Dear Milan Broz. Thank you for answer my query. I asked you again because i was confused. Yes, I also looked at the document and get a lot of information or studies related to dm-verity. https://gitlab.com/cryptsetup/cryptsetup/-/wikis/DMVerity Thank you : D JeongHyeon Lee On 23/06/2020 16:28, Milan Broz wrote: > On 23/06/2020 01:53, JeongHyeon Lee wrote: >> For what reason isn't panic better? > I did not say panic is better, I said that while we have restart already in mainline dm-verity code, > panic() is almost the same, so I see no problem in merging this patch. > > Stopping system this way could create more damage if it is not configured properly, > but I think it is quite common to stop the system as fast as possible if data system integrity > is violated... > >> If when i suggested new patch, i will send you a patch that increased >> minor version. > I think Mike can fold-in version increase, if the patch is accepted. > > But please include these version changes with every new feature. > > Actually I am tracking it here for dm-verity as part of veritysetup userspace documentation: > https://gitlab.com/cryptsetup/cryptsetup/-/wikis/DMVerity > > Thanks, > Milan > >> On 22/06/2020 16:58, Milan Broz wrote: >>> On 18/06/2020 19:09, Mike Snitzer wrote: >>>> On Thu, Jun 18 2020 at 12:50pm -0400, >>>> Sami Tolvanen <samitolvanen@xxxxxxxxxx> wrote: >>>> >>>>> On Thu, Jun 18, 2020 at 11:44:45AM -0400, Mike Snitzer wrote: >>>>>> I do not accept that panicing the system because of verity failure is >>>>>> reasonable. >>>>>> >>>>>> In fact, even rebooting (via DM_VERITY_MODE_RESTART) looks very wrong. >>>>>> >>>>>> The device should be put in a failed state and left for admin recovery. >>>>> That's exactly how the restart mode works on some Android devices. The >>>>> bootloader sees the verification error and puts the device in recovery >>>>> mode. Using the restart mode on systems without firmware support won't >>>>> make sense, obviously. >>>> OK, so I need further justification from Samsung why they are asking for >>>> this panic mode. >>> I think when we have reboot already, panic is not much better :-) >>> >>> Just please note that dm-verity is used not only in Android world (with own tooling) >>> but in normal Linux distributions, and I need to modify userspace (veritysetup) to support >>> and recognize this flag. >>> >>> Please *always* increase minor dm-verity target version when adding a new feature >>> - we can then provide some better hint if it is not supported. >>> >>> Thanks, >>> Milan >>> >>> >
