Merge: redhat/dracut-virt.conf: add systemd-veritysetup module

swvrrh · swvrrh · commit e1cd63b79a79 · 2024-08-02T10:38:27.000-04:00
MR: https://gitlab.com/redhat/centos-stream/src/kernel/centos-stream-9/-/merge_requests/4604 ``` JIRA: https://issues.redhat.com/browse/RHEL-45168 Upstream Status: RHEL-Only This module, together with a specific kernel cmdline and separate partition containing the verification hash produced by veritysetup, enables root disk integrity protection for UKIs. Signed-off-by: Emanuele Giuseppe Esposito <eesposit@redhat.com> ``` Approved-by: Snir <ssheribe@redhat.com> Approved-by: Vitaly Kuznetsov <vkuznets@redhat.com> Approved-by: Jarod Wilson <jarod@redhat.com> Approved-by: CKI KWF Bot <cki-ci-bot+kwf-gitlab-com@redhat.com> Merged-by: Scott Weaver <scweaver@redhat.com>
diff --git a/redhat/dracut-virt.conf b/redhat/dracut-virt.conf
@@ -17,6 +17,9 @@ dracutmodules+=" crypt crypt-loop tpm2-tss "
 # WALinuxagent-cvm with CVM specific udev rules
 dracutmodules+=" walinuxagentcvm "
 
+# modules: root disk integrity protection
+dracutmodules+=" systemd-veritysetup "
+
 # drivers: virtual buses, pci
 drivers+=" virtio-pci virtio-mmio "      # qemu-kvm
 drivers+=" hv-vmbus pci-hyperv "         # hyperv
@@ -31,6 +34,9 @@ drivers+=" xen-blkfront "                # xen
 # root encryption
 drivers+=" dm_crypt "
 
+# root disk integrity protection
+drivers+=" dm_verity overlay "
+
 # filesystems
 filesystems+=" vfat ext4 xfs overlay "
 
