I’m struggling to enable dm-verity on Jetson Nano 4GB [B02] board. I’m using L4T v32.7.1. From the error message, it appears that dm-verity module is not built into kernel.

sudo veritysetup open --no-superblock /boot/initrd.img verity-test ~/verity-hashes.img [hashcode]
device-mapper: reload ioctl on failed: Invalid argument
Kernel doesn’t support dm-verity mapping.

Below are set of commands to repro this on Jetson Nano.

Create data image

dd if=/dev/zero of=~/tmp/data_partition.img bs=4k count=256
mkfs.ext4 ~/tmp/data_partition.img
tune2fs -c0 -i0 ~/tmp/data_partition.img

Create a text file for testing

sudo mount -o loop data_partition.img /mnt/
cd /mnt/
sudo touch hello.txt
cd ~/tmp/
sudo umount /mnt

Create image for hashes

dd if=/dev/zero of=~/tmp/hash_partition.img bs=4k count=256
mkfs.ext4 ~/tmp/hash_partition.img
tune2fs -c0 -i0 ~/tmp/hash_partition.img

Setting up dm-verity

veritysetup -v --debug format data_partition.img hash_partition.img
sudo veritysetup open data_partition.img verity-test hash_partition.img [hashcode]

This fails on Jetson Nano with message ‘device-mapper: reload ioctl on failed: Invalid argument
Kernel doesn’t support dm-verity mapping.’

The same set of commands works on stock Ubuntu 18 running on laptop.

Is there a way to get dm-verity enabled on Jetson Nano.

-Thanks
Rajesh

Maybe check the kernel document if any help.

kernel/kernel-4.9/Documentation/device-mapper/verity.txt

Is the dm-verity setup built into the kernel, or I need to re-build the kernel adding following flags to public/source/ kernel/kernel-4.9/arch/arm64/configs/tegra_defconfig

CONFIG_DM_VERITY=y # Enable DM-Verity
CONFIG_DM_VERITY_HASH_PREFETCH_MIN_SIZE_128=y # DM-Verity hash prefetch optimization

-Thanks
Rajesh

Suppose need enable and replace the kernel for it.

Thanks Shane,

Can you please share the set of steps required to build the kernel with config changes and deploy it on Jetson Nano board.

I’ve been struggling to do so far. I found that kernel image built from unmodified public/sources [v32.7.1 downloaded from link] shows unexpected behavior. The newly flashed OS [with locally built kernel] kills the X-windows and goes to boot console, after first time configuration. On reboot, the device remains in boot screen with following error messages

• Failed to start nvpmodel.service.
• Reserved SVD code 0 [ n times]

Below are the steps, I’ve been following

1. cd source/public
2. JETSON_NANO_KERNEL_SOURCE=$(pwd)
3. cd kernel/kernel-4.9
4. sudo make ARCH=arm64 tegra_defconfig
5. sudo make ARCH=arm64 -j(nproc)
6. sudo cp arch/arm64/boot/Image …/…/…/…/kernel/
7. cd …/…/…/…/
8. sudo ./apply_binaries.sh
9. sudo ./flash.sh DTB jetson-nano-emmc mmcblk0p1

I’m wondering if the kernel file bundled in L4T Driver Package [Jetson-210_Linux_R32.7.1_aarch64.tbz2] is built from a different code commit than the one in public_sources.tbz2. Can we get on a call today to resolve this issue?

-Rajesh

Checking below document.

https://docs.nvidia.com/jetson/archives/l4t-archived/l4t-3261/index.html#page/Tegra%20Linux%20Driver%20Package%20Development%20Guide/kernel_custom.html#

Thanks Shane, for the prompt response.

I’ll try it out and revert to you.

-Rajesh

Thanks Shane. We have successfully built dm-verity in the kernel. The kernel_custom.html link was super useful.

This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.