|
|
|
|
|
|
by jcalvinowens
626 days ago
|
|
|
I use a read-only squashfs rootfs on top of dm-verity to get a trusted userspace. The initramfs is a 50 line shell script which calls veritysetup with the known root hash, and is itself part of the signed boot image. Only /var is writable. |
|
|