Re: [dm-devel] [PATCH v7 0/3] LoadPin: Enable loading from trusted dm-verity devices
On Mon, 27 Jun 2022 08:35:23 -0700, Matthias Kaehlcke wrote: > As of now LoadPin restricts loading of kernel files to a single pinned > filesystem, typically the rootfs. This works for many systems, however it > can result in a bloated rootfs (and OTA updates) on platforms where > multiple boards with different hardware configurations use the same rootfs > image. Especially when 'optional' files are large it may be preferable to > download/install them only when they are actually needed by a given board. > Chrome OS uses Downloadable Content (DLC) [1] to deploy certain 'packages' > at runtime. As an example a DLC package could contain firmware for a > peripheral that is not present on all boards. DLCs use dm-verity [2] to > verify the integrity of the DLC content. > > [...] Applied to for-next/hardening, thanks! [1/3] dm: Add verity helpers for LoadPin https://git.kernel.org/kees/c/b6c1c5745ccc [2/3] LoadPin: Enable loading from trusted dm-verity devices https://git.kernel.org/kees/c/3f805f8cc23b [3/3] dm: verity-loadpin: Use CONFIG_SECURITY_LOADPIN_VERITY for conditional compilation https://git.kernel.org/kees/c/231af4709018 -- Kees Cook -- dm-devel mailing list dm-devel@redhat.com https://listman.redhat.com/mailman/listinfo/dm-devel
Re: [dm-devel] Regarding dm-clone on RHEL+OEL
Hi Roger, Yes, seems like it is not supported on my box grep -i clone /boot/config-5.4.17-2011.7.4.el8uek.x86_64 # CONFIG_DM_CLONE is not set Seems like this is not supported. Thanks & Regards, Uday Kiran From: Roger Heflin Date: Friday, July 8, 2022 at 7:52 AM To: Uday Jonnala Cc: dm-devel@redhat.com Subject: Re: [dm-devel] Regarding dm-clone on RHEL+OEL You probably have to inquire with the vendor support who supplied the kernel, but checking on a UEK kernel I have of that major version I see this (mine is el7 not el8, but I suspect the both UEK kernels are basically identical). grep -i clone /boot/config-5.4.17-2102.203.6.el7uek.x86_64 # CONFIG_DM_CLONE is not set So it was not configured/compiled into my kernel and likely not yours. And dm-clone appears to have initially been added in 5.4 from what I can tell so I have zero clue how stable/functional it was in that version even if it was enabled. On Fri, Jul 8, 2022 at 9:38 AM Uday Jonnala wrote: > > Hi Team, > > > > Looking to see if dm-clone is supported in RHEL based OEL (Oracle Enterprise > Licence) > > 5.4.17-2136.308.9.el8uek.x86_64 : Kernel Version (OEL RHEL 8 based) > > > > Which RHEL version has dm-clone checkedin ? > > We are getting following error on clone > > device-mapper: reload ioctl on clone (252:3) failed: Invalid argument > > > > Thanks & Regards, > > Uday Kiran > > > > -- > dm-devel mailing list > dm-devel@redhat.com > https://listman.redhat.com/mailman/listinfo/dm-devel -- dm-devel mailing list dm-devel@redhat.com https://listman.redhat.com/mailman/listinfo/dm-devel
Re: [dm-devel] Regarding dm-clone on RHEL+OEL
You probably have to inquire with the vendor support who supplied the kernel, but checking on a UEK kernel I have of that major version I see this (mine is el7 not el8, but I suspect the both UEK kernels are basically identical). grep -i clone /boot/config-5.4.17-2102.203.6.el7uek.x86_64 # CONFIG_DM_CLONE is not set So it was not configured/compiled into my kernel and likely not yours. And dm-clone appears to have initially been added in 5.4 from what I can tell so I have zero clue how stable/functional it was in that version even if it was enabled. On Fri, Jul 8, 2022 at 9:38 AM Uday Jonnala wrote: > > Hi Team, > > > > Looking to see if dm-clone is supported in RHEL based OEL (Oracle Enterprise > Licence) > > 5.4.17-2136.308.9.el8uek.x86_64 : Kernel Version (OEL RHEL 8 based) > > > > Which RHEL version has dm-clone checkedin ? > > We are getting following error on clone > > device-mapper: reload ioctl on clone (252:3) failed: Invalid argument > > > > Thanks & Regards, > > Uday Kiran > > > > -- > dm-devel mailing list > dm-devel@redhat.com > https://listman.redhat.com/mailman/listinfo/dm-devel -- dm-devel mailing list dm-devel@redhat.com https://listman.redhat.com/mailman/listinfo/dm-devel
[dm-devel] Regarding dm-clone on RHEL+OEL
Hi Team, Looking to see if dm-clone is supported in RHEL based OEL (Oracle Enterprise Licence) 5.4.17-2136.308.9.el8uek.x86_64 : Kernel Version (OEL RHEL 8 based) Which RHEL version has dm-clone checkedin ? We are getting following error on clone device-mapper: reload ioctl on clone (252:3) failed: Invalid argument Thanks & Regards, Uday Kiran -- dm-devel mailing list dm-devel@redhat.com https://listman.redhat.com/mailman/listinfo/dm-devel
