Document usr-specific verity parameters

Mention 'usrhash' and 'systemd.verity_usr_*' kernel command line parameters in the man pages for veritysetup-generator and kernel-command-line
2024-07-22 02:34:54 +00:00 · 2021-11-13 13:15:17 -05:00 · 2021-11-13 13:15:17 -05:00 · e5196eeec2
parent c1b9e3dffe
commit e5196eeec2
2 changed files with 14 additions and 2 deletions
--- a/man/kernel-command-line.xml
+++ b/man/kernel-command-line.xml
@ -364,8 +364,12 @@
        <term><varname>systemd.verity_root_data=</varname></term>
        <term><varname>systemd.verity_root_hash=</varname></term>
        <term><varname>systemd.verity.root_options=</varname></term>
+        <term><varname>usrhash=</varname></term>
+        <term><varname>systemd.verity_usr_data=</varname></term>
+        <term><varname>systemd.verity_usr_hash=</varname></term>
+        <term><varname>systemd.verity_usr_options=</varname></term>
        <listitem>
-          <para>Configures the integrity protection root hash for the root file system, and other related
+          <para>Configures the integrity protection root hash for the root and <filename>/usr</filename> file systems, and other related
          parameters. For details, see
          <citerefentry><refentrytitle>systemd-veritysetup-generator</refentrytitle><manvolnum>8</manvolnum></citerefentry>.</para>
        </listitem>
--- a/man/systemd-veritysetup-generator.xml
+++ b/man/systemd-veritysetup-generator.xml
@ -33,7 +33,7 @@
    <citerefentry><refentrytitle>systemd-veritysetup@.service</refentrytitle><manvolnum>8</manvolnum></citerefentry>
    units as necessary.</para>

-    <para>Currently, only a single verity device may be set up with this generator, backing the root file system of the
+    <para>Currently, only two verity devices may be set up with this generator, backing the root and <filename>/usr</filename> file systems of the
    OS.</para>

    <para><filename>systemd-veritysetup-generator</filename> implements
@ -92,6 +92,14 @@
        details.</para></listitem>
      </varlistentry>

+      <varlistentry>
+        <term><varname>usrhash=</varname></term>
+        <term><varname>systemd.verity_usr_data=</varname></term>
+        <term><varname>systemd.verity_usr_hash=</varname></term>
+        <term><varname>systemd.verity_usr_options=</varname></term>
+
+        <listitem><para>Equivalent to their counterparts for the root file system as described above, but apply to the <filename>/usr/</filename> file system instead.</para></listitem>
+      </varlistentry>
    </variablelist>
  </refsect1>