| Message ID | 20230510150442.2427548-1-paul.gortmaker@windriver.com |
|---|---|
| Headers | show |
| Series | dm-verity: add instructions for systemd x86-64 | expand |
On 5/10/23 11:04 AM, paul.gortmaker@windriver.com wrote: > From: Paul Gortmaker <paul.gortmaker@windriver.com> > > This second series continues in the same general theme of making it > easier to use dm-verity within the Yocto/OE framework by adding a worked > example that can boot on x86-64 in QEMU and on physical hardware. > > A couple small clarifications to exisitng files are also added. > > Based on my reading, I believe there are still two things that would be > nice to support if time permits. They are somewhat intertwined. > > Firstly, the dm-verity basically has two places to store the hash data - > at the end of the filesystem data in an "oversized" partition, or in a > completely separate partition/device. Our current support is hardwired > to the append single partition support. > > Secondly, we currently call veritysetup from within the initramfs with > all the parameters (hash size, location etc.) - which was sensible for > a sysV init based system. However my reading seems to indicate that > recent systemd supports direct enablement of dm-verity device(s) from > either boot arguments or autodetection via GPT UUIDs assigned to > dm-verity (and dm-verity-hash). Meaning (in theory) we should not > need to be manually calling veritysetup in a systemd initramfs at all. > > So we'll see how that goes. Might lead to another wks.in example? Merged thanks > --- > > Paul Gortmaker (4): > dm-verity: ensure people don't ignore the DISTRO_FEATURES warning > dm-verity: don't make read-only-rootfs sound like a requirement > dm-verity: document the meta-intel dependency in the systemd example > dm-verity: add x86-64 systemd based example instructions > > docs/dm-verity-systemd-x86-64.txt | 77 ++++++++++++++++++++++++++++ > docs/dm-verity.txt | 13 ++++- > wic/systemd-bootdisk-dmverity.wks.in | 1 + > 3 files changed, 89 insertions(+), 2 deletions(-) > create mode 100644 docs/dm-verity-systemd-x86-64.txt >
From: Paul Gortmaker <paul.gortmaker@windriver.com> This second series continues in the same general theme of making it easier to use dm-verity within the Yocto/OE framework by adding a worked example that can boot on x86-64 in QEMU and on physical hardware. A couple small clarifications to exisitng files are also added. Based on my reading, I believe there are still two things that would be nice to support if time permits. They are somewhat intertwined. Firstly, the dm-verity basically has two places to store the hash data - at the end of the filesystem data in an "oversized" partition, or in a completely separate partition/device. Our current support is hardwired to the append single partition support. Secondly, we currently call veritysetup from within the initramfs with all the parameters (hash size, location etc.) - which was sensible for a sysV init based system. However my reading seems to indicate that recent systemd supports direct enablement of dm-verity device(s) from either boot arguments or autodetection via GPT UUIDs assigned to dm-verity (and dm-verity-hash). Meaning (in theory) we should not need to be manually calling veritysetup in a systemd initramfs at all. So we'll see how that goes. Might lead to another wks.in example? --- Paul Gortmaker (4): dm-verity: ensure people don't ignore the DISTRO_FEATURES warning dm-verity: don't make read-only-rootfs sound like a requirement dm-verity: document the meta-intel dependency in the systemd example dm-verity: add x86-64 systemd based example instructions docs/dm-verity-systemd-x86-64.txt | 77 ++++++++++++++++++++++++++++ docs/dm-verity.txt | 13 ++++- wic/systemd-bootdisk-dmverity.wks.in | 1 + 3 files changed, 89 insertions(+), 2 deletions(-) create mode 100644 docs/dm-verity-systemd-x86-64.txt