Kernel 4.14: Using dm-verity with squashfs rootfs - mounting issue
pintu.ping at gmail.com
Mon Aug 30 12:25:19 EDT 2021
On Wed, 21 Jul 2021 at 22:59, Pintu Agarwal <pintu.ping at gmail.com> wrote:
> On Wed, 21 Jul 2021 at 22:40, Mikulas Patocka <mpatocka at redhat.com> wrote:
> > > >
> > > > Try to set up dm-verity with block size 512 bytes.
> > > >
> > > > I don't know what block size does squashfs use, but if the filesystem
> > > > block size is smaller than dm-verity block size, it doesn't work.
> > > >
> > > Okay thank you so much for this clue,
> > > It seems we are using 65536 as the squashfs block size:
> > 65536 is the compression block size - it is unrelated to I/O block size.
> > There's a config option SQUASHFS_4K_DEVBLK_SIZE. The documentation says
> > that it uses by default 1K block size and if you enable this option, it
> > uses 4K block size.
> Okay it seems this config is set in our case:
> So, with this the squashfs and dm-verity block size exactly matches (4K)
> > So, try to set it. Or try to reduce dm-verity block size down to 1K.
Sorry for coming back to this again..
Unfortunately, none of the options is working for us with squashfs
initramfs have different kinds of challenges because of the partition
So, our preferred option is still the bootloader command line approach..
Is there a proven and working solution of dm-verity with squashfs ?
If yes, please share some references.
The current problem with squashfs is that we could not append the
verity-metadata to squashfs, so we store it on a separate volume and
By specifying it like : /dev/mtdblock53
Then we get the error like this:
[ 4.950276] device-mapper: init: attempting early device configuration.
[ 4.957577] device-mapper: init: adding target '0 95384 verity 1
/dev/ubiblock0_0 /dev/mtdblock53 4096 4096 11923 8 sha256
restart_on_corruption ignore_zero_blocks use_fec_from_device
/dev/mtdblock53 fec_roots 2 fec_blocks 12026 fec_start 12026'
[ 4.975283] device-mapper: verity: sha256 using implementation
[ 4.998728] device-mapper: init: dm-0 is ready
[ 5.614498] 1f35 1736 mtdblock53
[ 5.614502] (driver?)
[ 5.621098] fc00 61504 ubiblock0_0
[ 5.621102] (driver?)
[ 5.627661] fd00 47692 dm-0
[ 5.627665] (driver?)
[ 5.633663] No filesystem could mount root, tried:
[ 5.633667] squashfs
[ 5.643215] Kernel panic - not syncing: VFS: Unable to mount root
fs on unknown-block(253,0)
Do you see any other problem here with dm-verity cmdline or with squashfs ?
Is squashfs ever proved to be working with dm-verity on higher kernel version ?
Currently our kernel version is 4.14.
Or, another option is to use the new concept from 5.1 kernel that is:
dm-mod.create = ?
But, currently I don't know how to use it with squashfs either...
Any reference example will be helpful..
More information about the Kernelnewbies