DM-Verity in Gardenhouse
As Gardenhouse does not use systemd, the dracut
systemd-veritysetup module cannot be used. As an
alternative dracut-verity
was created.
By default Gardenhouse will automatically install and configure dracut-verity and also handle the verity partition creation.
To disable this add -dmverity as a global USE flag in
the profile make.defaults.
For further tweaking, dracut-verity reads the following kernel arguments during boot:
verity.root_data: Path to the actual root partitionverity.root_hash: Path to the verity hash treeverity.roothash: Roothash generated by veritysetup format
root_data and root_hash may be
LABEL, PARTLABEL, UUID,
PARTUUID or just a direct path
In gardenhouse the default kernel arguments for dracut-verity are:
verity.root_data=LABEL=gh<version>verity.root_hash=UUID=<uuid of verity>verity.roothash=<hash returned by veritysetup format>