Closed rforro closed 3 years ago
No problem, I'll fix it.
What I don't understand is why by using menuconfig
to activate verity it enables so many modules if only those two are needed for dm-verity?
When I run diff on before and after activation I get something like this:
-- og.config 2021-06-30 16:17:34.150684994 +0200
+++ verity.config 2021-06-30 16:21:24.166682012 +0200
@@ -1595,7 +1595,37 @@
# end of SCSI device support
# CONFIG_ATA is not set
-# CONFIG_MD is not set
+CONFIG_MD=y
+# CONFIG_BLK_DEV_MD is not set
+# CONFIG_BCACHE is not set
+CONFIG_BLK_DEV_DM_BUILTIN=y
+CONFIG_BLK_DEV_DM=y
+# CONFIG_DM_DEBUG is not set
+CONFIG_DM_BUFIO=y
+# CONFIG_DM_DEBUG_BLOCK_MANAGER_LOCKING is not set
+# CONFIG_DM_UNSTRIPED is not set
+# CONFIG_DM_CRYPT is not set
+# CONFIG_DM_SNAPSHOT is not set
+# CONFIG_DM_THIN_PROVISIONING is not set
+# CONFIG_DM_CACHE is not set
+# CONFIG_DM_WRITECACHE is not set
+# CONFIG_DM_ERA is not set
+# CONFIG_DM_CLONE is not set
+# CONFIG_DM_MIRROR is not set
+# CONFIG_DM_RAID is not set
+# CONFIG_DM_ZERO is not set
+# CONFIG_DM_MULTIPATH is not set
+# CONFIG_DM_DELAY is not set
+# CONFIG_DM_DUST is not set
+# CONFIG_DM_INIT is not set
+# CONFIG_DM_UEVENT is not set
+# CONFIG_DM_FLAKEY is not set
+CONFIG_DM_VERITY=y
+# CONFIG_DM_VERITY_VERIFY_ROOTHASH_SIG is not set
+# CONFIG_DM_VERITY_FEC is not set
+# CONFIG_DM_SWITCH is not set
+# CONFIG_DM_LOG_WRITES is not set
+# CONFIG_DM_INTEGRITY is not set
# CONFIG_TARGET_CORE is not set
CONFIG_NETDEVICES=y
CONFIG_MII=m
@@ -4949,6 +4979,7 @@
CONFIG_NFS_V4_1=y
CONFIG_NFS_V4_2=y
CONFIG_PNFS_FILE_LAYOUT=y
+CONFIG_PNFS_BLOCK=y
CONFIG_PNFS_FLEXFILE_LAYOUT=m
CONFIG_NFS_V4_1_IMPLEMENTATION_ID_DOMAIN="kernel.org"
# CONFIG_NFS_V4_1_MIGRATION is not set
@rforro This basically is caused by how kconfig works. We see the result of two things here:
1) Some features require other features to be enabled. For this, a Kconfig entry can itself select
additional Kconfig entries. The DM_VERITY
entry for example looks as follows:
config DM_VERITY
tristate "Verity target support"
depends on BLK_DEV_DM
select CRYPTO
select CRYPTO_HASH
select DM_BUFIO
help
[...]
2) Features can be grouped into sub menus in kconfig. Menus that are not selected at all do not show their subitems. This is true both for the interactive GUI tools as well as for the resulting config file. In our case we enable for example CONFIG_MD
. The menu roughly looks as follows:
menuconfig MD
bool "Multiple devices driver support (RAID and LVM)"
depends on BLOCK
select SRCU
help
Support multiple physical spindles through a single logical device.
Required for RAID and logical volume management.
if MD
config BLK_DEV_MD
[...]
config MD_AUTODETECT
[...]
[...]
endif # MD
Thus by enabling CONFIG_MD, also all menu items hidden before now become visible and get their default value. This is what makes the actual diff that long. Also note that most of the added options are not enabled actually.
@ejoerns done
I have only one question according to option CONFIG_SQUASHFS_FILE_CACHE
. How we know, that this will be selected? Is it because it's the first config
in choice
list?
choice
prompt "File decompression options"
depends on SQUASHFS
help
--omitted--
config SQUASHFS_FILE_CACHE
bool "Decompress file data into an intermediate buffer"
help
--omitted--
config SQUASHFS_FILE_DIRECT
bool "Decompress files directly into the page cache"
help
--omitted--
endchoice
@rforro cannot find this explicitly in kconfig documentation but I would assume that a choice defaults to its first element, yes. Maybe if a kernel experts reads this, he can give a hint if that's documented in text anywhere or only in code ;)
Note that the commit for master is now rejected because they have moved the next code name ('honister'). Thus we will need to wait for #195 and rebase on this then.
As #195 is merged now, feel free to rebase onto master so we can make this ready for being merged
I've rebased this on latest master
We should also add CONFIG_CRYPTO_SHA256=y
to the config.
Added CONFIG_CRYPTO_SHA256=y
Current kernel.cfg is missing support for mounting of dm-verity devices, this configuration fixes it.