<html xmlns:o="urn:schemas-microsoft-com:office:office" xmlns:w="urn:schemas-microsoft-com:office:word" xmlns:m="http://schemas.microsoft.com/office/2004/12/omml" xmlns="http://www.w3.org/TR/REC-html40">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=us-ascii">
<meta name="Generator" content="Microsoft Word 15 (filtered medium)">
<style><!--
/* Font Definitions */
@font-face
{font-family:"Cambria Math";
panose-1:2 4 5 3 5 4 6 3 2 4;}
@font-face
{font-family:Calibri;
panose-1:2 15 5 2 2 2 4 3 2 4;}
/* Style Definitions */
p.MsoNormal, li.MsoNormal, div.MsoNormal
{margin:0in;
font-size:11.0pt;
font-family:"Calibri",sans-serif;}
a:link, span.MsoHyperlink
{mso-style-priority:99;
color:blue;
text-decoration:underline;}
.MsoChpDefault
{mso-style-type:export-only;}
@page WordSection1
{size:8.5in 11.0in;
margin:1.0in 1.0in 1.0in 1.0in;}
div.WordSection1
{page:WordSection1;}
--></style>
</head>
<body lang="EN-US" link="blue" vlink="#954F72" style="word-wrap:break-word">
<div class="WordSection1">
<p class="MsoNormal">Thank you Mikulas. I just want to make sure I understand what you are saying. Currently we making a dm-linear, dm-verity, dm-linear target; if I understand you right you are suggesting to make it a dm-veriy, dm-linear, dm-linear target?
Of course the 2<sup>nd</sup> dm-linear target will have LBAs before dm-verity target. Did I get this right?</p>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal"><o:p> </o:p></p>
<div style="mso-element:para-border-div;border:none;border-top:solid #E1E1E1 1.0pt;padding:3.0pt 0in 0in 0in">
<p class="MsoNormal" style="border:none;padding:0in"><b>From: </b><a href="mailto:mpatocka@redhat.com">Mikulas Patocka</a><br>
<b>Sent: </b>Sunday, September 18, 2022 3:10 AM<br>
<b>To: </b><a href="mailto:linux_learner@outlook.com">Pra.. Dew..</a><br>
<b>Cc: </b><a href="mailto:dm-devel@redhat.com">dm-devel@redhat.com</a><br>
<b>Subject: </b>Re: [dm-devel] dm-verity with GPT</p>
</div>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal" style="margin-bottom:12.0pt"><br>
<br>
On Sat, 17 Sep 2022, Pra.. Dew.. wrote:<br>
<br>
> <br>
> We have a scenario for a VM where a VM is running in the host Linux <br>
> using KVM. We want to expose verity protected rootfs to the VM. This <br>
> rootfs clearly needs to be RO. However, we also want to expose it as a <br>
> GPT partition. In order to do this we are attaching two small files <br>
> before and after the rootfs. The files use linear mapping and get mapped <br>
> to the same /dev/mapper/XX device that has a verity partition. These two <br>
> files contain the partition mappings (primary and backup) for GPT. From <br>
> the VMs perspective, it sees one device (/dev/mapper/xx) as a GPT device <br>
> with rootfs.<br>
> <br>
> The challenge we are getting into is that dm-verity kernel <br>
> implementation explicitly prohibits mixing linear and verity mapping and <br>
> forces the /dev/mapper/xx device to be RO and our needs are exactly the <br>
> opposite.<br>
> <br>
> Has anyone seen this scenario before? Any suggestions?<br>
> <br>
> Thanks<br>
<br>
Hi<br>
<br>
I think that you can create dm-verity target, put dm-linear on the top of <br>
it and insert that dm-linear into the table with the other two dm-linear <br>
targets.<br>
<br>
Would it work this way?<br>
<br>
Mikulas<o:p></o:p></p>
<p class="MsoNormal"><o:p> </o:p></p>
</div>
</body>
</html>