[OpenWrt-Devel] [PATCH 00/11] Proposal for dm-verity support

[Thomas Petazzoni]

Hello Hauke,

On Mon, 25 Mar 2019 23:13:17 +0100
Hauke Mehrtens <hauke at hauke-m.de> wrote:

> Using some boot arguments sounds like a good solution, but I am not an
> expert on the file system handling.

OK, thanks. Do you know who would be the appropriate person to discuss
this ?

> The default has to be the current
> behavior, because we do not have control over all boot loaders, I assume
> that people who need this special behavior have control over their boot
> loader.

Yes of course the default would be to preserve the current behavior.

> Do you know if it is possible to support dm-verify also for the overlay
> file system?

dm-verity by essence only supports read-only accesses. dm-verity
generates a tree of hashes at "build" time, i.e with "veritysetup
format" and at runtime, dm-verity checks that the hash of the blocks
being read matches the hash stored in the hash tree. So the data blocks
cannot be changed: any change in a data block will cause a hash
mismatch, which results in an I/O error: it's exactly what dm-verity
wants to detect, that the data has been tampered with.

> > As I replied to your review on patch 08/11, the 5.1 kernel will have
> > support for setting up DM devices on the kernel command line, it has
> > been merged upstream.  
> 
> It would be nice if you could backport the upstream version to kernel
> 4.14 and 4.19, you do not have to care about the old kernels, when we
> move to the next LTS kernel we can just remove the patches.

OK, I'll see if the upstream version is reasonable enough to be
backported.

Best regards,

Thomas
-- 
Thomas Petazzoni, CTO, Bootlin
Embedded Linux and Kernel engineering
https://bootlin.com

_______________________________________________
openwrt-devel mailing list
openwrt-devel at lists.openwrt.org
https://lists.openwrt.org/mailman/listinfo/openwrt-devel