size 512 on device /dev/mmcblk0p6, offset 4096.
# Setting ciphertext data device to /dev/mmcblk0p5.
# Trying to open and read device /dev/mmcblk0p5 with direct-io.
# Activating volume [none] by volume key.
# Trying to activate VERITY device [none] using hash sha256.
# Verification of data in userspace required.
# Hash verification sha256, data device /dev/mmcblk0p5, data blocks 10462, hash_device /dev/mmcblk0p6, offset 2.
# Using 2 hash levels.
# Data device size required: 42852352 bytes.
# Hash device size required: 348160 bytes.
# Verification of data area succeeded.
# Verification of root hash succeeded.
# Releasing crypt device /dev/mmcblk0p6 context.
# Releasing device-mapper backend.
Command successful.
# veritysetup create vroot /dev/mmcblk0p5 /dev/mmcblk0p6 --hash-offset 4096 d3
5f95a4b47c92332fbcf5aced9c4ed58eb2d5115bad4aa52bd9d64cc0ee676b --debug
# mount -o ro /dev/mapper/vroot /mnt/
device-mapper: verity: 179:5: metadata block 2 is corrupted
EXT4-fs (dm-0): unable to read superblock
device-mapper: verity: 179:5: metadata block 2 is corrupted
EXT4-fs (dm-0): unable to read superblock
device-mapper: verity: 179:5: metadata block 2 is corrupted
EXT4-fs (dm-0): unable to read superblock
device-mapper: verity: 179:5: metadata block 2 is corrupted
SQUASHFS error: squashfs_read_data failed to read block 0x0
squashfs: SQUASHFS error: unable to read squashfs_super_block
device-mapper: verity: 179:5: metadata block 2 is corrupted
FAT-fs (dm-0): unable to read boot sector
mount: mounting /dev/mapper/vroot on /mnt/ failed: Input/output error
dmesg에도 동일한 오류 메시지가 나타납니다. 위 명령은 대상 장치에서 실행됩니다.
내주인Machine, Debian 8(커널 3.16.0-5), /dev/mmcblk0p5 및 /dev/mmcblk0p6에 있는 파일을 사용하여 모든 것이 작동하도록 설정할 수 있었습니다.
# veritysetup create vroot rootfs-image.squashfs rootfs-image.hashtbl --hash-offset 4096 d35f95a4b47c92332fbcf5aced9c4ed58eb2d5115bad4aa52bd9d64cc0ee676b
# mount /dev/mapper/vroot /tmp/mnt
답변1
이를 통해 /proc/cryptosha256을 제공하는 두 개의 모듈이 있음을 발견했습니다. 하나는 Atmel의 모듈이고 다른 하나는 일반 모듈입니다.
name : sha256
driver : atmel-sha256
module : kernel
priority : 100
[...]
name : sha256
driver : sha256-generic
module : kernel
priority : 0
커널에서 Atmel SHA 하드웨어 가속기를 비활성화하면 CONFIG_CRYPTO_DEV_ATMEL_SHA=n일반 구현이 사용되며 모든 것이 제대로 작동합니다.
커널 4.8.4에서 커널 4.14.14로 변경되어 일부 문제가 발생한 것 같습니다. 그건 또 다른 질문인데...