diff options
author | Lennart Poettering <lennart@poettering.net> | 2016-12-16 12:57:44 +0100 |
---|---|---|
committer | Lennart Poettering <lennart@poettering.net> | 2016-12-21 19:09:30 +0100 |
commit | 2f3dfc6fb43e13f3999d10c509105d46f3cf5b93 (patch) | |
tree | 08d6d01928d2a658d9212365b2614265a0571288 /src/gpt-auto-generator | |
parent | 72e18a98ba5c1a570a2eaadadfdbcb073f04df5b (diff) |
verity: add support for setting up verity-protected root disks in the initrd
This adds a generator and a small service that will look for "roothash="
on the kernel command line and use it for setting up a very partition
for the root device.
This provides similar functionality to nspawn's existing --roothash=
switch.
Diffstat (limited to 'src/gpt-auto-generator')
-rw-r--r-- | src/gpt-auto-generator/gpt-auto-generator.c | 9 |
1 files changed, 9 insertions, 0 deletions
diff --git a/src/gpt-auto-generator/gpt-auto-generator.c b/src/gpt-auto-generator/gpt-auto-generator.c index 3126469f60..612a3fe777 100644 --- a/src/gpt-auto-generator/gpt-auto-generator.c +++ b/src/gpt-auto-generator/gpt-auto-generator.c @@ -718,6 +718,15 @@ static int parse_proc_cmdline_item(const char *key, const char *value, void *dat arg_root_enabled = streq(value, "gpt-auto"); + } else if (streq(key, "roothash")) { + + if (proc_cmdline_value_missing(key, value)) + return 0; + + /* Disable root disk logic if there's roothash= defined (i.e. verity enabled) */ + + arg_root_enabled = false; + } else if (streq(key, "rw") && !value) arg_root_rw = true; else if (streq(key, "ro") && !value) |