2025-12-03 –, Walnascar
This session presents feedback from deploying dm-verity in a Secure Boot-enabled embedded Linux system built with The Yocto Project. We will outline the integration process, system-level constraints, and runtime implications for secure deployments.
This talk provides a detailed walkthrough of the real-world integration of dm-verity in a Yocto-based Linux distribution to ensure data integrity across multiple system partitions.
We will cover the configuration of dm-verity within the Yocto build system, its interaction with Secure Boot across various hardware platforms, and the implications for system updates.
The session will also address performance overhead, update workflows for read-only root filesystems, and common failure modes encountered during boot authentication. Debugging techniques and mitigation strategies will be discussed to equip attendees with the technical knowledge required to successfully integrate dm-verity into their own secure embedded platforms.
Pierre has been supporting equipment manufacturers with Witekio for 20 years, starting as an embedded software developer. He is now leading The Embedded Kit, a software product brand which aims at giving OEMs all the tools and knowledge they need to build, connect, test, and secure their embedded systems without vendor lock-in.