On 08/06/2019 00:31, Jaskaran Khurana wrote: > This patch set adds in-kernel pkcs7 signature checking for the roothash of > the dm-verity hash tree. > The verification is to support cases where the roothash is not secured by > Trusted Boot, UEFI Secureboot or similar technologies. ... > drivers/md/Kconfig | 23 ++++++ > drivers/md/Makefile | 2 +- > drivers/md/dm-verity-target.c | 34 +++++++- > drivers/md/dm-verity-verify-sig.c | 132 ++++++++++++++++++++++++++++++ > drivers/md/dm-verity-verify-sig.h | 30 +++++++ Please could you also modify Documentation/device-mapper/verity.txt and describe the new table parameter? It would be also nice to have a reference example how to configure it, including how to create the signature file. Milan -- dm-devel mailing list dm-devel@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/dm-devel
