Re: [PATCH] dm verity: fallback to platform keyring also if key in trusted keyring is rejected

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Wed, Sep 25, 2024 at 12:05:59PM +0300, Jarkko Sakkinen wrote:
> On Wed Sep 25, 2024 at 11:03 AM EEST, Milan Broz wrote:
> > >> Doesn't dm-verity have a maintainer?
> >
> > (This reminds me of a nice comment from Neil about "little walled
> > gardens" between MD & DM.  Apparently it applies to other subsystems
> > as well. Sorry, I couldn't resist to mention it :-)
> 
> Np, it's just that last and only time I've ever read anything about
> dm-verity was 2011 article :-)
> 
> I will rephrase question: does dm-verity have a user? ;-)

It gets used for integrity guarantees in certain containers, where
the layers of tarballs are replaced by layers of squashfs, with the
dmverity root hash for each layer listed in the signed manifest, e.g.

github.com/project-stacker/stacker
github.com/project-machine/atomfs

This is used of course to verify container integrity, and also gets used by
some projects and products to create an RFS from such images during initrd

github.com/project-machine/mos

-serge




[Index of Archives]     [DM Crypt]     [Fedora Desktop]     [ATA RAID]     [Fedora Marketing]     [Fedora Packaging]     [Fedora SELinux]     [Yosemite Discussion]     [KDE Users]     [Fedora Docs]

  Powered by Linux