Skip to content

Implement dmverity functionality#9

Draft
aadhar-agarwal wants to merge 1 commit intomainfrom
aadagarwal/add-dmverity-support
Draft

Implement dmverity functionality#9
aadhar-agarwal wants to merge 1 commit intomainfrom
aadagarwal/add-dmverity-support

Conversation

@aadhar-agarwal
Copy link
Owner

@aadhar-agarwal aadhar-agarwal commented Sep 30, 2025
edited
Loading

Add dm-verity Support to containerd

This PR introduces initial dm-verity support for image layer integrity verification in containerd. Key changes include:

  • New internal/dmverity package:

    • Provides Linux-only helpers to format, open, and close dm-verity devices via veritysetup.
    • Includes validation, metadata parsing, and utility functions for managing dm-verity parameters.

  • Linux implementation (dmverity_linux.go):

    • Wraps veritysetup CLI commands with configurable options.
    • Adds device and module checks (dm_verity kernel module, veritysetup availability).
    • Handles root hash extraction and device management.

  • Non-Linux stub (dmverity_other.go):

    • Returns unsupported errors for non-Linux platforms.

  • CI workflow update:

    • Loads dm-verity kernel module and verifies veritysetup version for CI tests.

@aadhar-agarwal aadhar-agarwal force-pushed the aadagarwal/add-dmverity-support branch from 8abd06b to 107a5f6 Compare October 1, 2025 00:04
jiria
jiria reviewed Oct 15, 2025
View reviewed changes
liunan-ms
liunan-ms reviewed Oct 15, 2025
View reviewed changes
liunan-ms
liunan-ms reviewed Oct 15, 2025
View reviewed changes
@aadhar-agarwal aadhar-agarwal force-pushed the aadagarwal/add-dmverity-support branch 2 times, most recently from 247783b to 15fc5e6 Compare October 27, 2025 17:13
@aadhar-agarwal aadhar-agarwal force-pushed the aadagarwal/add-dmverity-support branch 3 times, most recently from d7e0f55 to 0c87f5a Compare October 30, 2025 21:27
@aadhar-agarwal
Implement dmverity functionality using veritysetup
0f2e702 
Signed-off-by: Aadhar Agarwal <aadagarwal@microsoft.com>
@aadhar-agarwal aadhar-agarwal force-pushed the aadagarwal/add-dmverity-support branch from 0c87f5a to 0f2e702 Compare November 5, 2025 22:42
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

2 more reviewers

@jiria jiria jiria left review comments

@liunan-ms liunan-ms liunan-ms left review comments

Reviewers whose approvals may not affect merge requirements

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@aadhar-agarwal @jiria @liunan-ms