BMC Secure Boot - dm-verity

Adriana Kobylak anoo at
Sat Feb 8 06:28:18 AEDT 2020


We're planning to use dm-verity to verify the rootfs on eMMC, as 
mentioned in this doc update[1], following what chromeOs[2]/android[3] 
have done.

The verity root hash value is needed to do the verification, which in 
chromeos appears to be compiled into the kernel, they don't have an 
For OpenBMC, we're thinking of creating a new binding for the kernel 
device tree so that an initramfs can read the hash value and do the 

Any opinions or suggestions?


More information about the openbmc mailing list