dm-verity

There seems to be a lot of confusion and misinformation about what dm-verity actually does in this thread.

Of these, is the main root filesystem which is mounted read only and protected with dm-verity device mapping.

Chrome OS and Android devices that use dm-verity already do this (albeit for read only), so that's hard to believe...

As just one example, dm-verity was merged into the mainline kernel 13 years ago.

This all would be signed using Secure boot and after the fact using dm-verity.

Any word if these kernel updates will support EFI secure-boot or dm-verity [0]?

Long-time users interested in hardening should definitely look into SELinux, seccomp, namespaces, dm-verity, and their associated utilities.

It’s possible to either disable dm-verity in the kernel, or to set it up to use your own keys to authenticate the system hash.

You'll need additional technologies for that like dm-verity or fs-verity; see composefs.

NixOS is used for declarative and more importantly deterministic OS state and runtime environment, layered with dm-verity to prevent tampering of the Nix store.

Failing kernel-level code signature enforcement, the next best step is to have a dm-verity volume as your root partition, with the dm-verity hashes in the initrd within the UKI, and that UKI being signed with secure boot.

Interestingly the confer image on GitHub doesn’t seem to include in the attestation the model weights (they seem loaded from a mounted ext4 disk without dm-verity).

I meant "just use dm-verity" as in "don't do full disk encryption"...

Try the latest Gnome OS nightly ISO in a VM -- you'll see that they've (largely) implemented the partition scheme suggested in ParticleOS: root on btrfs, two partitions for /usr backed by dm-verity, new /usr images delivered using "systemd-sysupdate".