redhat/dracut-virt.conf: add systemd-veritysetup module

JIRA: https://issues.redhat.com/browse/RHEL-45168
Upstream Status: RHEL-Only

This driver, together with a specific kernel cmdline and separate partition
containing the verification hash produced by veritysetup, enables
root disk integrity protection for UKIs.

Also add the overlay driver to allow systemd.volatile=overlay to mount
an overlayfs on top of /. This will make the root disk again
writable, but all changes will be ephemeral.

Signed-off-by: Emanuele Giuseppe Esposito <eesposit@redhat.com>

Author: esposem

redhat/dracut-virt.conf

@@ -17,6 +17,9 @@ dracutmodules+=" crypt crypt-loop tpm2-tss "
 # WALinuxagent-cvm with CVM specific udev rules
 dracutmodules+=" walinuxagentcvm "
 
+# modules: root disk integrity protection
+dracutmodules+=" systemd-veritysetup "
+
 # drivers: virtual buses, pci
 drivers+=" virtio-pci virtio-mmio "      # qemu-kvm
 drivers+=" hv-vmbus pci-hyperv "         # hyperv
@@ -31,6 +34,9 @@ drivers+=" xen-blkfront "                # xen
 # root encryption
 drivers+=" dm_crypt "
 
+# root disk integrity protection
+drivers+=" dm_verity overlay "
+
 # filesystems
 filesystems+=" vfat ext4 xfs overlay "