diff options
author | Lennart Poettering <lennart@poettering.net> | 2016-12-16 12:57:44 +0100 |
---|---|---|
committer | Lennart Poettering <lennart@poettering.net> | 2016-12-21 19:09:30 +0100 |
commit | 2f3dfc6fb43e13f3999d10c509105d46f3cf5b93 (patch) | |
tree | 08d6d01928d2a658d9212365b2614265a0571288 /man/kernel-command-line.xml | |
parent | 72e18a98ba5c1a570a2eaadadfdbcb073f04df5b (diff) |
verity: add support for setting up verity-protected root disks in the initrd
This adds a generator and a small service that will look for "roothash="
on the kernel command line and use it for setting up a very partition
for the root device.
This provides similar functionality to nspawn's existing --roothash=
switch.
Diffstat (limited to 'man/kernel-command-line.xml')
-rw-r--r-- | man/kernel-command-line.xml | 14 |
1 files changed, 14 insertions, 0 deletions
diff --git a/man/kernel-command-line.xml b/man/kernel-command-line.xml index 7e1d408ded..415b8d3cf9 100644 --- a/man/kernel-command-line.xml +++ b/man/kernel-command-line.xml @@ -334,6 +334,19 @@ </varlistentry> <varlistentry> + <term><varname>roothash=</varname></term> + <term><varname>systemd.verity=</varname></term> + <term><varname>rd.systemd.verity=</varname></term> + <term><varname>systemd.verity_root_data=</varname></term> + <term><varname>systemd.verity_root_hash=</varname></term> + <listitem> + <para>Configures the integrity protection root hash for the root file system, and other related + parameters. For details, see + <citerefentry><refentrytitle>systemd-veritysetup-generator</refentrytitle><manvolnum>8</manvolnum></citerefentry>.</para> + </listitem> + </varlistentry> + + <varlistentry> <term><varname>systemd.gpt_auto=</varname></term> <term><varname>rd.systemd.gpt_auto=</varname></term> @@ -402,6 +415,7 @@ <citerefentry><refentrytitle>systemd-udevd.service</refentrytitle><manvolnum>8</manvolnum></citerefentry>, <citerefentry project='die-net'><refentrytitle>plymouth</refentrytitle><manvolnum>8</manvolnum></citerefentry>, <citerefentry><refentrytitle>systemd-cryptsetup-generator</refentrytitle><manvolnum>8</manvolnum></citerefentry>, + <citerefentry><refentrytitle>systemd-veritysetup-generator</refentrytitle><manvolnum>8</manvolnum></citerefentry>, <citerefentry><refentrytitle>systemd-fstab-generator</refentrytitle><manvolnum>8</manvolnum></citerefentry>, <citerefentry><refentrytitle>systemd-gpt-auto-generator</refentrytitle><manvolnum>8</manvolnum></citerefentry>, <citerefentry><refentrytitle>systemd-volatile-root.service</refentrytitle><manvolnum>8</manvolnum></citerefentry>, |