pon., 13 kwi 2020 o 12:58 Ayoub Zaki <ayoub.z...@embexus.com> napisaĆ(a): > > > basically this class generate a dm-verity hash that needs to be injected > inside the initramfs...it's a bit hacky. > > wouldn't be signing the hash, include the verifiication public key in > initramfs more portable ? >
Sorry, but I don't see how this is a better solution. You then have to store two things somewhere: the hash and its signature. If the fitImage is already signed - there's no reason to have a second signature for the hash: it already comes from a trusted source. This would also inflate the size of the initramfs - not only would it need to include the cryptsetup tools but also additional tools for signature verification. Bart
-=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#83902): https://lists.openembedded.org/g/openembedded-devel/message/83902 Mute This Topic: https://lists.openembedded.org/mt/72920041/21656 Group Owner: openembedded-devel+ow...@lists.openembedded.org Unsubscribe: https://lists.openembedded.org/g/openembedded-devel/unsub [arch...@mail-archive.com] -=-=-=-=-=-=-=-=-=-=-=-
