Alternative idea: add "systemd.gpt_auto_policy=rhvs" to allow gpt-auto to
only mount root dir, /home/ dir, /var/ and /srv/, but nothing else. And then
minor extension to this, insisting on encryption, for example
- "systemd.gpt_auto_policy=r+v+h" to requre encryption for root and var but not
+ "systemd.gpt_auto_policy=r+v+h" to require encryption for root and var but not
for /home/, and similar. Similar add --image-dissect-policy= to tools that
take --image= that take the same short string.
* might remove all partitions while we are operating on them. */
r = loop_device_open(devname, O_RDONLY, LOCK_SH, &loop);
if (r < 0)
- return log_debug_errno(r, "Failed to opne %s: %m", devname);
+ return log_debug_errno(r, "Failed to open %s: %m", devname);
r = dissect_loop_device(
loop,
assert(ret);
/* Try to find the matching sibling partition of the given type for a verity partition. For a data
- * partition, this is the corresponding hash partiton with the same verity name (and vice versa for
- * the hash partition).
- */
+ * partition, this is the corresponding hash partition with the same verity name (and vice versa for
+ * the hash partition). */
LIST_FOREACH(partitions, q, context->partitions) {
if (p == q)
goto finish;
/* TPM2_VerifySignature() will only verify the RSA part of the RSA+SHA256 signature,
- * hence we need to do the SHA256 part outselves, first */
+ * hence we need to do the SHA256 part ourselves, first */
TPM2B_DIGEST signature_hash = {
.size = SHA256_DIGEST_SIZE,
};