We have a scenario for a VM where a VM is running in the host Linux using KVM. We want to expose verity protected rootfs to the VM. This rootfs clearly needs to be RO. However, we also want to expose it as a GPT partition. In order to do this we are attaching two small files before and after the rootfs. The files use linear mapping and get mapped to the same /dev/mapper/XX device that has a verity partition. These two files contain the partition mappings (primary and backup) for GPT. From the VMs perspective, it sees one device (/dev/mapper/xx) as a GPT device with rootfs. The challenge we are getting into is that dm-verity kernel implementation explicitly prohibits mixing linear and verity mapping and forces the /dev/mapper/xx device to be RO and our needs are exactly the opposite. Has anyone seen this scenario before? Any suggestions? Thanks Sent from Mail for Windows |
-- dm-devel mailing list dm-devel@xxxxxxxxxx https://listman.redhat.com/mailman/listinfo/dm-devel