From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from mx1.redhat.com (ext-mx01.extmail.prod.ext.phx2.redhat.com [10.5.110.25]) by smtp.corp.redhat.com (Postfix) with ESMTPS id 901995D704 for ; Thu, 21 Feb 2019 22:43:06 +0000 (UTC) Received: from mail-ua1-f65.google.com (mail-ua1-f65.google.com [209.85.222.65]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by mx1.redhat.com (Postfix) with ESMTPS id EDF3D81F10 for ; Thu, 21 Feb 2019 22:43:03 +0000 (UTC) Received: by mail-ua1-f65.google.com with SMTP id z24so226328ual.8 for ; Thu, 21 Feb 2019 14:43:03 -0800 (PST) Received: from mail-vk1-f180.google.com (mail-vk1-f180.google.com. [209.85.221.180]) by smtp.gmail.com with ESMTPSA id c63sm38534vke.16.2019.02.21.14.43.00 for (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Thu, 21 Feb 2019 14:43:00 -0800 (PST) Received: by mail-vk1-f180.google.com with SMTP id 89so65093vkq.7 for ; Thu, 21 Feb 2019 14:43:00 -0800 (PST) MIME-Version: 1.0 References: <20190221203334.24504-1-helen.koike@collabora.com> In-Reply-To: <20190221203334.24504-1-helen.koike@collabora.com> From: Kees Cook Date: Thu, 21 Feb 2019 14:42:47 -0800 Message-ID: Subject: Re: [linux-lvm] [PATCH v12] dm: add support to directly boot to a mapped device Reply-To: LVM general discussion and development List-Id: LVM general discussion and development List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , List-Id: Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit To: Helen Koike Cc: Will Drewry , Mike Snitzer , "open list:DOCUMENTATION" , richard -rw- weinberger , LKML , device-mapper development , linux-lvm@redhat.com, Enric Balletbo i Serra , kernel@collabora.com, Alasdair G Kergon On Thu, Feb 21, 2019 at 12:33 PM Helen Koike wrote: > > Add a "create" module parameter, which allows device-mapper targets to be > configured at boot time. This enables early use of dm targets in the boot > process (as the root device or otherwise) without the need of an initramfs. > > The syntax used in the boot param is based on the concise format from the > dmsetup tool to follow the rule of least surprise: > > sudo dmsetup table --concise /dev/mapper/lroot > > Which is: > dm-mod.create=,,,,[,

+][;,,,,

+]+] > > Where, > ::= The device name. > ::= xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx | "" > ::= The device minor number | "" > ::= "ro" | "rw" >

::= > ::= "verity" | "linear" | ... > > For example, the following could be added in the boot parameters: > dm-mod.create="lroot,,,rw, 0 4096 linear 98:16 0, 4096 4096 linear 98:32 0" root=/dev/dm-0 > > Only the targets that were tested are allowed and the ones that doesn't > change any block device when the dm is create as read-only. For example, > mirror and cache targets are not allowed. The rationale behind this is > that if the user makes a mistake, choosing the wrong device to be the > mirror or the cache can corrupt data. > > The only targets allowed are: > * crypt > * delay > * linear > * snapshot-origin > * striped > * verity > > Co-developed-by: Will Drewry > Co-developed-by: Kees Cook > Co-developed-by: Enric Balletbo i Serra > Signed-off-by: Helen Koike Thanks! This appears to have everything Chrome OS needs. I've asked a few other folks to look at it too. Reviewed-by: Kees Cook -- Kees Cook