[{"id":3688682,"web_url":"http://patchwork.ozlabs.org/comment/3688682/","msgid":"<20260508185747.GC1858239@bill-the-cat>","list_archive_url":null,"date":"2026-05-08T18:57:47","subject":"Re: [PATCH v3 0/7] fit: dm-verity support","submitter":{"id":65875,"url":"http://patchwork.ozlabs.org/api/people/65875/","name":"Tom Rini","email":"trini@konsulko.com"},"content":"On Thu, May 07, 2026 at 05:40:15PM +0100, Daniel Golle wrote:\n\n> This series adds dm-verity support to U-Boot's FIT image infrastructure.\n> It is the first logical subset of the larger OpenWrt boot method series\n> posted as an RFC in February 2026 [1], extracted here for independent\n> review and merging.\n> \n> OpenWrt's firmware model embeds a read-only squashfs or erofs root\n> filesystem directly inside a uImage.FIT container as a FILESYSTEM-type\n> loadable FIT image. At boot the kernel maps this sub-image directly from\n> the underlying block device via the fitblk driver (/dev/fit0, /dev/fit1,\n> ...), the goal is that the bootloader never even copies it to RAM.\n> \n> dm-verity enables the kernel to verify the integrity of those mapped\n> filesystems at read time, with a Merkle hash tree stored contiguously in\n> the same sub-image just after the data. Two kernel command-line\n> parameters are required:\n> \n>   dm-mod.create=   -- the device-mapper target table for the verity device\n>   dm-mod.waitfor=  -- a comma-separated list of block devices to wait for\n>                       before dm-init sets up the targets (needed when fitblk\n>                       probes late, e.g. because it depends on NVMEM\n>                       calibration data)\n> \n> The FIT dm-verity node schema was upstreamed into the flat-image-tree\n> specification [2], which this implementation tries to follow exactly.\n> \n> The runtime feature is guarded behind CONFIG_FIT_VERITY. If not\n> enabled the resulting binary size remains unchanged. If enabled the\n> binary size increases by about 3kB.\n\nSo one thing is that sandbox needs to enable this, so that CI can run\nthe tests (and we can see the tests run, and there's no new warnings,\netc). That can be a follow-up and not a full respin, pending other\nfeedback.","headers":{"Return-Path":"<u-boot-bounces@lists.denx.de>","X-Original-To":"incoming@patchwork.ozlabs.org","Delivered-To":"patchwork-incoming@legolas.ozlabs.org","Authentication-Results":["legolas.ozlabs.org;\n\tdkim=pass (1024-bit key;\n unprotected) header.d=konsulko.com header.i=@konsulko.com header.a=rsa-sha256\n header.s=google header.b=FCm5+cSE;\n\tdkim-atps=neutral","legolas.ozlabs.org;\n spf=pass (sender SPF authorized) smtp.mailfrom=lists.denx.de\n (client-ip=2a01:238:438b:c500:173d:9f52:ddab:ee01; helo=phobos.denx.de;\n envelope-from=u-boot-bounces@lists.denx.de; receiver=patchwork.ozlabs.org)","phobos.denx.de;\n dmarc=pass (p=none dis=none) header.from=konsulko.com","phobos.denx.de;\n spf=pass smtp.mailfrom=u-boot-bounces@lists.denx.de","phobos.denx.de;\n\tdkim=pass (1024-bit key;\n unprotected) header.d=konsulko.com header.i=@konsulko.com\n header.b=\"FCm5+cSE\";\n\tdkim-atps=neutral","phobos.denx.de;\n dmarc=pass (p=none dis=none) header.from=konsulko.com","phobos.denx.de;\n spf=pass smtp.mailfrom=trini@konsulko.com"],"Received":["from phobos.denx.de (phobos.denx.de\n [IPv6:2a01:238:438b:c500:173d:9f52:ddab:ee01])\n\t(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)\n\t key-exchange x25519)\n\t(No client certificate requested)\n\tby legolas.ozlabs.org (Postfix) with ESMTPS id 4gBz07508Bz1yKd\n\tfor <incoming@patchwork.ozlabs.org>; Sat, 09 May 2026 04:57:59 +1000 (AEST)","from h2850616.stratoserver.net (localhost [IPv6:::1])\n\tby phobos.denx.de (Postfix) with ESMTP id E2FB884DC3;\n\tFri,  8 May 2026 20:57:56 +0200 (CEST)","by phobos.denx.de (Postfix, from userid 109)\n id 90A8584DD6; Fri,  8 May 2026 20:57:55 +0200 (CEST)","from mail-oa1-x2e.google.com (mail-oa1-x2e.google.com\n [IPv6:2001:4860:4864:20::2e])\n (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits))\n (No client certificate requested)\n by phobos.denx.de (Postfix) with ESMTPS id D553D84D1B\n for <u-boot@lists.denx.de>; Fri,  8 May 2026 20:57:52 +0200 (CEST)","by mail-oa1-x2e.google.com with SMTP id\n 586e51a60fabf-434e69e943bso1815491fac.3\n for <u-boot@lists.denx.de>; Fri, 08 May 2026 11:57:52 -0700 (PDT)","from bill-the-cat (fixed-189-203-106-235.totalplay.net.\n [189.203.106.235]) by smtp.gmail.com with ESMTPSA id\n 586e51a60fabf-435570ad8f4sm2427396fac.4.2026.05.08.11.57.48\n (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);\n Fri, 08 May 2026 11:57:50 -0700 (PDT)"],"X-Spam-Checker-Version":"SpamAssassin 3.4.2 (2018-09-13) on phobos.denx.de","X-Spam-Level":"","X-Spam-Status":"No, score=-2.1 required=5.0 tests=BAYES_00,DKIM_SIGNED,\n DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,RCVD_IN_DNSWL_BLOCKED,\n SPF_HELO_NONE,SPF_PASS autolearn=ham autolearn_force=no version=3.4.2","DKIM-Signature":"v=1; a=rsa-sha256; c=relaxed/relaxed;\n d=konsulko.com; s=google; t=1778266671; x=1778871471; darn=lists.denx.de;\n h=in-reply-to:content-disposition:mime-version:references:message-id\n :subject:cc:to:from:date:from:to:cc:subject:date:message-id:reply-to;\n bh=N6hq6jRph7nH/lCl4n9NaRxHNUrepy7nifySleLLGdU=;\n b=FCm5+cSEyfv7gU11PzR/DVD9nfGR+PSczTNYg8KfAYF5XPe2o2ojRBDE/B+8RGOd3S\n bAKEVkMS5ngjeHcFtVPixyZwpAtTDNCyeJJDl68R0J7fXFt5ph2PMiPa8A0e+bfIqiZx\n 4nADwXG9Q57zWIlVI1gzXUsIY/4QGhJcWv6G0=","X-Google-DKIM-Signature":"v=1; a=rsa-sha256; c=relaxed/relaxed;\n d=1e100.net; s=20251104; t=1778266671; x=1778871471;\n h=in-reply-to:content-disposition:mime-version:references:message-id\n :subject:cc:to:from:date:x-gm-gg:x-gm-message-state:from:to:cc\n :subject:date:message-id:reply-to;\n bh=N6hq6jRph7nH/lCl4n9NaRxHNUrepy7nifySleLLGdU=;\n b=LaslkV4F4yWA8bDXXTY8iWa5Wwvpw1xxKTapk43+jbML58azkUWI7fHXkNRKoqZ5EN\n U001bxZhLS0YYGNUd6C2Vmegtf4XsD8wiNONncooSMFtla27hbe2cNOAMTBr3aqbs3Qs\n i11PCvvrIKU2BeY6MmsypSy7ADDxA50oZxPv80FQs5V/eOSt76zVumcT9Te/AJ1EFZqE\n nbuRCNJCDfCDwG515Ojf9ABdE3fU7w+7znQdj1/WGnR6PfLGgaQ17Ftqdd178loDUccl\n MQ2tw7SdPFaUUK6SpcqbikzYlwF1CqT/k2ELzbKCnI7OnPpzpzfyvQpynZrmhaJmpd/n\n JOMA==","X-Forwarded-Encrypted":"i=1;\n AFNElJ81B05+P3FYTjasc7j3EQIFm6hh7jSTc7hCjayAAhVs37HpE72Qa/RMSnUZxOun3K+TL/vxGBs=@lists.denx.de","X-Gm-Message-State":"AOJu0Yy644xZo0DTRh8VIHn5boL90v8VfHlTkG5iknbrGfqcVfFzfmyZ\n +1WnyNv6kg8SU5Fekv5RFQu4VMT6B6U2rkBzwT+N1N72XgY6dVZ0fFVTfDDVQHxF+ZQ=","X-Gm-Gg":"AeBDievQKSOkhEpmp1S58BCI7d51z6u7Bbr6sfD8/x6b3tqY+CzfOjIhGC2qc2l0cBn\n /UdlLiKvajICrE03Kk2DC3Lo+e6DrS/7WhMP90lLbH9gztH+zwUzQrmhCp2jLz/fIk4GsxgvFqF\n 6alNAqZIHQ4X3nhOLhvzMVJmCAX7IU/TC4Jw8KSW3McqhEtbEDaOJHBSlB/pKjvoTuIfHU3bWLU\n s2NLJjwX5Q14LcdBsES8aLwy4TkEQCXomRbloYrZoN7Ni5ZuFJbHfBbg/oWK3MCvUnDC53GJkQD\n AyTL31kDOo5smGKshjyxjVzkSDgNDAXY5qZy5hAgAYYhdZywnPhc6r1WMKVhSONRs9ekXlSk+a/\n e3Cnx+XlEH+ohTKbw47kStKd33RV0kuixQ8lm/b/kk3MjQcW6vU27kHRCVimQje8pMLX0aLTYv3\n WbLMcn5XeEkt+tYXk1PaakvwcgvvVEn5UNzuqq9sgbiEni7ND+gimA6Hj9t7hxOnz2e/hvXbU1N\n 7lqrrRZ5ECLFIn9aVBv0GyIfyKQwp1F4osxn0HzCPFlyPZ6JcdyRX+Yw80Fng==","X-Received":"by 2002:a4a:ec45:0:b0:696:924c:43cc with SMTP id\n 006d021491bc7-69998d35da6mr7597852eaf.47.1778266671069;\n Fri, 08 May 2026 11:57:51 -0700 (PDT)","Date":"Fri, 8 May 2026 12:57:47 -0600","From":"Tom Rini <trini@konsulko.com>","To":"Daniel Golle <daniel@makrotopia.org>","Cc":"Simon Glass <sjg@chromium.org>, Quentin Schulz <quentin.schulz@cherry.de>,\n Kory Maincent <kory.maincent@bootlin.com>,\n Mattijs Korpershoek <mkorpershoek@kernel.org>,\n Anshul Dalal <anshuld@ti.com>, Martin Schwan <m.schwan@phytec.de>,\n Ilias Apalodimas <ilias.apalodimas@linaro.org>,\n Sughosh Ganu <sughosh.ganu@arm.com>, Benjamin ROBIN <dev@benjarobin.fr>,\n Ludwig Nussel <ludwig.nussel@siemens.com>,\n Marek Vasut <marek.vasut+renesas@mailbox.org>,\n James Hilliard <james.hilliard1@gmail.com>,\n Kunihiko Hayashi <hayashi.kunihiko@socionext.com>,\n Frank Wunderlich <frank-w@public-files.de>,\n Mayuresh Chitale <mchitale@ventanamicro.com>,\n Neil Armstrong <neil.armstrong@linaro.org>,\n Wolfgang Wallner <wolfgang.wallner@at.abb.com>,\n Shiji Yang <yangshiji66@outlook.com>,\n Aristo Chen <jj251510319013@gmail.com>, Rasmus Villemoes <ravi@prevas.dk>,\n Francois Berder <fberder@outlook.fr>, u-boot@lists.denx.de","Subject":"Re: [PATCH v3 0/7] fit: dm-verity support","Message-ID":"<20260508185747.GC1858239@bill-the-cat>","References":"<cover.1778171184.git.daniel@makrotopia.org>","MIME-Version":"1.0","Content-Type":"multipart/signed; micalg=pgp-sha512;\n protocol=\"application/pgp-signature\"; boundary=\"1UhQtqOHGY9IAtG0\"","Content-Disposition":"inline","In-Reply-To":"<cover.1778171184.git.daniel@makrotopia.org>","X-Clacks-Overhead":"GNU Terry Pratchett","X-BeenThere":"u-boot@lists.denx.de","X-Mailman-Version":"2.1.39","Precedence":"list","List-Id":"U-Boot discussion <u-boot.lists.denx.de>","List-Unsubscribe":"<https://lists.denx.de/options/u-boot>,\n <mailto:u-boot-request@lists.denx.de?subject=unsubscribe>","List-Archive":"<https://lists.denx.de/pipermail/u-boot/>","List-Post":"<mailto:u-boot@lists.denx.de>","List-Help":"<mailto:u-boot-request@lists.denx.de?subject=help>","List-Subscribe":"<https://lists.denx.de/listinfo/u-boot>,\n <mailto:u-boot-request@lists.denx.de?subject=subscribe>","Errors-To":"u-boot-bounces@lists.denx.de","Sender":"\"U-Boot\" <u-boot-bounces@lists.denx.de>","X-Virus-Scanned":"clamav-milter 0.103.8 at phobos.denx.de","X-Virus-Status":"Clean"}}]