[OpenWrt-Devel] [PATCH 00/11] Proposal for dm-verity support

Thomas Petazzoni thomas.petazzoni at bootlin.com
Tue Mar 26 03:00:09 EDT 2019

Hello Hauke,

On Mon, 25 Mar 2019 23:13:17 +0100
Hauke Mehrtens <hauke at hauke-m.de> wrote:

> Using some boot arguments sounds like a good solution, but I am not an
> expert on the file system handling.

OK, thanks. Do you know who would be the appropriate person to discuss
this ?

> The default has to be the current
> behavior, because we do not have control over all boot loaders, I assume
> that people who need this special behavior have control over their boot
> loader.

Yes of course the default would be to preserve the current behavior.

> Do you know if it is possible to support dm-verify also for the overlay
> file system?

dm-verity by essence only supports read-only accesses. dm-verity
generates a tree of hashes at "build" time, i.e with "veritysetup
format" and at runtime, dm-verity checks that the hash of the blocks
being read matches the hash stored in the hash tree. So the data blocks
cannot be changed: any change in a data block will cause a hash
mismatch, which results in an I/O error: it's exactly what dm-verity
wants to detect, that the data has been tampered with.

> > As I replied to your review on patch 08/11, the 5.1 kernel will have
> > support for setting up DM devices on the kernel command line, it has
> > been merged upstream.  
> It would be nice if you could backport the upstream version to kernel
> 4.14 and 4.19, you do not have to care about the old kernels, when we
> move to the next LTS kernel we can just remove the patches.

OK, I'll see if the upstream version is reasonable enough to be

Best regards,

Thomas Petazzoni, CTO, Bootlin
Embedded Linux and Kernel engineering

openwrt-devel mailing list
openwrt-devel at lists.openwrt.org

More information about the openwrt-devel mailing list