On 13/06/2019 03:06, Jaskaran Khurana wrote:
...

Adds DM_VERITY_VERIFY_ROOTHASH_SIG_FORCE: roothash signature *must* be
specified for all dm verity volumes and verification must succeed prior
to creation of device mapper block device.

I had a quick discussion about this and one suggestion was
to add dm-verity kernel module parameter instead of a new config option.

The idea is that if you can control kernel boot commandline, you can add it
there with the same effect (expecting that root device is on dm-verity as well).

Isn't this better option or it is not going to work for you?

Milan