lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Message-ID: <CAOuPNLhqSpaTm3u4kFsnuZ0PLDKuX8wsxuF=vUJ1TEG0EP+L1g@mail.gmail.com>
Date:   Tue, 20 Jul 2021 15:08:34 +0530
From:   Pintu Agarwal <pintu.ping@...il.com>
To:     open list <linux-kernel@...r.kernel.org>,
        Phillip Lougher <phillip@...ashfs.org.uk>,
        linux-fsdevel <linux-fsdevel@...r.kernel.org>,
        linux-mtd <linux-mtd@...ts.infradead.org>, dm-devel@...hat.com,
        Kernelnewbies <kernelnewbies@...nelnewbies.org>, agk@...hat.com,
        snitzer@...hat.com, shli@...nel.org, mpatocka@...hat.com,
        samitolvanen@...gle.com
Subject: Kernel 4.14: Using dm-verity with squashfs rootfs - mounting issue

Hi,

Our ARM32 Linux embedded system consists of these:
* Linux Kernel: 4.14
* Processor: Qualcomm Arm32 Cortex-A7
* Storage: NAND 512MB
* Platform: Simple busybox
* Filesystem: UBIFS, Squashfs
* Consists of nand raw partitions, squashfs ubi volumes.

My requirement:
We wanted to use dm-verity at boot time to check the integrity of
squashfs-rootfs before mounting.

Problem:
dm-0 is not able to locate and mount the squash fs rootfs block.
The same approach is working when emulating with ext4 but fails with squashfs.

Logs:
[....]
[    0.000000] Kernel command line: [...] verity="96160 12020
d7b8a7d0c01b9aec888930841313a81603a50a2a7be44631c4c813197a50d681 0 "
rootfstype=squashfs root=/dev/mtdblock34 ubi.mtd=30,0,30 [...]
root=/dev/dm-0 dm="system none ro,0 96160 verity 1 /dev/mtdblock34
/dev/mtdblock39 4096 4096 12020 8 sha256
d7b8a7d0c01b9aec888930841313a81603a50a2a7be44631c4c813197a50d681
aee087a5be3b982978c923f566a94613496b417f2af592639bc80d141e34dfe7"
[....]
[    4.693620] vreg_conn_pa: disa▒[    4.700662] md: Skipping
autodetection of RAID arrays. (raid=autodetect will force)
[    4.700713] device-mapper: init: attempting early device configuration.
[    4.708224] device-mapper: init: adding target '0 96160 verity 1
/dev/mtdblock34 /dev/mtdblock39 4096 4096 12020 8 sha256
d7b8a7d0c01b9aec888930841313a81603a50a2a7be44631c4c813197a50d681
aee087a5be3b982978c923f566a94613496b417f2af592639bc80d141e34dfe7'
[    4.714979] device-mapper: verity: sha256 using implementation
"sha256-generic"
[    4.737808] device-mapper: init: dm-0 is ready
[....]
[    5.278103] No filesystem could mount root, tried:
[    5.278107]  squashfs
[    5.280477]
[    5.287627] Kernel panic - not syncing: VFS: Unable to mount root
fs on unknown-block(253,0)
[...]

Not sure, why is it still locating block "253" here which seems like a
MAJOR number ?

Working logs on ext4:
[....]
[    4.529822] v▒[    4.534035] md: Skipping autodetection of RAID
arrays. (raid=autodetect will force)
[    4.534087] device-mapper: init: attempting early device configuration.
[    4.550316] device-mapper: init: adding target '0 384440 verity 1
/dev/ubiblock0_0 /dev/ubiblock0_0 4096 4096 48055 48063 sha256
a02e0c13afb31e99b999c64aae6f4644c24addbc58db5689902cc5ba0be2d15b
aee087a5be3b982978c923f566a94613496b417f2af592639bc80d141e34dfe7 10
restart_on_corruption ignore_zero_blocks use_fec_from_device
/dev/ubiblock0_0 fec_roots 2 fec_blocks 48443 fec_start 48443'
[    4.572215] device-mapper: verity: sha256 using implementation
"sha256-generic"
[    4.610692] device-mapper: init: dm-0 is ready
[    4.720174] EXT4-fs (dm-0): mounted filesystem with ordered data
mode. Opts: (null)
[    4.720438] VFS: Mounted root (ext4 filesystem) readonly on device 253:0.
[    4.737256] devtmpfs: mounted
[....]

Questions:
a) Is dm-verity supposed to work on squashfs block devices ?
b) Are there any known issues with dm-verity on Kernel 4.14 ?
c) Are there any patches that we are missing ?


Thanks,
Pintu

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ