Hi,
I am trying to implement DM-Verity for the rootfs. However, I am not sure what the scope of DM Verity. I can see that given a root/sudo user, I can unload the verity target, write to rootfs and format and load it again, is it possible that this is normal that can be carried out using rootkits or any privileged app?
Also, how can DM-Verity ensure that the system boots to correct rootfs if rootfs was changed after an OTA?
Please help me to understand the actual scope of DM Verity
Thanks,
AP
_______________________________________________ dm-crypt mailing list -- dm-crypt@xxxxxxxx To unsubscribe send an email to dm-crypt-leave@xxxxxxxx
