Is your feature request related to a problem? Please describe.
The current implementation on aleph.im using AMD-SEV confidential VMs is unlikely to leverage data authentication features of the file system encryption. While disk encryption is enabled, data integrity and authentication are likely not enforced by default, which could expose the system to unauthorized modifications from the host operating system.
Describe the solution you'd like
Integrate LUKS/dm-crypt with data authentication enabled by default the scripts and documentation used to create confidential VM root filesystems. Looking at dm-verity and dm-integrity may be relevant.
Is your feature request related to a problem? Please describe.
The current implementation on aleph.im using AMD-SEV confidential VMs is unlikely to leverage data authentication features of the file system encryption. While disk encryption is enabled, data integrity and authentication are likely not enforced by default, which could expose the system to unauthorized modifications from the host operating system.
Describe the solution you'd like Integrate LUKS/dm-crypt with data authentication enabled by default the scripts and documentation used to create confidential VM root filesystems. Looking at
dm-verityanddm-integritymay be relevant.