verity: add support for setting up verity-protected root disks in the initrd

This adds a generator and a small service that will look for "roothash=" on the kernel command line and use it for setting up a very partition for the root device. This provides similar functionality to nspawn's existing --roothash= switch.
author: Lennart Poettering <lennart@poettering.net> 2016-12-16 12:57:44 +0100
committer: Lennart Poettering <lennart@poettering.net> 2016-12-21 19:09:30 +0100
commit: 2f3dfc6fb43e13f3999d10c509105d46f3cf5b93 (patch)
tree: 08d6d01928d2a658d9212365b2614265a0571288 /man/kernel-command-line.xml
parent: 72e18a98ba5c1a570a2eaadadfdbcb073f04df5b (diff)
1 files changed, 14 insertions, 0 deletions
diff --git a/man/kernel-command-line.xml b/man/kernel-command-line.xml
index 7e1d408ded..415b8d3cf9 100644
--- a/man/kernel-command-line.xml
+++ b/man/kernel-command-line.xml
@@ -334,6 +334,19 @@
       </varlistentry>
 
       <varlistentry>
+        <term><varname>roothash=</varname></term>
+        <term><varname>systemd.verity=</varname></term>
+        <term><varname>rd.systemd.verity=</varname></term>
+        <term><varname>systemd.verity_root_data=</varname></term>
+        <term><varname>systemd.verity_root_hash=</varname></term>
+        <listitem>
+          <para>Configures the integrity protection root hash for the root file system, and other related
+          parameters. For details, see
+          <citerefentry><refentrytitle>systemd-veritysetup-generator</refentrytitle><manvolnum>8</manvolnum></citerefentry>.</para>
+        </listitem>
+      </varlistentry>
+
+      <varlistentry>
         <term><varname>systemd.gpt_auto=</varname></term>
         <term><varname>rd.systemd.gpt_auto=</varname></term>
 
@@ -402,6 +415,7 @@
         <citerefentry><refentrytitle>systemd-udevd.service</refentrytitle><manvolnum>8</manvolnum></citerefentry>,
         <citerefentry project='die-net'><refentrytitle>plymouth</refentrytitle><manvolnum>8</manvolnum></citerefentry>,
         <citerefentry><refentrytitle>systemd-cryptsetup-generator</refentrytitle><manvolnum>8</manvolnum></citerefentry>,
+        <citerefentry><refentrytitle>systemd-veritysetup-generator</refentrytitle><manvolnum>8</manvolnum></citerefentry>,
         <citerefentry><refentrytitle>systemd-fstab-generator</refentrytitle><manvolnum>8</manvolnum></citerefentry>,
         <citerefentry><refentrytitle>systemd-gpt-auto-generator</refentrytitle><manvolnum>8</manvolnum></citerefentry>,
         <citerefentry><refentrytitle>systemd-volatile-root.service</refentrytitle><manvolnum>8</manvolnum></citerefentry>,
author	Lennart Poettering <lennart@poettering.net>	2016-12-16 12:57:44 +0100
committer	Lennart Poettering <lennart@poettering.net>	2016-12-21 19:09:30 +0100
commit	2f3dfc6fb43e13f3999d10c509105d46f3cf5b93 (patch)
tree	08d6d01928d2a658d9212365b2614265a0571288 /man/kernel-command-line.xml
parent	72e18a98ba5c1a570a2eaadadfdbcb073f04df5b (diff)