Thank you Mikulas. I just want to make sure I understand what you are saying. Currently we making a dm-linear, dm-verity, dm-linear target; if I understand you right you are suggesting to make it a dm-veriy, dm-linear, dm-linear target? Of course the 2nd dm-linear target will have LBAs before dm-verity target. Did I get this right?
From: Mikulas Patocka<mailto:mpato...@redhat.com> Sent: Sunday, September 18, 2022 3:10 AM To: Pra.. Dew..<mailto:linux_lear...@outlook.com> Cc: dm-devel@redhat.com<mailto:dm-devel@redhat.com> Subject: Re: [dm-devel] dm-verity with GPT On Sat, 17 Sep 2022, Pra.. Dew.. wrote: > > We have a scenario for a VM where a VM is running in the host Linux > using KVM. We want to expose verity protected rootfs to the VM. This > rootfs clearly needs to be RO. However, we also want to expose it as a > GPT partition. In order to do this we are attaching two small files > before and after the rootfs. The files use linear mapping and get mapped > to the same /dev/mapper/XX device that has a verity partition. These two > files contain the partition mappings (primary and backup) for GPT. From > the VMs perspective, it sees one device (/dev/mapper/xx) as a GPT device > with rootfs. > > The challenge we are getting into is that dm-verity kernel > implementation explicitly prohibits mixing linear and verity mapping and > forces the /dev/mapper/xx device to be RO and our needs are exactly the > opposite. > > Has anyone seen this scenario before? Any suggestions? > > Thanks Hi I think that you can create dm-verity target, put dm-linear on the top of it and insert that dm-linear into the table with the other two dm-linear targets. Would it work this way? Mikulas
-- dm-devel mailing list dm-devel@redhat.com https://listman.redhat.com/mailman/listinfo/dm-devel
