From: Paul Gortmaker <paul.gortma...@windriver.com> This second series continues in the same general theme of making it easier to use dm-verity within the Yocto/OE framework by adding a worked example that can boot on x86-64 in QEMU and on physical hardware.
A couple small clarifications to exisitng files are also added. Based on my reading, I believe there are still two things that would be nice to support if time permits. They are somewhat intertwined. Firstly, the dm-verity basically has two places to store the hash data - at the end of the filesystem data in an "oversized" partition, or in a completely separate partition/device. Our current support is hardwired to the append single partition support. Secondly, we currently call veritysetup from within the initramfs with all the parameters (hash size, location etc.) - which was sensible for a sysV init based system. However my reading seems to indicate that recent systemd supports direct enablement of dm-verity device(s) from either boot arguments or autodetection via GPT UUIDs assigned to dm-verity (and dm-verity-hash). Meaning (in theory) we should not need to be manually calling veritysetup in a systemd initramfs at all. So we'll see how that goes. Might lead to another wks.in example? --- Paul Gortmaker (4): dm-verity: ensure people don't ignore the DISTRO_FEATURES warning dm-verity: don't make read-only-rootfs sound like a requirement dm-verity: document the meta-intel dependency in the systemd example dm-verity: add x86-64 systemd based example instructions docs/dm-verity-systemd-x86-64.txt | 77 ++++++++++++++++++++++++++++ docs/dm-verity.txt | 13 ++++- wic/systemd-bootdisk-dmverity.wks.in | 1 + 3 files changed, 89 insertions(+), 2 deletions(-) create mode 100644 docs/dm-verity-systemd-x86-64.txt -- 2.40.0
-=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#59974): https://lists.yoctoproject.org/g/yocto/message/59974 Mute This Topic: https://lists.yoctoproject.org/mt/98808914/21656 Group Owner: yocto+ow...@lists.yoctoproject.org Unsubscribe: https://lists.yoctoproject.org/g/yocto/unsub [arch...@mail-archive.com] -=-=-=-=-=-=-=-=-=-=-=-
