Enable support for dm-verity based on root hash
configname: CONFIG_IPE_PROP_DM_VERITY
Linux Kernel Configuration
└─>Security options
└─>Integrity Policy Enforcement (IPE)
└─>IPE Trust Providers
└─>Enable support for dm-verity based on root hash
In linux kernel since version 6.1.112 (release Date: 2024-09-30)
This option enables the 'dmverity_roothash' property within IPE
policies. The property evaluates to TRUE when a file from a dm-verity
volume is evaluated, and the volume's root hash matches the value
supplied in the policy.
policies. The property evaluates to TRUE when a file from a dm-verity
volume is evaluated, and the volume's root hash matches the value
supplied in the policy.