Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Enablement of dm-verity #6372

Closed
JakubVanek opened this issue Sep 18, 2024 · 2 comments
Closed

Enablement of dm-verity #6372

JakubVanek opened this issue Sep 18, 2024 · 2 comments

Comments

@JakubVanek
Copy link
Contributor

Describe the bug

I am working on a project that is currently compiling its own RPi kernel binaries. I'm considering moving instead to the kernel binaries provided by Raspberry Pi. However, I'm missing one kernel functionality in the official images: dm-verity. I depend on dm-verity for RAUC (project providing infrastructure for image-based updates). RAUC requires the following kernel options https://rauc.readthedocs.io/en/latest/integration.html#kernel-configuration and it seems to me that all, except for the CONFIG_DM_VERITY, are already satisfied. Would it be possible for you to enable CONFIG_DM_VERITY=m in your builds?

Steps to reproduce the behaviour

Overview of what I am trying to achieve:

  1. install RAUC on a RPi and on a PC
  2. create a RAUC verity image on a PC
  3. successfully flash the verity image into a new partition on the RPi

Device (s)

Raspberry Pi 4 Mod. B, Raspberry Pi 5, Raspberry Pi CM4

System

n/a (custom Buildroot-based OS)

Logs

No response

Additional context

No response
pelwell added a commit to pelwell/linux that referenced this issue Sep 19, 2024
@pelwell
configs: Add DM_VERITY=m
5720bd3 
Add support for device-mapper validation of device content against
a tree of cryptographic checksums. Required for verity support in
RAUC.

Link: raspberrypi#6372

Signed-off-by: Phil Elwell <[email protected]>
@pelwell pelwell mentioned this issue Sep 19, 2024
Merged
@pelwell
Copy link
Contributor

pelwell commented Sep 19, 2024

Can you confirm that the config changes in #6375 are sufficient? Wait about 45 minutes, then run sudo rpi-update pulls/6375 to install a trial build.

@JakubVanek
Copy link
Contributor Author

Yes, the changes are sufficient. I was able to insert the 2024-07-04-raspios-bookworm-armhf-lite.img.xz image (with the rpi-update applied) into my A/B partition layout and boot flow. I was then able to flash my current RAUC verity images into the inactive A/B partition from within Raspbian. Thank you!

pelwell added a commit that referenced this issue Sep 19, 2024
@pelwell
configs: Add DM_VERITY=m
4ea9e07 
Add support for device-mapper validation of device content against
a tree of cryptographic checksums. Required for verity support in
RAUC.

Link: #6372

Signed-off-by: Phil Elwell <[email protected]>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@JakubVanek @pelwell