Skip to content
GitLab
Projects Groups Snippets
  • /
  • Help
    • Help
    • Support
    • Community forum
    • Submit feedback
  • Sign in
  • M mkinitcpio-archiso
  • Project information
    • Project information
    • Activity
    • Labels
    • Members
  • Repository
    • Repository
    • Files
    • Commits
    • Branches
    • Tags
    • Graph
    • Compare
    • Locked Files
  • Issues 6
    • Issues 6
    • List
    • Boards
    • Service Desk
    • Milestones
    • Iterations
  • Merge requests 4
    • Merge requests 4
  • CI/CD
    • CI/CD
    • Pipelines
    • Jobs
    • Schedules
    • Test Cases
  • Deployments
    • Deployments
    • Releases
  • Activity
  • Graph
  • Create a new issue
  • Jobs
  • Commits
  • Issue Boards
Collapse sidebar
  • Arch LinuxArch Linux
  • Mkinitcpio
  • mkinitcpio-archiso
  • Merge requests
  • !27

Integrity verification against external source

  • Review changes

  • Download
  • Email patches
  • Plain diff
Open Tallero Tallero requested to merge tallero/mkinitcpio-archiso:integrity into master Aug 12, 2022
  • Overview 0
  • Commits 41
  • Pipelines 3
  • Changes 2

It adds support for comparing airootfs signature against a backup file eventually put on an external device, for example on an integrity dongle.

The signature file can be specified using the sigdevice kernel parameter, using the same syntax as the one for the cryptdevice parameter in the encrypt module, i.e.

sigdevice="UUID=<UUID>:<fs_type>:<file_path>"

This same feature is provided by the encrypt hook in cryptsetup-sigfile (AUR) when the root file system is encrypted because it would be pointless to verify the signature after having tried to unlock a potentially malicious image.

Notes: this branch is based on !25.

Edited Aug 12, 2022 by Tallero Tallero
Assignee
Assign to
Reviewers
Request review from
Time tracking
Source branch: integrity