-
We need to verify initoverlayfs on boot, to check it's contents are correct, we must ensure whatever we use can work on a erofs file within a vfat, ext4, erofs boot partition.
dm-verity probably ma…
-
One of the important properties of libostree is that it's intended to support *every* use case covered by package systems (dpkg/rpm/etc) today. Independence of the block layer is critical for this. …
-
user space: ANDROID_SRC/system/core/fs_mgr/fs_mgr_verity.c
kernel space: KERNEL_SRC/driver/md/dm-verity.c
-
## Current situation
We build plain squashfs images
## Impact
We don't benefit from dm-verity protection
## Ideal future situation
Use systemd-repart to create dm-verity images
-
Seems dm-verity checking fails while using sparse format image. I think the problem is a commit:
https://git.openembedded.org/meta-openembedded/commit/meta-oe/classes/image_types_sparse.bbclass?h=m…
-
Need to investigate how we provision block devices to make this possible, not applicable to pinata. Related to #583 but wanted to separate this issue out since it can be explored separately.
cc @ju…
-
Sometimes there is requirement to save sensitive data for k8s kata containers. Is there any suggested way to do that?
I found a [PR](https://github.com/kata-containers/kata-containers/pull/9999) whic…
-
The following need expanding;
"qubes read-only filesystem"
"dm-verity"
"Soldering jumpers on WP# pins, setting BP bits"
-
boot up the rabbit then stuck on "Dm-Verity Corruption. Your device is corrupt. It can’t be trusted and may not work properly
Press the power button to continue
Or, device will power off in 5 seco…
-
Seems to be broken. A test should be created to reproduce this issue.
```
[[ SGX-LKL ]] lkl_mount_disk(): lkl_mount_disk(dev="/dev/vda", mnt="/mnt/vda", ro=0)
[[ SGX-LKL ]] lkl_mount_disk(): Acti…