Buildroot Verity Setup – Rootfs Integrity

I investigated the usage of Verity feature of Linux kernel, ingrating this feature into the OpenCritis environment. The Verity Device Mapper of the Linux kernel is verifying the integrity of a read-only file system (eg partition rootfs) using a Merkle tree; over the data blocks of the file system. If signing the top hash, the authenticity and integrity of the rootfs can be enforced while booting and during runtime!

Source: Wikipedia, Merkle Tree

Credits: Nathan Barrett-Morrison did a very good posting explaining the details