From mboxrd@z Thu Jan 1 00:00:00 1970 Delivery-date: Wed, 21 Jan 2026 09:08:32 +0100 Received: from metis.whiteo.stw.pengutronix.de ([2a0a:edc0:2:b01:1d::104]) by lore.white.stw.pengutronix.de with esmtps (TLS1.3) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (Exim 4.96) (envelope-from ) id 1viTGS-003gy9-1j for lore@lore.pengutronix.de; Wed, 21 Jan 2026 09:08:32 +0100 Received: from localhost ([127.0.0.1] helo=metis.whiteo.stw.pengutronix.de) by metis.whiteo.stw.pengutronix.de with esmtp (Exim 4.92) (envelope-from ) id 1viTGR-0008Jv-Ns; Wed, 21 Jan 2026 09:08:31 +0100 Received: from drehscheibe.grey.stw.pengutronix.de ([2a0a:edc0:0:c01:1d::a2]) by metis.whiteo.stw.pengutronix.de with esmtps (TLS1.3:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.92) (envelope-from ) id 1viTGH-0007xh-VP; Wed, 21 Jan 2026 09:08:21 +0100 Received: from dude05.red.stw.pengutronix.de ([2a0a:edc0:0:1101:1d::54]) by drehscheibe.grey.stw.pengutronix.de with esmtps (TLS1.3) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (Exim 4.96) (envelope-from ) id 1viTGI-001iR9-1D; Wed, 21 Jan 2026 09:08:21 +0100 Received: from localhost ([::1] helo=dude05.red.stw.pengutronix.de) by dude05.red.stw.pengutronix.de with esmtp (Exim 4.98.2) (envelope-from ) id 1viTGI-0000000HEBt-1EPQ; Wed, 21 Jan 2026 09:08:21 +0100 From: Ahmad Fatoum To: distrokit@pengutronix.de Date: Wed, 21 Jan 2026 09:06:58 +0100 Message-ID: <20260121080813.4099332-6-a.fatoum@pengutronix.de> X-Mailer: git-send-email 2.47.3 In-Reply-To: <20260121080813.4099332-1-a.fatoum@pengutronix.de> References: <20260121080813.4099332-1-a.fatoum@pengutronix.de> MIME-Version: 1.0 Content-Transfer-Encoding: 8bit Subject: [DistroKit] [PATCH 5/8] barebox: enable bootloader dm-verity support X-BeenThere: distrokit@pengutronix.de X-Mailman-Version: 2.1.29 Precedence: list List-Id: DistroKit Mailinglist List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: Ahmad Fatoum Sender: "DistroKit" X-SA-Exim-Connect-IP: 127.0.0.1 X-SA-Exim-Mail-From: distrokit-bounces@pengutronix.de X-SA-Exim-Scanned: No (on metis.whiteo.stw.pengutronix.de); SAEximRunCond expanded to false To make it easier to evaluate this new feature, enable it in in the barebox config, even if we do not make use of it yet. Compared to FIT images, the benefit of dm-verity directly in barebox would be that we do not need to change our current partitioning and can continue to place the kernel, device tree and initrd into a file system and arguable reducing the attack surface at the same time, because the block-sized hashing is simpler than the FIT image parsing. It would also be more straight forward to optimize for boot time, as barebox could do better prefetching, albeit that's not yet implemented. Signed-off-by: Ahmad Fatoum --- configs/platform-v7a/barebox.config | 6 +++++- configs/platform-v8a/barebox.config | 6 +++++- 2 files changed, 10 insertions(+), 2 deletions(-) diff --git a/configs/platform-v7a/barebox.config b/configs/platform-v7a/barebox.config index 7aea542738bc..9a1e6aa1383e 100644 --- a/configs/platform-v7a/barebox.config +++ b/configs/platform-v7a/barebox.config @@ -518,9 +518,11 @@ CONFIG_CMD_AUTOMOUNT=y CONFIG_CMD_MOUNT=y # CONFIG_CMD_FINDMNT is not set CONFIG_CMD_PARTED=y +CONFIG_CMD_DMSETUP=y CONFIG_CMD_UBI=y CONFIG_CMD_UBIFORMAT=y CONFIG_CMD_UMOUNT=y +CONFIG_CMD_VERITYSETUP=y # end of Partition # @@ -906,7 +908,9 @@ CONFIG_MTD_UBI_FASTMAP=y CONFIG_DISK=y CONFIG_DISK_IDE_SFF=y CONFIG_DISK_WRITE=y -# CONFIG_DM_BLK is not set +CONFIG_DM_BLK=y +CONFIG_DM_BLK_LINEAR=y +CONFIG_DM_BLK_VERITY=y # # drive types diff --git a/configs/platform-v8a/barebox.config b/configs/platform-v8a/barebox.config index 8478c7991138..efe1d73c6dc7 100644 --- a/configs/platform-v8a/barebox.config +++ b/configs/platform-v8a/barebox.config @@ -442,7 +442,9 @@ CONFIG_CMD_AUTOMOUNT=y CONFIG_CMD_MOUNT=y # CONFIG_CMD_FINDMNT is not set CONFIG_CMD_PARTED=y +CONFIG_CMD_DMSETUP=y CONFIG_CMD_UMOUNT=y +CONFIG_CMD_VERITYSETUP=y # end of Partition # @@ -791,7 +793,9 @@ CONFIG_MTD_SPI_NOR_USE_4K_SECTORS=y # CONFIG_MTD_UBI is not set CONFIG_DISK=y CONFIG_DISK_WRITE=y -# CONFIG_DM_BLK is not set +CONFIG_DM_BLK=y +CONFIG_DM_BLK_LINEAR=y +CONFIG_DM_BLK_VERITY=y # # drive types -- 2.47.3