Adding dm-verity support for rootfs (!253) · Merge requests · Debian Live Team / live-build

Thore Sommer requested to merge TS/live-build:dm-verity into master Jul 10, 2021

This adds support for dm-vertiy on the root filesystem. Currently only squashfs is supported.

Three new flags are introduced.

--dm-verity: Enable basic dm-verity support
--dm-verity-fec NB_ROOTS: Enable forward error correction. Optional
--dm-verity-sign SCRIPT: Specify signing script for the root hash. Optional

the live-boot support was implemented here: live-boot!40 (merged)

I've tried it with ext2 and ext4 but it didn't work, so I only enabled it for squashfs. Mounting the filesystem.ext4 using veritysetup worked and I'm not sure why using mount does not work.

Edited Jul 10, 2021 by Thore Sommer

Adding dm-verity support for rootfs

Merge request reports