On 2025/8/29 00:44, Askar Safin wrote:
---- On Wed, 27 Aug 2025 13:58:02 +0400 Gao Xiang <hsiangkao@xxxxxxxxxxxxxxxxx> wrote --- > The additional cpio extraction destroys bit-for-bit identical data > protection, or some other new verification approach is needed for > initramfs tmpfs. Put erofs to initramfs and sign whole thing. Also: initramfs's are concatenatable. So, you can put erofs to cpio and sign the result. And then concatenate that cpio with another cpio (with init). Also, you can put erofs to cpio, then sign this thing, and then add init to kernel built-in cpio (via INITRAMFS_SOURCE).
Which part of the running system check the cpio signature. Why users need some cpio format (which even cannot be random accessed) since it already contains a real filesystem, also which part check the signature of `init` itself before `init` runs? IOWs, why `init` in cpio can be trusted to run? Why users need to extract the whole cpio to tmpfs just for some data part in the erofs? even some data is never used? Why the initrd memory cannot be used directly as the dax filesystem instead of copying to tmpfs instead? Thanks, Gao Xiang
