On Mon, 17 Jun 2019, Milan Broz wrote:
On 13/06/2019 03:06, Jaskaran Khurana wrote:
...
Adds DM_VERITY_VERIFY_ROOTHASH_SIG_FORCE: roothash signature *must* be
specified for all dm verity volumes and verification must succeed prior
to creation of device mapper block device.
I had a quick discussion about this and one suggestion was
to add dm-verity kernel module parameter instead of a new config option.
The idea is that if you can control kernel boot commandline, you can add it
there with the same effect (expecting that root device is on dm-verity as well).
Isn't this better option or it is not going to work for you?
Seems like a better option to me, I will make the change and remove both
the configs.
Milan
Regards,
Jaskaran
