On Sat, 17 Sep 2022, Pra.. Dew.. wrote: > > We have a scenario for a VM where a VM is running in the host Linux > using KVM. We want to expose verity protected rootfs to the VM. This > rootfs clearly needs to be RO. However, we also want to expose it as a > GPT partition. In order to do this we are attaching two small files > before and after the rootfs. The files use linear mapping and get mapped > to the same /dev/mapper/XX device that has a verity partition. These two > files contain the partition mappings (primary and backup) for GPT. From > the VMs perspective, it sees one device (/dev/mapper/xx) as a GPT device > with rootfs. > > The challenge we are getting into is that dm-verity kernel > implementation explicitly prohibits mixing linear and verity mapping and > forces the /dev/mapper/xx device to be RO and our needs are exactly the > opposite. > > Has anyone seen this scenario before? Any suggestions? > > Thanks Hi I think that you can create dm-verity target, put dm-linear on the top of it and insert that dm-linear into the table with the other two dm-linear targets. Would it work this way? Mikulas -- dm-devel mailing list dm-devel@xxxxxxxxxx https://listman.redhat.com/mailman/listinfo/dm-devel
