Verity root hash signature #1737

spirozzi-cap · 2025-06-18T10:18:35Z

spirozzi-cap
Jun 18, 2025

Hello, as you can guess from the title, I wanted to ask you if there is a possibility to implement the management of the root hash signature for verity bundle. In the documentation it is indicated as follows:

With this format, the manifest is contained in the CMS signature itself, making it accessible without first hashing the full squashfs. The manifest contains the additional metadata (root hash, salt and size) necessary to authenticate the hash tree and in turn each block of the squashfs filesystem.

Basically, my question is: is it possible to insert in the manifest, also the root hash signature (generated via openSSL, for example) and then pass it to the dm-verity module as a parameter during the mount phase after launch rauc install?

Currently, this is what happens if I try to install a bundle while the dm-verity driver is forced to verify the form of the root hash (dm-verity.requires_signature = true)

root@board:/home# rauc install signed_bundle.raucb
installing
0% Installing
0% Determining slot states
10% Determining slot states done.
10% Checking bundle
10% Verifying signature
20% Verifying signature done.
20% Checking bundle done.
[ 1824.950403] device-mapper: table: 253:3: verity: Root hash verification failed (-ENOKEY)
[ 1824.977227] device-mapper: ioctl: error adding target to table
20% Checking manifest contents
30% Checking manifest contents done.
100% Installing failed.
LastError: Failed mounting bundle: Failed to load dm table: Required key not available
Installing /home/signed_bundle.raucb failed

Thanks

jluebbe · 2025-06-18T12:42:07Z

jluebbe
Jun 18, 2025
Maintainer

The root hash is signed as part of the full manifest, together with the meta that is necessary to perform the installation. So adding another verity signature (loaded into the kernel before setting up dm-verity) would not add additional security, right?

In our projects, we've never had this issue as we use a signed kernel+initramfs (FIT or UKI) which contains the verity root hash of the rootfs, as we want to protect against mix & match attacks. We don't use the kernel's signature check.

Would you use a same key as the normal bundle signature to sign the root hash or a different one?

I think, adding support for creating a root-hash signature during bundle creation would ok. It would likely need a call from create_verity to somewhere in signature.c and also support PKCS#11 just like the existing signing key.

3 replies

spirozzi-cap Jun 18, 2025
Author

Hello, in my case it's not a matter of additional security.
I modified the dm-verity driver to force the use of the root hash signature for the other partitions.
So my need would be to sign the root hash with a different key than the bundle one, which I have already inserted in the kernel.

jluebbe Jun 18, 2025
Maintainer

If possible, could you explain why you want to use root hash signatures for other partitions? I'd like to understand the use-case better.

Using a separate key sounds reasonable. This could be a verity-key=PEMFILE|PKCS11-URL option to rauc bundle, similar to the existing --key option.

Would you want to implement this yourself and submit a PR? If not, we offer commercial support and development.

spirozzi-cap Jun 19, 2025
Author

Simply because I have readonly partitions that I mount at runtime, and I need to have a high level of security.

Regarding the implementation, I had thought of it this way:

in Yocto build I generate the signed root hash, and I put it in a file in /etc/rauc, for example root_hash.signed
in the RAUC source code, I implement a flag as you indicated, in which I pass it the path of the file that contains the root hash signature. As you might guess, i want to sign the root hash externally to RAUC.
then, always in the RAUC code, I implement the reading of the file and the use of the flag to pass it the signed root hash (see here the implementation of the root hash signed flag, different from the one already present in dm verity).

Do you think it could work, but above all, is it a safe solution?

Thanks

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

Verity root hash signature #1737

Uh oh!

{{title}}

Uh oh!

Uh oh!

{{editor}}'s edit

{{editor}}'s edit

Uh oh!

Replies: 1 comment 3 replies

Uh oh!

{{title}}

Uh oh!

Uh oh!

{{editor}}'s edit

{{editor}}'s edit

Uh oh!

Uh oh!

{{title}}

Uh oh!

Uh oh!

{{title}}

Uh oh!

Uh oh!

{{title}}

Uh oh!

Uh oh!

{{editor}}'s edit

{{editor}}'s edit

Uh oh!

Select a reply

Uh oh!

Verity root hash signature #1737

Uh oh!

Uh oh!

spirozzi-cap Jun 18, 2025

Replies: 1 comment · 3 replies

Uh oh!

Uh oh!

jluebbe Jun 18, 2025 Maintainer

Uh oh!

spirozzi-cap Jun 18, 2025 Author

Uh oh!

jluebbe Jun 18, 2025 Maintainer

Uh oh!

Uh oh!

spirozzi-cap Jun 19, 2025 Author

spirozzi-cap
Jun 18, 2025

Replies: 1 comment 3 replies

jluebbe
Jun 18, 2025
Maintainer

spirozzi-cap Jun 18, 2025
Author

jluebbe Jun 18, 2025
Maintainer

spirozzi-cap Jun 19, 2025
Author