Enable dm-verity in the kernel-uvm (#5603)
Enable dm-verity for use in the kernel-uvm. This allows confidential containers to validate the UVM and protect container image layers.
This commit is contained in:
Dallas Delaney
GitHub
Родитель
90abe4a10b
Коммит
55a103658a
|
|
@ -715,6 +715,7 @@ CONFIG_EFI_PARTITION=y
|
|||
|
||||
CONFIG_BLK_MQ_PCI=y
|
||||
CONFIG_BLK_MQ_VIRTIO=y
|
||||
CONFIG_BLOCK_HOLDER_DEPRECATED=y
|
||||
|
||||
#
|
||||
# IO Schedulers
|
||||
|
|
@ -1614,7 +1615,38 @@ CONFIG_SCSI_VIRTIO=y
|
|||
# end of SCSI device support
|
||||
|
||||
# CONFIG_ATA is not set
|
||||
# CONFIG_MD is not set
|
||||
CONFIG_MD=y
|
||||
# CONFIG_BLK_DEV_MD is not set
|
||||
# CONFIG_BCACHE is not set
|
||||
CONFIG_BLK_DEV_DM_BUILTIN=y
|
||||
CONFIG_BLK_DEV_DM=y
|
||||
# CONFIG_DM_DEBUG is not set
|
||||
CONFIG_DM_BUFIO=y
|
||||
# CONFIG_DM_DEBUG_BLOCK_MANAGER_LOCKING is not set
|
||||
# CONFIG_DM_UNSTRIPED is not set
|
||||
# CONFIG_DM_CRYPT is not set
|
||||
# CONFIG_DM_SNAPSHOT is not set
|
||||
# CONFIG_DM_THIN_PROVISIONING is not set
|
||||
# CONFIG_DM_CACHE is not set
|
||||
# CONFIG_DM_WRITECACHE is not set
|
||||
# CONFIG_DM_EBS is not set
|
||||
# CONFIG_DM_ERA is not set
|
||||
# CONFIG_DM_CLONE is not set
|
||||
# CONFIG_DM_MIRROR is not set
|
||||
# CONFIG_DM_RAID is not set
|
||||
# CONFIG_DM_ZERO is not set
|
||||
# CONFIG_DM_MULTIPATH is not set
|
||||
# CONFIG_DM_DELAY is not set
|
||||
# CONFIG_DM_DUST is not set
|
||||
# CONFIG_DM_INIT is not set
|
||||
# CONFIG_DM_UEVENT is not set
|
||||
# CONFIG_DM_FLAKEY is not set
|
||||
CONFIG_DM_VERITY=y
|
||||
# CONFIG_DM_VERITY_VERIFY_ROOTHASH_SIG is not set
|
||||
# CONFIG_DM_VERITY_FEC is not set
|
||||
# CONFIG_DM_SWITCH is not set
|
||||
# CONFIG_DM_LOG_WRITES is not set
|
||||
# CONFIG_DM_INTEGRITY is not set
|
||||
# CONFIG_TARGET_CORE is not set
|
||||
# CONFIG_FUSION is not set
|
||||
|
||||
|
|
|
|||
|
|
@ -1,6 +1,6 @@
|
|||
{
|
||||
"Signatures": {
|
||||
"config": "4fefd9d2780626379cd57efdb51e4fb75c46367ac9d2992a0fcc19b331fa0ab9",
|
||||
"config": "e0318bccd7ce6f2a729d06098e4ab14e7edb9de1c5ad034f3cec10d88cb9ef30",
|
||||
"kernel-mshv-5.15.110.mshv2.tar.gz": "380928fa07ff5007734898f111ad95282db29052726017088259a6314f77ab78"
|
||||
}
|
||||
}
|
||||
|
|
|
|||
|
|
@ -11,7 +11,7 @@
|
|||
Summary: Linux Kernel for Kata UVM
|
||||
Name: kernel-uvm
|
||||
Version: 5.15.110.mshv2
|
||||
Release: 1%{?dist}
|
||||
Release: 2%{?dist}
|
||||
License: GPLv2
|
||||
Vendor: Microsoft Corporation
|
||||
Distribution: Mariner
|
||||
|
|
@ -154,6 +154,9 @@ find %{buildroot}/lib/modules -name '*.ko' -exec chmod u+x {} +
|
|||
%{_prefix}/src/linux-headers-%{uname_r}
|
||||
|
||||
%changelog
|
||||
* Wed May 31 2023 Dallas Delaney <dadelan@microsoft.com> - 5.15.110.mshv2-2
|
||||
- Enable dm-verity
|
||||
|
||||
* Fri May 12 2023 Saul Paredes <saulparedes@microsoft.com> - 5.15.110.mshv2-1
|
||||
- Update to v5.15.110.mshv2
|
||||
|
||||
|
|
|
|||
Загрузка…
Ссылка в новой задаче