summaryrefslogtreecommitdiff
path: root/src/gpt-auto-generator
diff options
context:
space:
mode:
authorLennart Poettering <lennart@poettering.net>2016-12-16 12:57:44 +0100
committerLennart Poettering <lennart@poettering.net>2016-12-21 19:09:30 +0100
commit2f3dfc6fb43e13f3999d10c509105d46f3cf5b93 (patch)
tree08d6d01928d2a658d9212365b2614265a0571288 /src/gpt-auto-generator
parent72e18a98ba5c1a570a2eaadadfdbcb073f04df5b (diff)
verity: add support for setting up verity-protected root disks in the initrd
This adds a generator and a small service that will look for "roothash=" on the kernel command line and use it for setting up a very partition for the root device. This provides similar functionality to nspawn's existing --roothash= switch.
Diffstat (limited to 'src/gpt-auto-generator')
-rw-r--r--src/gpt-auto-generator/gpt-auto-generator.c9
1 files changed, 9 insertions, 0 deletions
diff --git a/src/gpt-auto-generator/gpt-auto-generator.c b/src/gpt-auto-generator/gpt-auto-generator.c
index 3126469f60..612a3fe777 100644
--- a/src/gpt-auto-generator/gpt-auto-generator.c
+++ b/src/gpt-auto-generator/gpt-auto-generator.c
@@ -718,6 +718,15 @@ static int parse_proc_cmdline_item(const char *key, const char *value, void *dat
arg_root_enabled = streq(value, "gpt-auto");
+ } else if (streq(key, "roothash")) {
+
+ if (proc_cmdline_value_missing(key, value))
+ return 0;
+
+ /* Disable root disk logic if there's roothash= defined (i.e. verity enabled) */
+
+ arg_root_enabled = false;
+
} else if (streq(key, "rw") && !value)
arg_root_rw = true;
else if (streq(key, "ro") && !value)