Re: [PATCH 0/5] dm: Initial work on a device mapper

[Ahmad Fatoum <a.fatoum@pengutronix.de>]

Hi,

On 8/31/25 9:48 AM, Tobias Waldekranz wrote:
> On fre, aug 29, 2025 at 10:29, Sascha Hauer <s.hauer@pengutronix.de> wrote:
> We are sort of in the same boat. We wrap our rootfs in an FIT header,
> just because that is the only format U-Boot knows how to verify. After
> verification, we strip off the header, mount it, and then sysboot from
> it, with the kernel and DTBs in /boot on the squash.
> 
> Just shipping the fs with verity data (+ possibly FEC, in the future)
> and a signature would be _so_ much nicer.

FEC with verity indeed sounds interesting. Apparently, it can go beyond
fixing occasional bit flips on read to even recover completely lost
blocks[1].

For the latter case, someone will need to implement some "blkhealthd"
that reads regularly and fixes up bit errors in the backing device.
Would also mesh nicely with retention on the medium itself as it gives
e.g. the eMMC a chance to correct ECC on infrequently used data before
it's completely irrecoverable.

[1]:
https://android-developers.googleblog.com/2016/07/strictly-enforced-verified-boot-with.html

>> Well I am very open for adding DM and dm-verity support to barebox. We
>> would likely have done it anyway at some point, but that could have
>> taken some time.
> 
> Cool! I did a toy implementation in Python yesterday, just to convince
> myself I understood how it works, and it was actually very straight
> forward. So if this series is eventually merged, I hope to follow up
> with an implementation of dm-verity pretty quickly.

Did you consider porting dm/dm-verity from the kernel instead and
decided against it?

I imagine there's a lot that would need to be dropped/adapted, but
having the same general structure may prove useful in future when adding
new device mapper targets. I can understand though, that for dm-verity
it may turn out to be easier to reimplement the functionality (which is ok).

Cheers,
Ahmad



> 
>> Sascha
>>
>> -- 
>> Pengutronix e.K.                           |                             |
>> Steuerwalder Str. 21                       | http://www.pengutronix.de/  |
>> 31137 Hildesheim, Germany                  | Phone: +49-5121-206917-0    |
>> Amtsgericht Hildesheim, HRA 2686           | Fax:   +49-5121-206917-5555 |
> 
> 

-- 
Pengutronix e.K.                  |                             |
Steuerwalder Str. 21              | http://www.pengutronix.de/  |
31137 Hildesheim, Germany         | Phone: +49-5121-206917-0    |
Amtsgericht Hildesheim, HRA 2686  | Fax:   +49-5121-206917-5555 |