identified by the partition types defined by the <ulink
url="http://www.freedesktop.org/wiki/Specifications/DiscoverablePartitionsSpec/">Discoverable
Partitions Specification</ulink>.</para></listitem>
+
+ <listitem><para>No partition table, and a single file system spanning the whole image.</para></listitem>
</itemizedlist>
<para>On GPT images, if an EFI System Partition (ESP) is discovered, it is automatically mounted to
<filename>/efi</filename> (or <filename>/boot</filename> as fallback) in case a directory by this name exists
and is empty.</para>
+ <para>Partitions encrypted with LUKS are automatically decrypted. Also, on GPT images dm-verity data integrity
+ hash partitions are set up if the root hash for them is specified using the <option>--root-hash=</option>
+ option.</para>
+
<para>Any other partitions, such as foreign partitions or swap partitions are not mounted. May not be specified
together with <option>--directory=</option>, <option>--template=</option>.</para></listitem>
</varlistentry>
+ <varlistentry>
+ <term><option>--root-hash=</option></term>
+
+ <listitem><para>Takes a data integrity (dm-verity) root hash specified in hexadecimal. This option enables data
+ integrity checks using dm-verity, if the used image contains the appropriate integrity data (see above). The
+ specified hash must match the root hash of integrity data, and is usually at least 256bits (and hence 64
+ hexadecimal characters) long (in case of SHA256 for example). If this option is not specified, but a file with
+ the <filename>.roothash</filename> suffix is found next to the image file, bearing otherwise the same name the
+ root hash is read from it and automatically used.</para></listitem>
+ </varlistentry>
+
<varlistentry>
<term><option>-a</option></term>
<term><option>--as-pid2</option></term>
projects / thirdparty / systemd.git / commitdiff
