Open thepinkmile opened 3 months ago
sergioprado
commented
3 months ago I have never tried combining dm-verity and overlayfs, but it seems to be possible: see https://docs.kernel.org/filesystems/overlayfs.html#fs-verity-support
Just be aware that this might have some security impacts, as this enables writes to the rootfs at runtime.
thepinkmile
commented
3 months ago Will have a look at that link tomorrow when I get to the rootfs testing again.
I believe the idea is to actually use a tempfs as the writable layer. But to temporarily allow partial updates, we would “commit” these changes via an external mechanism.
However, this is only until we can move over to a better solution (ideally using TorizonOS).
Currently building minimal reference image adding this layer for secure boot and encrypted partition.
I am wondering if there might be a possibility to implement an overlayfs such that I can use my encrypted partition as the writable layer of the fs? Mainly due to the fact the rootfs will be read-only.
This would also enable me to have a temp solution to provide remote-offline-updates (albeit a hacky one). At least until we can re-evaluate the decision to not use torizon os.