[dm-devel] dm-verity with GPT
Mikulas Patocka
mpatocka at redhat.com
Sun Sep 18 10:10:48 UTC 2022
On Sat, 17 Sep 2022, Pra.. Dew.. wrote:
>
> We have a scenario for a VM where a VM is running in the host Linux
> using KVM. We want to expose verity protected rootfs to the VM. This
> rootfs clearly needs to be RO. However, we also want to expose it as a
> GPT partition. In order to do this we are attaching two small files
> before and after the rootfs. The files use linear mapping and get mapped
> to the same /dev/mapper/XX device that has a verity partition. These two
> files contain the partition mappings (primary and backup) for GPT. From
> the VMs perspective, it sees one device (/dev/mapper/xx) as a GPT device
> with rootfs.
>
> The challenge we are getting into is that dm-verity kernel
> implementation explicitly prohibits mixing linear and verity mapping and
> forces the /dev/mapper/xx device to be RO and our needs are exactly the
> opposite.
>
> Has anyone seen this scenario before? Any suggestions?
>
> Thanks
Hi
I think that you can create dm-verity target, put dm-linear on the top of
it and insert that dm-linear into the table with the other two dm-linear
targets.
Would it work this way?
Mikulas
More information about the dm-devel
mailing list