LWN.net Logo

Not logged in

Log in now

Create an account

Subscribe to LWN

Recent Features

LWN.net Weekly Edition for May 16, 2013

A look at the PyPy 2.0 release

PostgreSQL 9.3 beta: Federated databases and more

LWN.net Weekly Edition for May 9, 2013

(Nearly) full tickless operation in 3.10

Printable page
Weekly edition Kernel Security Distributions Contact Us Search
Archives Calendar Subscribe Write for LWN LWN.net FAQ Sponsors

Re: [PATCH] dm: verity target

[Posted September 19, 2011 by corbet]

From:  Wesley Miaw <wmiaw-AT-netflix.com>
To:  "linux-kernel-AT-vger.kernel.org" <linux-kernel-AT-vger.kernel.org>
Subject:  Re: [PATCH] dm: verity target
Date:  Thu, 15 Sep 2011 15:02:18 -0700
Message-ID:  <48F0EA4A-5982-4686-8492-422F4225D5FB@netflix.com>
Archive-link:  Article, Thread 

On 2011 Sep 15, at 11:45 AM, Mandeep Singh Baines wrote:

> The verity target provides transparent integrity checking of block devices
> using a cryptographic digest.
> 
> dm-verity is meant to be setup as part of a verified boot path.  This
> may be anything ranging from a boot using tboot or trustedgrub to just
> booting from a known-good device (like a USB drive or CD).
> 
> dm-verity is part of ChromeOS's verified boot path. It is used to verify
> the integrity of the root filesystem on boot. The root filesystem is
> mounted on a dm-verity partition which transparently verifies each block
> with a bootloader verified hash passed into the kernel at boot.

Netflix would like dm-verity to be included in the Linux kernel. Over the
past year, we have been working with Google and porting dm-verity onto a
number of consumer electronics devices running embedded Linux. Demand for
this feature has been high and we see a lot of benefit associated with
making dm-verity part of the official kernel.
--
Wesley Miaw
(Log in to post comments)

Copyright © 2011, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds