From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <devel-bounces@spectrum-os.org>
X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on atuin.qyliss.net
X-Spam-Level: 
X-Spam-Status: No, score=-4.6 required=3.0 tests=BAYES_00,DKIM_SIGNED,
	DKIM_VALID,DKIM_VALID_AU,HEADER_FROM_DIFFERENT_DOMAINS,
	MAILING_LIST_MULTI,RCVD_IN_DNSWL_LOW,SPF_HELO_PASS,
	T_SCC_BODY_TEXT_LINE autolearn=unavailable autolearn_force=no
	version=3.4.6
Received: from atuin.qyliss.net (localhost [IPv6:::1])
	by atuin.qyliss.net (Postfix) with ESMTP id 17F815C35B;
	Thu,  1 Sep 2022 10:47:08 +0000 (UTC)
Received: by atuin.qyliss.net (Postfix, from userid 496)
	id AC5E55C2E4; Thu,  1 Sep 2022 10:47:05 +0000 (UTC)
Received: from wout2-smtp.messagingengine.com (wout2-smtp.messagingengine.com
 [64.147.123.25])
	by atuin.qyliss.net (Postfix) with ESMTPS id 65E365C2E2
	for <devel@spectrum-os.org>; Thu,  1 Sep 2022 10:47:01 +0000 (UTC)
Received: from compute5.internal (compute5.nyi.internal [10.202.2.45])
	by mailout.west.internal (Postfix) with ESMTP id 6AB8A3200949;
	Thu,  1 Sep 2022 06:46:59 -0400 (EDT)
Received: from mailfrontend1 ([10.202.2.162])
  by compute5.internal (MEProxy); Thu, 01 Sep 2022 06:46:59 -0400
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=alyssa.is; h=cc
	:cc:content-transfer-encoding:date:date:from:from:in-reply-to
	:message-id:mime-version:reply-to:sender:subject:subject:to:to;
	 s=fm3; t=1662029218; x=1662115618; bh=VWETfSg+zd9HhoBvvpescInE2
	hUfenPnNvi4pbV1c7I=; b=TY44nXJ39pNe1p9E9QDekS83qe1Vif4TlOg7OXe5s
	XZJhi0qYIKTLYNOgn79S4R07Zpdei1Fvfly+/siogssGW8BBP6CdjtY9MXuIbmVR
	vF0tkftPb3/F7yEZ7OjcMimo8/mJbor30uarKuqfadlh2OXYYa3hNvxKm01ma+dj
	I98hikEzGfH8hLMpMzAWXeDbi9hyWXiz4k4gWk1zB4TXyaWL7IOshqfQalr4JuSk
	0zjQ3nxR8XfpFWpMKufdxJTemXE5aXY2E8x4wtbKpW30dinKpLeT5x/LR2zp04F7
	z2V9OJ1qoVbR9nbTIlpX++V4uzGoC4ACrvFOK+4Hu2Wsw==
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=
	messagingengine.com; h=cc:cc:content-transfer-encoding:date:date
	:feedback-id:feedback-id:from:from:in-reply-to:message-id
	:mime-version:reply-to:sender:subject:subject:to:to:x-me-proxy
	:x-me-proxy:x-me-sender:x-me-sender:x-sasl-enc; s=fm1; t=
	1662029218; x=1662115618; bh=VWETfSg+zd9HhoBvvpescInE2hUfenPnNvi
	4pbV1c7I=; b=NjxZL34p4h3n6FyvXQrF3s281LbTSb+yzsVq3fCc6TDwoVzRowk
	1p5Pc8NKr9vAfIQyo2+nATV/olDygJd+EyUdHrxg6x7UDMwMMI4Ob9CKCKpJ67r9
	cmaoU5OW1nuD7HMxQOwI63nS5Xa9ibur00cbvJYyu8R4vFR1aO2pH8yNWMv/yxI4
	/R0HsoJz4PqGLg6tr7XG/zyljWIz0GmQFPpC+EOX1TaoTkdzib27WpHaR+C6NR6K
	RK+5kL7vR9xQKJz3RtjkN0vFKrEUBcF6JSMSYVGiO9dACpKFjnKXoNc08dlF61Et
	JrjMZYG5ghQ7rIDeMgxh6S9DNBXH2YDnEGw==
X-ME-Sender: <xms:oo0QY8DkXVjeiXYDiBx5-9O3Ll86QCu1M6Ho8czZiqjdnQw1cff1TA>
    <xme:oo0QY-gBdaQogoB7TTUq7MGsJL_OytaxRS_VA478TeR6-8on42xgvNmwhWUix5aDW
    JCExrAYpkwNmJW1bg>
X-ME-Received: 
 <xmr:oo0QY_mXyA5SYMy8iVXjW8oFdaZ8eROlHJ2KbtXou6lZaklhrAXHd92Pkxd0SXwH5zDATJy55yKqiaVJM_Bdpud8UrFkftYaNQ>
X-ME-Proxy-Cause: 
 gggruggvucftvghtrhhoucdtuddrgedvfedrvdekkedgfeegucetufdoteggodetrfdotf
    fvucfrrhhofhhilhgvmecuhfgrshhtofgrihhlpdfqfgfvpdfurfetoffkrfgpnffqhgen
    uceurghilhhouhhtmecufedttdenucesvcftvggtihhpihgvnhhtshculddquddttddmne
    cujfgurhephffvvefufffkofgggfestdekredtredttdenucfhrhhomheptehlhihsshgr
    ucftohhsshcuoehhihesrghlhihsshgrrdhisheqnecuggftrfgrthhtvghrnheptedugf
    duteevudehgfeuteetudejfeeufeehkeekjeetieeikeehveegkeeifffhnecuffhomhgr
    ihhnpehthhhrohhughhhrdgsuhhilhgupdgrghgrihhnrdgsuhhilhgupdhlihhnuhigqd
    hkvghrnhgvlhdrthgrrhhgvghtnecuvehluhhsthgvrhfuihiivgeptdenucfrrghrrghm
    pehmrghilhhfrhhomhepqhihlhhishhsseigvddvtddrqhihlhhishhsrdhnvght
X-ME-Proxy: <xmx:oo0QYyzXYdAyzkSDnfGdUmD-wQV7ZFutyTQpwiJ7exvwS4mYIlby2w>
    <xmx:oo0QYxTqzWFEfg_a6owucHiThyXAozt7ZvtZImsJD8w8jtvBMgJDvQ>
    <xmx:oo0QY9Y-UUgUZgyiUwrtUh5WJtRTRt1Xk2svLgVwFpHnCpPtRkf2YA>
    <xmx:oo0QYy5biURzDcuWYerjwaxgbHpAj3W2-1Fd3gmiocgkwIwYm1o3_A>
Feedback-ID: i12284293:Fastmail
Received: by mail.messagingengine.com (Postfix) with ESMTPA; Thu,
 1 Sep 2022 06:46:58 -0400 (EDT)
Received: by x220.qyliss.net (Postfix, from userid 1000)
	id E02ED6D8; Thu,  1 Sep 2022 10:46:55 +0000 (UTC)
From: Alyssa Ross <hi@alyssa.is>
To: devel@spectrum-os.org
Subject: [PATCH 1/2] host/rootfs: use initramfs in "make run"
Date: Thu,  1 Sep 2022 10:46:28 +0000
Message-Id: <20220901104629.863380-1-hi@alyssa.is>
X-Mailer: git-send-email 2.37.1
MIME-Version: 1.0
Content-Transfer-Encoding: 8bit
Message-ID-Hash: N3BLJ254SGZBWAMLLEW6ZAMO5MNDGJJG
X-Message-ID-Hash: N3BLJ254SGZBWAMLLEW6ZAMO5MNDGJJG
X-MailFrom: qyliss@x220.qyliss.net
X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; emergency;
 loop; banned-address; member-moderation; header-match-config-1;
 header-match-devel.spectrum-os.org-0; header-match-devel.spectrum-os.org-1;
 header-match-devel.spectrum-os.org-2; nonmember-moderation; administrivia;
 implicit-dest; max-recipients; max-size; news-moderation; no-subject;
 digests; suspicious-header
CC: =?UTF-8?q?Jos=C3=A9=20Pekkarinen?= <jose.pekkarinen@unikie.com>
X-Mailman-Version: 3.3.5
Precedence: list
List-Id: Patches and low-level development discussion <devel.spectrum-os.org>
Archived-At: 
 <https://spectrum-os.org/lists/hyperkitty/list/devel@spectrum-os.org/message/N3BLJ254SGZBWAMLLEW6ZAMO5MNDGJJG/>
List-Archive: 
 <https://spectrum-os.org/lists/hyperkitty/list/devel@spectrum-os.org/>
List-Help: <mailto:devel-request@spectrum-os.org?subject=help>
List-Owner: <mailto:devel-owner@spectrum-os.org>
List-Post: <mailto:devel@spectrum-os.org>
List-Subscribe: <mailto:devel-join@spectrum-os.org>
List-Unsubscribe: <mailto:devel-leave@spectrum-os.org>

This will allow us to stop compiling e.g. the virtio-blk module into
the kernel, because it will be loaded by the initramfs.

This introduces some duplication between the rootfs and initramfs's
Makefiles.  I don't think it's worth the effort at the moment to try
to reduce that, because it would come at the expense of additional
complexity in the Makefiles.  We can revisit this later if we want to.

Signed-off-by: Alyssa Ross <hi@alyssa.is>
---
 host/rootfs/Makefile  | 32 ++++++++++++++++++++++++++++----
 host/rootfs/shell.nix | 10 ++++++++--
 2 files changed, 36 insertions(+), 6 deletions(-)

diff --git a/host/rootfs/Makefile b/host/rootfs/Makefile
index 41cf87c..31f76d2 100644
--- a/host/rootfs/Makefile
+++ b/host/rootfs/Makefile
@@ -6,6 +6,9 @@
 # QEMU_KVM = qemu-system-x86_64 -enable-kvm.
 QEMU_KVM = qemu-kvm
 
+SCRIPTS = ../../scripts
+VERITYSETUP = veritysetup
+
 # tar2ext4 will leave half a filesystem behind if it's interrupted
 # half way through.
 build/rootfs.ext4: build/rootfs.tar
@@ -116,16 +119,37 @@ clean:
 	rm -rf build
 .PHONY: clean
 
-run: build/rootfs.ext4 $(EXT_FS)
+# veritysetup format produces two files, but Make only (portably)
+# supports one output per rule, so we combine the two outputs then
+# define two more rules to separate them again.
+build/rootfs.verity: build/rootfs.ext4
+	$(VERITYSETUP) format build/rootfs.ext4 build/rootfs.verity.superblock.tmp \
+	    | awk -F ':[[:blank:]]*' '$$1 == "Root hash" {print $$2; exit}' \
+	    > build/rootfs.verity.roothash.tmp
+	cat build/rootfs.verity.roothash.tmp build/rootfs.verity.superblock.tmp \
+	    > $@
+	rm build/rootfs.verity.roothash.tmp build/rootfs.verity.superblock.tmp
+build/rootfs.verity.roothash: build/rootfs.verity
+	head -n 1 build/rootfs.verity > $@
+build/rootfs.verity.superblock: build/rootfs.verity
+	tail -n +2 build/rootfs.verity > $@
+
+build/live.img: $(SCRIPTS)/format-uuid.sh $(SCRIPTS)/make-gpt.sh build/rootfs.verity.superblock build/rootfs.verity.roothash build/rootfs.ext4
+	$(SCRIPTS)/make-gpt.sh $@.tmp \
+	    build/rootfs.verity.superblock:2c7357ed-ebd2-46d9-aec1-23d437ec2bf5:$$($(SCRIPTS)/format-uuid.sh "$$(dd if=build/rootfs.verity.roothash bs=32 skip=1 count=1 status=none)") \
+	    build/rootfs.ext4:4f68bce3-e8cd-4db1-96e7-fbcaf984b709:$$($(SCRIPTS)/format-uuid.sh "$$(head -c 32 build/rootfs.verity.roothash)")
+	mv $@.tmp $@
+
+run: build/live.img $(EXT_FS) build/rootfs.verity.roothash
 	$(QEMU_KVM) -cpu host -m 2G \
-	    -machine q35,kernel=$(KERNEL),kernel-irqchip=split \
+	    -machine q35,kernel=$(KERNEL),kernel-irqchip=split,initrd=$(INITRAMFS) \
 	    -display gtk,gl=on \
 	    -qmp unix:vmm.sock,server,nowait \
 	    -monitor vc \
 	    -parallel none \
-	    -drive file=build/rootfs.ext4,if=virtio,format=raw,readonly=on \
+	    -drive file=build/live.img,if=virtio,format=raw,readonly=on \
 	    -drive file=$(EXT_FS),if=virtio,format=raw,readonly=on \
-	    -append "console=ttyS0 root=/dev/vda ext=/dev/vdb intel_iommu=on" \
+	    -append "console=ttyS0 roothash=$$(< build/rootfs.verity.roothash) ext=/dev/vdb intel_iommu=on" \
 	    -device intel-iommu,intremap=on \
 	    -device virtio-vga-gl \
 	    -device vhost-vsock-pci,guest-cid=3
diff --git a/host/rootfs/shell.nix b/host/rootfs/shell.nix
index 3b2310f..fe9df1b 100644
--- a/host/rootfs/shell.nix
+++ b/host/rootfs/shell.nix
@@ -1,18 +1,24 @@
 # SPDX-License-Identifier: MIT
 # SPDX-FileCopyrightText: 2021 Alyssa Ross <hi@alyssa.is>
+# SPDX-FileCopyrightText: 2022 Unikie
 
 { pkgs ? import <nixpkgs> {} }:
 
+let
+  rootfs = import ./. { inherit pkgs; };
+in
+
 with pkgs;
 
-(import ./. { inherit pkgs; }).overrideAttrs (
+rootfs.overrideAttrs (
 { passthru ? {}, nativeBuildInputs ? [], ... }:
 
 {
   nativeBuildInputs = nativeBuildInputs ++ [
-    jq netcat qemu_kvm reuse util-linux
+    cryptsetup jq netcat qemu_kvm reuse util-linux
   ];
 
   EXT_FS = pkgsStatic.callPackage ../initramfs/extfs.nix { inherit pkgs; };
+  INITRAMFS = import ../initramfs { inherit pkgs rootfs; };
   KERNEL = "${passthru.kernel}/${stdenv.hostPlatform.linux-kernel.target}";
 })
-- 
2.37.1