`fs-verity` support
#9989
Replies: 1 comment
-
|
it looks like composefs makes it easy to verify/attest digests... maybe a composefs system extension could enable verified as well as attestation by (for example) control plane nodes? |
Beta Was this translation helpful? Give feedback.
0 replies
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Uh oh!
There was an error while loading. Please reload this page.
-
From what I can tell, Talos currently doesn’t make use of kernel features such as fs-verity, which verifies the signatures of files through a merkle tree, and makes those files truly read-only.
Fedora CoreOS currently achieves this through composefs. Their docs on it can be found here.
Beta Was this translation helpful? Give feedback.
All reactions