OpenBMC Image Management
Patrick Williams
patrick at stwcx.xyz
Wed Feb 1 05:16:41 AEDT 2017
On Mon, Jan 30, 2017 at 04:47:13PM +1100, Stewart Smith wrote:
> dm-verity (a device-mapper target taht cryptographically verifies each
> filesystem block) could be a way to very easily get most of what's
> needed here.
>
> https://lwn.net/Articles/459420/
>
> https://source.android.com/security/verifiedboot/
>
Any ideas on how nicely that plays with mtd/ubi? I don't see anything
about it. I do see some dm-verity presentations claiming that IMA is
slow and dm-verity is much faster.
We should have all code in a SquashFS image anyhow. Signing / verifying
that whole image might be reasonable as well.
--
Patrick Williams
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 819 bytes
Desc: Digital signature
URL: <http://lists.ozlabs.org/pipermail/openbmc/attachments/20170131/4f390cc8/attachment.sig>
More information about the openbmc
mailing list