Reputation: 23
Can dm-verity will support authentication of Ubifs root file system in Linux
I want to authenticate my root file system which is in Ubifs file type mounted on NAND flash device.
Will dm-verity will support ubifs file system ?
In dm-verity-img.bb class file i have seen only below file systems mentioned.
DM_VERITY_IMAGE = "core-image-full-cmdline" # or other image
DM_VERITY_IMAGE_TYPE = "ext4" # or ext2, ext3 & btrfs
IMAGE_CLASSES += "dm-verity-img"
Upvotes: 0
Views: 351
Answers (1)
Reputation: 133
the mechanism for signing and verifying your software, using dm-verity, is called a "Merkel Tree". Within that approach, you are using blocks of data to create a hash tree of your data to protect. This tree in turn can be used fast at runtime to make integrity checks within the device mapper "on-the-fly". With on-the-fly I mean directly, when the data is accessed from user space in a way, where the performance of the system is not impacted.
That being said, dm-verity is working in connection with block-oriented filesystems, like ext4, squashfs, etc. UBIFS in turn is kind of a "special" filesystem, explicitly not characterized as block device. You can check e.g. https://docs.kernel.org/filesystems/ubifs.html for reference.
Hence my understanding - also bolstered by an actual implementation in an embedded system, using both squashfs and UBIFS - is that you cannot use dm-verity for UBIFS.
Hope that helps!
Upvotes: 1
Related Questions
- Some details on ARM Linux boot
- Configuring initramfs with buildroot and uboot
- How do I change the rootfs file system type used for the sdcard image in yocto?
- UBI error: ubi_io_read: error -74 (ECC error)
- Init process not found when booting with ramdisk as rootfs
- Mount RootFS error: VFS: Cannot open root device "mtdblock4" or unknown-block(0,0)
- Block ram disk fails to read/write with offset