colbyt writes: > This series changes the app VM and net VM root images to boot through > dm-verity, then enables IPE kernel support for the sub-VMs and the > Spectrum host rootfs. > > Each sub-VM disk now has a verity metadata partition and an EROFS root > partition. The build installs the root hash next to the disk image, and > the VM boot paths pass that hash to a shared initramfs. The initramfs > uses the hash to find both partitions, opens /dev/mapper/root-verity, and > switches into it read-only. > > The last two patches only enable kernel support for IPE. They do not > install an IPE policy. With the existing generated kernel config, > enabling SECURITY_IPE also enables the dm-verity root-hash provider, so > later policy work can match files from verified roots. Would you mind explaining your motivation / the direction you envisage here in a bit more detail? Given that the VM gets its root file system and the corresponding verity hash from the same place (the host file system), there's no immediate security benefit from using dm-verity, right? Is the idea rather to enable some sort of cool IPE thing for which dm-verity is a requirement, but that's not implemented yet as part of this series? (I really appreciate the quality of your patches BTW — you've obviously gone to some effort to identify and follow all the tiny little conventions we have in the codebase. Thank you!)