[Buildroot] [PATCH 1/1] Allow users to specifiy a hash file to verify custom linux kernels and custom kernel headers

Ian Merin Ian.Merin at entrust.com
Fri Jun 11 17:20:52 UTC 2021 

>From 9873437ad7b4f4e95f970e843a7ed908603c25d7 Mon Sep 17 00:00:00 2001
From: Ian Merin <Ian.Merin at nCipher.com>
Date: Fri, 11 Jun 2021 13:02:18 -0400
Subject: [PATCH 1/1] Allow users to specifiy a hash file to verify custom
 linux kernels and custom kernel headers

linux/Config.in: add linux_kernel_custom_hash options
linux/linux.mk: add ability to override hash file
package/linux-headers/Config.in.host: add kernel_headers_custom_hash options
package/linux-headers/linux-headers.mk: add ability to override hash file
package/pkg-generic.mk: don't use default hash file if it is already set

Signed-off-by: Ian Merin <Ian.Merin at nCipher.com>
Signed-off-by: Ian Merin <Ian.Merin at entrust.com>
---
 linux/Config.in                        | 12 ++++++++++++
 linux/linux.mk                         |  4 ++++
 package/linux-headers/Config.in.host   | 12 ++++++++++++
 package/linux-headers/linux-headers.mk | 18 ++++++++++++++++++
 package/pkg-generic.mk                 | 17 +++++++++++------
 5 files changed, 57 insertions(+), 6 deletions(-)

diff --git a/linux/Config.in b/linux/Config.in
index c893c8dc82..8955c1994b 100644
--- a/linux/Config.in
+++ b/linux/Config.in
@@ -123,6 +123,18 @@ config BR2_LINUX_KERNEL_CUSTOM_REPO_VERSION
 
 endif
 
+config BR2_LINUX_KERNEL_CUSTOM_HASH
+	bool "Enable checking of custom hash file for linux kernel"
+	default n
+	depends on !BR2_LINUX_KERNEL_LATEST_VERSION && \
+		   !BR2_LINUX_KERNEL_LATEST_CIP_VERSION && !BR2_LINUX_KERNEL_LATEST_CIP_RT_VERSION
+	help
+	  This option allows to specify a file containing hashes for your kernel version if using a non default kernel version
+
+config BR2_LINUX_KERNEL_CUSTOM_HASH_FILE
+	string "path of custom linux.hash file"
+	depends on BR2_LINUX_KERNEL_CUSTOM_HASH
+
 config BR2_LINUX_KERNEL_VERSION
 	string
 	default "5.12.4" if BR2_LINUX_KERNEL_LATEST_VERSION
diff --git a/linux/linux.mk b/linux/linux.mk
index 1457228eb9..203d46a93b 100644
--- a/linux/linux.mk
+++ b/linux/linux.mk
@@ -54,8 +54,12 @@ endif
 endif
 
 ifeq ($(BR2_LINUX_KERNEL)$(BR2_LINUX_KERNEL_LATEST_VERSION),y)
+ifeq ($(BR2_LINUX_KERNEL_CUSTOM_HASH),y)
+LINUX_HASH_FILE = $(call qstrip,$(BR2_LINUX_KERNEL_CUSTOM_HASH_FILE))
+else
 BR_NO_CHECK_HASH_FOR += $(LINUX_SOURCE)
 endif
+endif
 
 LINUX_PATCHES = $(call qstrip,$(BR2_LINUX_KERNEL_PATCH))
 
diff --git a/package/linux-headers/Config.in.host b/package/linux-headers/Config.in.host
index b68567deeb..991bdc957a 100644
--- a/package/linux-headers/Config.in.host
+++ b/package/linux-headers/Config.in.host
@@ -97,6 +97,18 @@ config BR2_KERNEL_HEADERS_CUSTOM_GIT
 
 endchoice
 
+config BR2_KERNEL_HEADERS_CUSTOM_HASH
+	bool "Custom hash"
+	default n
+	depends on BR2_KERNEL_HEADERS_AS_KERNEL || BR2_KERNEL_HEADERS_VERSION || \
+		   BR2_KERNEL_HEADERS_CUSTOM_TARBALL || BR2_KERNEL_HEADERS_CUSTOM_GIT
+		help
+		  This option allows to specify a file containing hashes for your kernel version
+
+config BR2_KERNEL_HEADERS_CUSTOM_HASH_FILE
+	string "path of custom linux.hash file"
+	depends on BR2_KERNEL_HEADERS_CUSTOM_HASH
+
 # Select this for the latest kernel headers version (for license hashes)
 config BR2_KERNEL_HEADERS_LATEST
 	bool
diff --git a/package/linux-headers/linux-headers.mk b/package/linux-headers/linux-headers.mk
index a8d1c2ccaf..9d216922c3 100644
--- a/package/linux-headers/linux-headers.mk
+++ b/package/linux-headers/linux-headers.mk
@@ -10,6 +10,15 @@
 # Set variables depending on whether we are using headers from a kernel
 # build or a standalone header package.
 ifeq ($(BR2_KERNEL_HEADERS_AS_KERNEL),y)
+LINUX_HEADERS_CUSTOM_HASH = $(BR2_LINUX_KERNEL_CUSTOM_HASH)
+LINUX_HEADERS_CUSTOM_HASH_FILE = $(call qstrip,$(BR2_LINUX_KERNEL_CUSTOM_HASH_FILE))
+# Are we using a custom kernel version?
+ifeq ($(BR2_LINUX_KERNEL)$(BR2_LINUX_KERNEL_LATEST_VERSION),y)
+# Use the custom hash file, if provided
+ifeq ($(BR2_LINUX_KERNEL_CUSTOM_HASH),y)
+LINUX_HEADERS_HASH_FILE = $(LINUX_HEADERS_CUSTOM_HASH_FILE)
+endif # BR2_LINUX_KERNEL_CUSTOM_HASH
+endif # BR2_LINUX_KERNEL, BR2_LINUX_KERNEL_LATEST_VERSION
 LINUX_HEADERS_CUSTOM_TARBALL = $(call qstrip,$(BR2_LINUX_KERNEL_CUSTOM_TARBALL))
 LINUX_HEADERS_CUSTOM_GIT = $(call qstrip,$(BR2_LINUX_KERNEL_CUSTOM_GIT))
 LINUX_HEADERS_CUSTOM_HG = $(call qstrip,$(BR2_LINUX_KERNEL_CUSTOM_HG))
@@ -23,6 +32,8 @@ $(error LINUX_HEADERS_OVERRIDE_SRCDIR must not be set when BR2_KERNEL_HEADERS_AS
 endif
 LINUX_HEADERS_OVERRIDE_SRCDIR = $(LINUX_OVERRIDE_SRCDIR)
 else # ! BR2_KERNEL_HEADERS_AS_KERNEL
+LINUX_HEADERS_CUSTOM_HASH = $(BR2_KERNEL_HEADERS_CUSTOM_HASH)
+LINUX_HEADERS_CUSTOM_HASH_FILE = $(call qstrip,$(BR2_KERNEL_HEADERS_CUSTOM_HASH_FILE))
 LINUX_HEADERS_CUSTOM_TARBALL = $(call qstrip,$(BR2_KERNEL_HEADERS_CUSTOM_TARBALL))
 LINUX_HEADERS_CUSTOM_GIT = $(call qstrip,$(BR2_KERNEL_HEADERS_CUSTOM_GIT))
 LINUX_HEADERS_CUSTOM_HG =
@@ -91,10 +102,17 @@ endef
 LINUX_HEADERS_POST_PATCH_HOOKS += LINUX_HEADERS_APPLY_LOCAL_PATCHES
 endif # BR2_KERNEL_HEADERS_AS_KERNEL
 
+
+
 # Skip hash checking for custom kernel headers.
 ifeq ($(BR2_KERNEL_HEADERS_VERSION)$(BR2_KERNEL_HEADERS_CUSTOM_TARBALL)$(BR2_KERNEL_HEADERS_CUSTOM_GIT),y)
+# Unless the user has specified an external hash file
+ifeq ($(LINUX_HEADERS_CUSTOM_HASH),y)
+LINUX_HEADERS_HASH_FILE = LINUX_HEADERS_CUSTOM_HASH_FILE
+else
 BR_NO_CHECK_HASH_FOR += $(LINUX_HEADERS_SOURCE)
 endif
+endif
 
 # linux-headers really is the same as the linux package
 LINUX_HEADERS_DL_SUBDIR = linux
diff --git a/package/pkg-generic.mk b/package/pkg-generic.mk
index 9fbc63d19e..5d5b479fcf 100644
--- a/package/pkg-generic.mk
+++ b/package/pkg-generic.mk
@@ -474,12 +474,17 @@ else
  $(2)_DL_VERSION := $$(strip $$($(2)_VERSION))
 endif
 $(2)_VERSION := $$(call sanitize,$$($(2)_DL_VERSION))
-
-$(2)_HASH_FILE = \
-	$$(strip \
-		$$(if $$(wildcard $$($(2)_PKGDIR)/$$($(2)_VERSION)/$$($(2)_RAWNAME).hash),\
-			$$($(2)_PKGDIR)/$$($(2)_VERSION)/$$($(2)_RAWNAME).hash,\
-			$$($(2)_PKGDIR)/$$($(2)_RAWNAME).hash))
+ifndef $(2)_HASH_FILE
+	ifdef $(3)_HASH_FILE
+		$(2)_HASH_FILE = $$($(3)_HASH_FILE)
+	else
+		$(2)_HASH_FILE = \
+			$$(strip \
+				$$(if $$(wildcard $$($(2)_PKGDIR)/$$($(2)_VERSION)/$$($(2)_RAWNAME).hash),\
+					$$($(2)_PKGDIR)/$$($(2)_VERSION)/$$($(2)_RAWNAME).hash,\
+					$$($(2)_PKGDIR)/$$($(2)_RAWNAME).hash))
+	endif
+endif
 
 ifdef $(3)_OVERRIDE_SRCDIR
   $(2)_OVERRIDE_SRCDIR ?= $$($(3)_OVERRIDE_SRCDIR)
-- 
2.17.1

More information about the buildroot mailing list