[RFC PATCH v4 1/1] Add dm verity root hash pkcs7 sig validation.
Milan Broz
gmazyland at gmail.com
Mon Jun 17 13:31:21 UTC 2019
On 13/06/2019 03:06, Jaskaran Khurana wrote:
...
> Adds DM_VERITY_VERIFY_ROOTHASH_SIG_FORCE: roothash signature *must* be
> specified for all dm verity volumes and verification must succeed prior
> to creation of device mapper block device.
I had a quick discussion about this and one suggestion was
to add dm-verity kernel module parameter instead of a new config option.
The idea is that if you can control kernel boot commandline, you can add it
there with the same effect (expecting that root device is on dm-verity as well).
Isn't this better option or it is not going to work for you?
Milan
More information about the Linux-security-module-archive
mailing list