CME-504

dm-verity (Verified Boot)

Harden OS/Kernel High Confidence

Description

Cryptographic verification of block device integrity using a Merkle tree hash. Every read from the block device is verified against pre-computed hashes, detecting any tampering at the block level.

CVSS Vector Impacts

Metric Transition Rationale
Integrity (I) H N Any block-level modification is cryptographically detected and rejected

CWE Relationships

CWE-345 CWE-494

Verification

Check dm-verity status on root device

$ veritysetup status root
# Expected: status: verified
Platform: linux
← CME-503: nosuid on Non-Root Partitions CME-505: IMA/EVM (Integrity Measurement Architecture) →