git.ipfire.org Git - thirdparty/systemd.git/commit

]> git.ipfire.org Git - thirdparty/systemd.git/commit

projects / thirdparty / systemd.git / commit

author	Lennart Poettering <lennart@poettering.net>
	Thu, 20 Mar 2025 13:35:50 +0000 (14:35 +0100)
committer	Lennart Poettering <lennart@poettering.net>
	Thu, 3 Apr 2025 09:08:57 +0000 (11:08 +0200)
commit	96386bb5a75c512fa44a218676770b9655abd4d6
tree	ae0d38902377949bc53616499d87bd8ba8109584	tree \| snapshot
parent	bcd904d471ef93da748e3ca65c18692926a7f2b7	commit \| diff

veritysetup: when we fail to unlock a disk with the root hash signature logic, retry without

Currently, there's no nice way to get a key into the dm-verity kernel
keyring unless recompiling the kernel, or enabling SB or buying into
shim. Neither sounds particularly attractive.

hence provide a reasonable fallback: if unlocking with signed roothash
doesn#t work, just try without. maybe the kernel policy allows this,
maybe not. It's worth a try.

src/veritysetup/veritysetup.c

diff | blob | blame | history

Unnamed repository; edit this file 'description' to name the repository.

RSS Atom