Re: Kernel 4.14: Using dm-verity with squashfs rootfs - mounting issue

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

Hello,

On Mon, 30 Aug 2021 21:55:19 +0530
Pintu Agarwal <pintu.ping@xxxxxxxxx> wrote:

> Sorry for coming back to this again..
> Unfortunately, none of the options is working for us with squashfs
> (bootloader, initramfs).
> initramfs have different kinds of challenges because of the partition
> size issue.
> So, our preferred option is still the bootloader command line approach..
> 
> Is there a proven and working solution of dm-verity with squashfs ?
> If yes, please share some references.
> 
> The current problem with squashfs is that we could not append the
> verity-metadata to squashfs, so we store it on a separate volume and
> access it.

Here, it definitely worked to append the hash tree to the squashfs
image and store them in the same partition.

> By specifying it like : /dev/mtdblock53
> 
> Then we get the error like this:
> {
> [    4.950276] device-mapper: init: attempting early device configuration.
> [    4.957577] device-mapper: init: adding target '0 95384 verity 1
> /dev/ubiblock0_0 /dev/mtdblock53 4096 4096 11923 8 sha256
> 16da5e4bbc706e5d90511d2a3dae373b5d878f9aebd522cd614a4faaace6baa3
> aee087a5be3b982978c923f566a94613496b417f2af592639bc80d141e34dfe7 10
> restart_on_corruption ignore_zero_blocks use_fec_from_device
> /dev/mtdblock53 fec_roots 2 fec_blocks 12026 fec_start 12026'
> [    4.975283] device-mapper: verity: sha256 using implementation
> "sha256-generic"
> [    4.998728] device-mapper: init: dm-0 is ready

Could you show the full kernel command line ?

> Do you see any other problem here with dm-verity cmdline or with squashfs ?
> 
> Is squashfs ever proved to be working with dm-verity on higher kernel version ?
> Currently our kernel version is 4.14.

I confirm we used squashfs on dm-verity successfully. For sure on 4.19,
perhaps on older kernels as well.

> Or, another option is to use the new concept from 5.1 kernel that is:
> dm-mod.create = ?

How are you doing it today without dm-mod.create ?

Again, please give your complete kernel command line.

Best regards,

Thomas
-- 
Thomas Petazzoni, co-owner and CEO, Bootlin
Embedded Linux and Kernel engineering
https://bootlin.com
[Index of Archives]     [Linux Ext4 Filesystem]     [Union Filesystem]     [Filesystem Testing]     [Ceph Users]     [Ecryptfs]     [AutoFS]     [Kernel Newbies]     [Share Photos]     [Security]     [Netfilter]     [Bugtraq]     [Yosemite News]     [MIPS Linux]     [ARM Linux]     [Linux Security]     [Linux Cachefs]     [Reiser Filesystem]     [Linux RAID]     [Samba]     [Device Mapper]     [CEPH Development]

  Powered by Linux