mirror of
https://github.com/Divested-Mobile/DivestOS-Build.git
synced 2025-05-02 14:36:17 -04:00
Verity enablement overhaul
No change to AVB devices except for enabling on more Verity devices have the potential to regress by not booting No change to non-verity/avb devices Tested working on: mata, cheeseburger, fajita Signed-off-by: Tad <tad@spotco.us>
This commit is contained in:
Tad
parent
898c040ead
commit
809e03833e
15 changed files with 142 additions and 154 deletions
134
Scripts/Common/Enable_Verity.sh
Normal file
134
Scripts/Common/Enable_Verity.sh
Normal file
|
|
@ -0,0 +1,134 @@
|
|||
#!/bin/bash
|
||||
#DivestOS: A privacy focused mobile distribution
|
||||
#Copyright (c) 2021 Divested Computing Group
|
||||
#
|
||||
#This program is free software: you can redistribute it and/or modify
|
||||
#it under the terms of the GNU General Public License as published by
|
||||
#the Free Software Foundation, either version 3 of the License, or
|
||||
#(at your option) any later version.
|
||||
#
|
||||
#This program is distributed in the hope that it will be useful,
|
||||
#but WITHOUT ANY WARRANTY; without even the implied warranty of
|
||||
#MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
||||
#GNU General Public License for more details.
|
||||
#
|
||||
#You should have received a copy of the GNU General Public License
|
||||
#along with this program. If not, see <https://www.gnu.org/licenses/>.
|
||||
umask 0022;
|
||||
set -euo pipefail;
|
||||
source "$DOS_SCRIPTS_COMMON/Shell.sh";
|
||||
|
||||
cd "$DOS_BUILD_BASE";
|
||||
echo "Enabling verity...";
|
||||
|
||||
enableVerity() {
|
||||
if [ -d "$DOS_BUILD_BASE/$1" ]; then
|
||||
cd "$DOS_BUILD_BASE/$1";
|
||||
#TODO: skip if recoveryonly is set?
|
||||
sed -i '/\/system/{/verify/!s|wait|wait,verify|}' fstab.* root/fstab.* rootdir/fstab.* rootdir/*/fstab.* &>/dev/null || true;
|
||||
cd "$DOS_BUILD_BASE";
|
||||
echo "Enabled verity for $1";
|
||||
fi;
|
||||
}
|
||||
export -f enableVerity;
|
||||
|
||||
enableAVB() {
|
||||
if [ -d "$DOS_BUILD_BASE/$1" ]; then
|
||||
cd "$DOS_BUILD_BASE/$1";
|
||||
sed -i 's/--set_hashtree_disabled_flag//' *.mk &>/dev/null || true;
|
||||
sed -i 's/AVB_MAKE_VBMETA_IMAGE_ARGS += --flags 3/AVB_MAKE_VBMETA_IMAGE_ARGS += --flags 2/' *.mk &>/dev/null || true;
|
||||
echo "Enabled AVB for $1";
|
||||
cd "$DOS_BUILD_BASE";
|
||||
fi;
|
||||
}
|
||||
export -f enableAVB;
|
||||
|
||||
#Device Changes
|
||||
enableVerity "device/essential/mata";
|
||||
enableVerity "device/google/dragon";
|
||||
enableVerity "device/google/marlin";
|
||||
enableVerity "device/google/sailfish";
|
||||
enableVerity "device/htc/flounder";
|
||||
enableVerity "device/huawei/angler";
|
||||
enableVerity "device/lge/bullhead";
|
||||
enableVerity "device/moto/shamu";
|
||||
enableVerity "device/oneplus/cheeseburger";
|
||||
enableVerity "device/oneplus/dumpling";
|
||||
enableVerity "device/oneplus/msm8998-common";
|
||||
enableVerity "device/oneplus/oneplus3";
|
||||
enableVerity "device/razer/cheryl";
|
||||
enableVerity "device/yandex/Amber";
|
||||
enableVerity "device/zuk/msm8996-common";
|
||||
enableVerity "device/zuk/z2_plus";
|
||||
enableAVB "device/fairphone/FP3";
|
||||
enableAVB "device/fxtec/pro1";
|
||||
enableAVB "device/google/blueline";
|
||||
enableAVB "device/google/bonito";
|
||||
enableAVB "device/google/bramble";
|
||||
enableAVB "device/google/coral";
|
||||
enableAVB "device/google/crosshatch";
|
||||
enableAVB "device/google/flame";
|
||||
enableAVB "device/google/muskie";
|
||||
enableAVB "device/google/redbull";
|
||||
enableAVB "device/google/redfin";
|
||||
enableAVB "device/google/sargo";
|
||||
enableAVB "device/google/sunfish";
|
||||
enableAVB "device/google/taimen";
|
||||
enableAVB "device/google/wahoo";
|
||||
enableAVB "device/google/walleye";
|
||||
enableAVB "device/oneplus/avicii";
|
||||
enableAVB "device/oneplus/enchilada";
|
||||
enableAVB "device/oneplus/fajita";
|
||||
enableAVB "device/oneplus/guacamole";
|
||||
enableAVB "device/oneplus/guacamoleb";
|
||||
enableAVB "device/oneplus/hotdog";
|
||||
enableAVB "device/oneplus/hotdogb";
|
||||
enableAVB "device/oneplus/sdm845-common";
|
||||
enableAVB "device/oneplus/sm8150-common";
|
||||
enableAVB "device/razer/aura";
|
||||
enableAVB "device/xiaomi/alioth";
|
||||
enableAVB "device/xiaomi/beryllium";
|
||||
enableAVB "device/xiaomi/davinci";
|
||||
enableAVB "device/xiaomi/lmi";
|
||||
enableAVB "device/xiaomi/raphael";
|
||||
enableAVB "device/xiaomi/sdm845-common";
|
||||
enableAVB "device/xiaomi/sm6150-common";
|
||||
enableAVB "device/xiaomi/sm8150-common";
|
||||
enableAVB "device/xiaomi/sm8250-common";
|
||||
enableAVB "device/xiaomi/vayu";
|
||||
|
||||
#Kernel Changes
|
||||
sed -i 's/slotselect/slotselect,verify/' kernel/essential/msm8998/arch/arm64/boot/dts/essential/msm8998-mata-lineage.dtsi &>/dev/null || true; #/vendor
|
||||
sed -i 's/wait/wait,verify/g' kernel/htc/flounder/arch/arm64/boot/dts/tegra132.dtsi &>/dev/null || true; #/system
|
||||
sed -i 's/wait/wait,verify/g' kernel/moto/shamu/arch/arm/boot/dts/qcom/apq8084.dtsi &>/dev/null || true; #/system
|
||||
sed -i 's/wait/wait,verify/g' kernel/oneplus/msm8996/arch/arm/boot/dts/qcom/15801/msm8996-mtp.dtsi &>/dev/null || true; #/system
|
||||
sed -i 's/wait/wait,verify/g' kernel/oneplus/msm8998/arch/arm/boot/dts/qcom/cheeseburger.dtsi &>/dev/null || true; #/system and /vendor
|
||||
sed -i 's/wait/wait,verify/g' kernel/oneplus/msm8998/arch/arm/boot/dts/qcom/dumpling.dtsi &>/dev/null || true; #/system and /vendor
|
||||
sed -i 's/wait/wait,verify/g' kernel/zuk/msm8996/arch/arm/boot/dts/qcom/zuk/common.dtsi &>/dev/null || true; #/system and /vendor
|
||||
#not used
|
||||
#sed -i 's/wait/wait,verify/g' kernel/cyanogen/msm8916/arch/arm/boot/dts/qcom/msm8916.dtsi &>/dev/null || true; #/system
|
||||
#sed -i 's/wait/wait,verify/g' kernel/cyanogen/msm8974/arch/arm/boot/dts/msm8974.dtsi &>/dev/null || true; #/system
|
||||
#sed -i 's/wait/wait,verify/g' kernel/fairphone/msm8974/arch/arm/boot/dts/msm8974.dtsi &>/dev/null || true; #/system
|
||||
#sed -i 's/wait/wait,verify/g' kernel/google/yellowstone/arm/boot/dts/tegra124-yellowstone.dts &>/dev/null || true; #/system
|
||||
#sed -i 's/wait/wait,verify/g' kernel/htc/msm8974/arch/arm/boot/dts/msm8974.dtsi &>/dev/null || true; #/system
|
||||
#sed -i 's/wait/wait,verify/g' kernel/htc/msm8994/arch/arm/boot/dts/qcom/msm8994.dtsi &>/dev/null || true; #/system
|
||||
#sed -i 's/wait/wait,verify/g' kernel/lge/g3/arch/arm/boot/dts/msm8974.dtsi &>/dev/null || true; #/system
|
||||
#sed -i 's/wait/wait,verify/g' kernel/lge/hammerhead/arm/boot/dts/msm8974-hammerhead/msm8974-hammerhead.dtsi &>/dev/null || true; #/system
|
||||
#sed -i 's/wait/wait,verify/g' kernel/lge/msm8974/arch/arm/boot/dts/msm8974.dtsi &>/dev/null || true; #/system
|
||||
#sed -i 's/wait/wait,verify/g' kernel/lge/msm8996/arch/arm/boot/dts/qcom/msm8996.dtsi &>/dev/null || true; #/system and /vendor
|
||||
#sed -i 's/wait/wait,verify/g' kernel/motorola/msm8974/arch/arm/boot/dts/msm8974.dtsi &>/dev/null || true; #/system
|
||||
#sed -i 's/wait/wait,verify/g' kernel/nextbit/ether/arch/arm/boot/dts/qcom/msm8992.dtsi &>/dev/null || true; #/system
|
||||
#sed -i 's/wait/wait,verify/g' kernel/oneplus/msm8974/arch/arm/boot/dts/msm8974.dtsi &>/dev/null || true; #/system
|
||||
#sed -i 's/wait/wait,verify/g' kernel/oneplus/msm8994/arch/arm/boot/dts/qcom/msm8994.dtsi &>/dev/null || true; #/system
|
||||
#sed -i 's/wait/wait,verify/g' kernel/oppo/msm8974/arch/arm/boot/dts/msm8974.dtsi &>/dev/null || true; #/system
|
||||
#sed -i 's/wait/wait,verify/g' kernel/samsung/msm8974/arch/arm/boot/dts/msm8974.dtsi &>/dev/null || true; #/system
|
||||
#sed -i 's/wait/wait,verify/g' kernel/xiaomi/msm8937/arm64/boot/dts/xiaomi/common/msm8937.dtsi &>/dev/null || true; #/system and /vendor
|
||||
#sed -i 's/wait/wait,verify/g' kernel/zte/msm8996/arch/arm/boot/dts/qcom/msm8996.dtsi &>/dev/null || true; #/system and /vendor
|
||||
#sed -i 's/wait/wait,verify/g' kernel/zte/msm8996/arch/arm/boot/dts/qcom/zte-msm8996-v3-pmi8996-ailsa_ii.dtsi &>/dev/null || true; #/system and /vendor
|
||||
|
||||
|
||||
sed -i 's/^\treturn VERITY_STATE_DISABLE;//' kernel/*/*/drivers/md/dm-android-verity.c &>/dev/null || true;
|
||||
#sed -i 's/#if 0/#if 1/' kernel/*/*/drivers/power/reset/msm-poweroff.c &>/dev/null || true; #TODO: needs refinement
|
||||
|
||||
cd "$DOS_BUILD_BASE";
|
||||
echo -e "\e[0;32m[SCRIPT COMPLETE] Verity enablement complete\e[0m";
|
||||
|
|
@ -378,13 +378,6 @@ addVerity() {
|
|||
}
|
||||
export -f addVerity;
|
||||
|
||||
enableVerity() {
|
||||
sed -i 's/--set_hashtree_disabled_flag//' *.mk;
|
||||
sed -i 's/AVB_MAKE_VBMETA_IMAGE_ARGS += --flags 3/AVB_MAKE_VBMETA_IMAGE_ARGS += --flags 2/' *.mk;
|
||||
sed -i '/\/system/{/verify/!s|wait|wait,verify|}' fstab.* root/fstab.* rootdir/fstab.* rootdir/*/fstab.* &>/dev/null || true;
|
||||
}
|
||||
export -f enableVerity;
|
||||
|
||||
optimizeImagesRecursive() {
|
||||
find "$1" -type f -name "*.jp*g" -print0 | xargs -0 -n1 -P 16 jpegoptim;
|
||||
find "$1" -type f -name "*.png" -print0 | xargs -0 -n1 -P 16 optipng;
|
||||
|
|
|
|||
|
|
@ -20,10 +20,6 @@ source "$DOS_SCRIPTS_COMMON/Shell.sh";
|
|||
|
||||
echo "Post tweaks...";
|
||||
|
||||
#Resurrect dm-verity
|
||||
sed -i 's/^\treturn VERITY_STATE_DISABLE;//' kernel/*/*/drivers/md/dm-android-verity.c &>/dev/null || true;
|
||||
#sed -i 's/#if 0/#if 1/' kernel/*/*/drivers/power/reset/msm-poweroff.c &>/dev/null || true;
|
||||
|
||||
#Workaround broken MSM_DLOAD_MODE=y+PANIC_ON_OOPS=y for devices that oops on shutdown
|
||||
#MSM_DLOAD_MODE can't be disabled as it breaks compile
|
||||
sed -i 's/set_dload_mode(in_panic)/set_dload_mode(0)/' kernel/*/*/arch/arm/mach-msm/restart.c &>/dev/null || true;
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue