verity: add support for setting up verity-protected root disks in the initrd

This adds a generator and a small service that will look for "roothash=" on the kernel command line and use it for setting up a very partition for the root device. This provides similar functionality to nspawn's existing --roothash= switch.
2026-04-14 00:14:32 +09:00 · 2016-12-16 12:57:44 +01:00
parent 72e18a98ba
commit 2f3dfc6fb4
11 changed files with 691 additions and 4 deletions
--- a/.gitignore
+++ b/.gitignore
@@ -126,6 +126,8 @@
 /systemd-update-utmp
 /systemd-user-sessions
 /systemd-vconsole-setup
+/systemd-veritysetup
+/systemd-veritysetup-generator
 /systemd-volatile-root
 /tags
 /test-acd