LWN.net Logo

Not logged in

Log in now

Create an account

Subscribe to LWN

Recent Features

LWN.net Weekly Edition for May 23, 2013

An "enum" for Python 3

An unexpected perf feature

LWN.net Weekly Edition for May 16, 2013

A look at the PyPy 2.0 release

Printable page
Weekly edition Kernel Security Distributions Contact Us Search
Archives Calendar Subscribe Write for LWN LWN.net FAQ Sponsors

Re: [PATCH] dm: verity target

[Posted September 19, 2011 by corbet]

From:  Wesley Miaw <wmiaw-AT-netflix.com>
To:  "linux-kernel-AT-vger.kernel.org" <linux-kernel-AT-vger.kernel.org>
Subject:  Re: [PATCH] dm: verity target
Date:  Thu, 15 Sep 2011 15:02:18 -0700
Message-ID:  <48F0EA4A-5982-4686-8492-422F4225D5FB@netflix.com>
Archive-link:  Article, Thread 

On 2011 Sep 15, at 11:45 AM, Mandeep Singh Baines wrote:

> The verity target provides transparent integrity checking of block devices
> using a cryptographic digest.
> 
> dm-verity is meant to be setup as part of a verified boot path.  This
> may be anything ranging from a boot using tboot or trustedgrub to just
> booting from a known-good device (like a USB drive or CD).
> 
> dm-verity is part of ChromeOS's verified boot path. It is used to verify
> the integrity of the root filesystem on boot. The root filesystem is
> mounted on a dm-verity partition which transparently verifies each block
> with a bootloader verified hash passed into the kernel at boot.

Netflix would like dm-verity to be included in the Linux kernel. Over the
past year, we have been working with Google and porting dm-verity onto a
number of consumer electronics devices running embedded Linux. Demand for
this feature has been high and we see a lot of benefit associated with
making dm-verity part of the official kernel.
--
Wesley Miaw
(Log in to post comments)

Copyright © 2011, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds