diff options
| author | Daan De Meyer <daan.j.demeyer@gmail.com> | 2022-09-11 10:49:24 +0200 |
|---|---|---|
| committer | Daan De Meyer <daan.j.demeyer@gmail.com> | 2022-09-23 16:15:37 +0200 |
| commit | b456191d3cfd1fa6b6ae1c473d71d9931849d3bc (patch) | |
| tree | e8b82b0f3ea2aad9d5d928e4e84b4d5af4ebb261 /man/repart.d.xml | |
| parent | 8939d3351d8d03ff84a3c509af4c82920b1bc4d4 (diff) | |
| download | systemd-b456191d3cfd1fa6b6ae1c473d71d9931849d3bc.tar.gz | |
repart: Add support for generating verity sig partitions
Diffstat (limited to 'man/repart.d.xml')
| -rw-r--r-- | man/repart.d.xml | 26 |
1 files changed, 15 insertions, 11 deletions
diff --git a/man/repart.d.xml b/man/repart.d.xml index 280ce6b8ea..eec48fb569 100644 --- a/man/repart.d.xml +++ b/man/repart.d.xml @@ -583,17 +583,21 @@ <varlistentry> <term><varname>Verity=</varname></term> - <listitem><para>Takes one of <literal>off</literal>, <literal>data</literal> or - <literal>hash</literal>. Defaults to <literal>off</literal>. If set to <literal>off</literal> or - <literal>data</literal>, the partition is populated with content as specified by - <varname>CopyBlocks=</varname> or <varname>CopyFiles=</varname>. If set to <literal>hash</literal>, - the partition will be populated with verity hashes from a matching verity data partition. A matching - data partition is a partition with <varname>Verity=</varname> set to <literal>data</literal> and the - same verity match key (as configured with <varname>VerityMatchKey=</varname>). If not explicitly - configured, the data partition's UUID will be set to the first 128 bits of the verity root hash. - Similarly, if not configured, the hash partition's UUID will be set to the final 128 bits of the - verity root hash. The verity root hash itself will be included in the output of - <command>systemd-repart</command>.</para> + <listitem><para>Takes one of <literal>off</literal>, <literal>data</literal>, + <literal>hash</literal> or <literal>signature</literal>. Defaults to <literal>off</literal>. If set + to <literal>off</literal> or <literal>data</literal>, the partition is populated with content as + specified by <varname>CopyBlocks=</varname> or <varname>CopyFiles=</varname>. If set to + <literal>hash</literal>, the partition will be populated with verity hashes from the matching verity + data partition. If set to <literal>signature</literal>, The partition will be populated with a JSON + object containing a signature of the verity root hash of the matching verity hash partition.</para> + + <para>A matching verity partition is a partition with the same verity match key (as configured with + <varname>VerityMatchKey=</varname>).</para> + + <para>If not explicitly configured, the data partition's UUID will be set to the first 128 + bits of the verity root hash. Similarly, if not configured, the hash partition's UUID will be set to + the final 128 bits of the verity root hash. The verity root hash itself will be included in the + output of <command>systemd-repart</command>.</para> <para>This option has no effect if the partition already exists.</para> |