€•–¨Œsphinx.addnodes”Œdocument”“”)”}”(Œ rawsource”Œ”Œchildren”]”(Œtranslations”Œ LanguagesNode”“”)”}”(hhh]”(hŒpending_xref”“”)”}”(hhh]”Œdocutils.nodes”ŒText”“”ŒChinese (Simplified)”…””}”Œparent”hsbaŒ attributes”}”(Œids”]”Œclasses”]”Œnames”]”Œdupnames”]”Œbackrefs”]”Œ refdomain”Œstd”Œreftype”Œdoc”Œ reftarget”Œ4/translations/zh_CN/admin-guide/device-mapper/verity”Œmodname”NŒ classname”NŒrefexplicit”ˆuŒtagname”hhhubh)”}”(hhh]”hŒChinese (Traditional)”…””}”hh2sbah}”(h]”h ]”h"]”h$]”h&]”Œ refdomain”h)Œreftype”h+Œ reftarget”Œ4/translations/zh_TW/admin-guide/device-mapper/verity”Œmodname”NŒ classname”NŒrefexplicit”ˆuh1hhhubh)”}”(hhh]”hŒItalian”…””}”hhFsbah}”(h]”h ]”h"]”h$]”h&]”Œ refdomain”h)Œreftype”h+Œ reftarget”Œ4/translations/it_IT/admin-guide/device-mapper/verity”Œmodname”NŒ classname”NŒrefexplicit”ˆuh1hhhubh)”}”(hhh]”hŒJapanese”…””}”hhZsbah}”(h]”h ]”h"]”h$]”h&]”Œ refdomain”h)Œreftype”h+Œ reftarget”Œ4/translations/ja_JP/admin-guide/device-mapper/verity”Œmodname”NŒ classname”NŒrefexplicit”ˆuh1hhhubh)”}”(hhh]”hŒKorean”…””}”hhnsbah}”(h]”h ]”h"]”h$]”h&]”Œ refdomain”h)Œreftype”h+Œ reftarget”Œ4/translations/ko_KR/admin-guide/device-mapper/verity”Œmodname”NŒ classname”NŒrefexplicit”ˆuh1hhhubh)”}”(hhh]”hŒSpanish”…””}”hh‚sbah}”(h]”h ]”h"]”h$]”h&]”Œ refdomain”h)Œreftype”h+Œ reftarget”Œ4/translations/sp_SP/admin-guide/device-mapper/verity”Œmodname”NŒ classname”NŒrefexplicit”ˆuh1hhhubeh}”(h]”h ]”h"]”h$]”h&]”Œcurrent_language”ŒEnglish”uh1h hhŒ _document”hŒsource”NŒline”NubhŒsection”“”)”}”(hhh]”(hŒtitle”“”)”}”(hŒ dm-verity”h]”hŒ dm-verity”…””}”(hh¨hžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”uh1h¦hh£hžhhŸŒN/var/lib/git/docbuild/linux/Documentation/admin-guide/device-mapper/verity.rst”h KubhŒ paragraph”“”)”}”(hŒ²Device-Mapper's "verity" target provides transparent integrity checking of block devices using a cryptographic digest provided by the kernel crypto API. This target is read-only.”h]”hŒ¸Device-Mapperâ€™s â€œverityâ€ target provides transparent integrity checking of block devices using a cryptographic digest provided by the kernel crypto API. This target is read-only.”…””}”(hh¹hžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”uh1h·hŸh¶h Khh£hžhubh¢)”}”(hhh]”(h§)”}”(hŒConstruction Parameters”h]”hŒConstruction Parameters”…””}”(hhÊhžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”uh1h¦hhÇhžhhŸh¶h K ubhŒ literal_block”“”)”}”(hŒœ [<#opt_params> ]”h]”hŒœ [<#opt_params> ]”…””}”hhÚsbah}”(h]”h ]”h"]”h$]”h&]”Œ xml:space”Œpreserve”uh1hØhŸh¶h KhhÇhžhubhŒdefinition_list”“”)”}”(hhh]”(hŒdefinition_list_item”“”)”}”(hX‚ This is the type of the on-disk hash format. 0 is the original format used in the Chromium OS. The salt is appended when hashing, digests are stored continuously and the rest of the block is padded with zeroes. 1 is the current format that should be used for new devices. The salt is prepended when hashing and each digest is padded with zeroes to the power of two. ”h]”(hŒterm”“”)”}”(hŒ ”h]”hŒ ”…””}”(hh÷hžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”uh1hõhŸh¶h KhhñubhŒ definition”“”)”}”(hhh]”(h¸)”}”(hŒ,This is the type of the on-disk hash format.”h]”hŒ,This is the type of the on-disk hash format.”…””}”(hj hžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”uh1h·hŸh¶h Khjubhë)”}”(hhh]”(hð)”}”(hŒ¦0 is the original format used in the Chromium OS. The salt is appended when hashing, digests are stored continuously and the rest of the block is padded with zeroes. ”h]”(hö)”}”(hŒ10 is the original format used in the Chromium OS.”h]”hŒ10 is the original format used in the Chromium OS.”…””}”(hjhžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”uh1hõhŸh¶h Khjubj)”}”(hhh]”h¸)”}”(hŒsThe salt is appended when hashing, digests are stored continuously and the rest of the block is padded with zeroes.”h]”hŒsThe salt is appended when hashing, digests are stored continuously and the rest of the block is padded with zeroes.”…””}”(hj0hžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”uh1h·hŸh¶h Khj-ubah}”(h]”h ]”h"]”h$]”h&]”uh1jhjubeh}”(h]”h ]”h"]”h$]”h&]”uh1hïhŸh¶h Khjubhð)”}”(hŒ›1 is the current format that should be used for new devices. The salt is prepended when hashing and each digest is padded with zeroes to the power of two. ”h]”(hö)”}”(hŒ<1 is the current format that should be used for new devices.”h]”hŒ<1 is the current format that should be used for new devices.”…””}”(hjNhžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”uh1hõhŸh¶h KhjJubj)”}”(hhh]”h¸)”}”(hŒ]The salt is prepended when hashing and each digest is padded with zeroes to the power of two.”h]”hŒ]The salt is prepended when hashing and each digest is padded with zeroes to the power of two.”…””}”(hj_hžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”uh1h·hŸh¶h Khj\ubah}”(h]”h ]”h"]”h$]”h&]”uh1jhjJubeh}”(h]”h ]”h"]”h$]”h&]”uh1hïhŸh¶h Khjubeh}”(h]”h ]”h"]”h$]”h&]”uh1hêhjubeh}”(h]”h ]”h"]”h$]”h&]”uh1jhhñubeh}”(h]”h ]”h"]”h$]”h&]”uh1hïhŸh¶h Khhìubhð)”}”(hŒ« This is the device containing data, the integrity of which needs to be checked. It may be specified as a path, like /dev/sdaX, or a device number, :. ”h]”(hö)”}”(hŒ”h]”hŒ”…””}”(hjhžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”uh1hõhŸh¶h K"hj‹ubj)”}”(hhh]”h¸)”}”(hŒ¤This is the device containing data, the integrity of which needs to be checked. It may be specified as a path, like /dev/sdaX, or a device number, :.”h]”hŒ¤This is the device containing data, the integrity of which needs to be checked. It may be specified as a path, like /dev/sdaX, or a device number, :.”…””}”(hj hžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”uh1h·hŸh¶h K hjubah}”(h]”h ]”h"]”h$]”h&]”uh1jhj‹ubeh}”(h]”h ]”h"]”h$]”h&]”uh1hïhŸh¶h K"hhìhžhubhð)”}”(hŒí This is the device that supplies the hash tree data. It may be specified similarly to the device path and may be the same device. If the same device is used, the hash_start should be outside the configured dm-verity device. ”h]”(hö)”}”(hŒ ”h]”hŒ ”…””}”(hj¾hžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”uh1hõhŸh¶h K(hjºubj)”}”(hhh]”h¸)”}”(hŒáThis is the device that supplies the hash tree data. It may be specified similarly to the device path and may be the same device. If the same device is used, the hash_start should be outside the configured dm-verity device.”h]”hŒáThis is the device that supplies the hash tree data. It may be specified similarly to the device path and may be the same device. If the same device is used, the hash_start should be outside the configured dm-verity device.”…””}”(hjÏhžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”uh1h·hŸh¶h K%hjÌubah}”(h]”h ]”h"]”h$]”h&]”uh1jhjºubeh}”(h]”h ]”h"]”h$]”h&]”uh1hïhŸh¶h K(hhìhžhubhð)”}”(hŒu The block size on a data device in bytes. Each block corresponds to one digest on the hash device. ”h]”(hö)”}”(hŒ”h]”hŒ”…””}”(hjíhžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”uh1hõhŸh¶h K,hjéubj)”}”(hhh]”h¸)”}”(hŒbThe block size on a data device in bytes. Each block corresponds to one digest on the hash device.”h]”hŒbThe block size on a data device in bytes. Each block corresponds to one digest on the hash device.”…””}”(hjþhžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”uh1h·hŸh¶h K+hjûubah}”(h]”h ]”h"]”h$]”h&]”uh1jhjéubeh}”(h]”h ]”h"]”h$]”h&]”uh1hïhŸh¶h K,hhìhžhubhð)”}”(hŒ5 The size of a hash block in bytes. ”h]”(hö)”}”(hŒ”h]”hŒ”…””}”(hjhžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”uh1hõhŸh¶h K/hjubj)”}”(hhh]”h¸)”}”(hŒ"The size of a hash block in bytes.”h]”hŒ"The size of a hash block in bytes.”…””}”(hj-hžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”uh1h·hŸh¶h K/hj*ubah}”(h]”h ]”h"]”h$]”h&]”uh1jhjubeh}”(h]”h ]”h"]”h$]”h&]”uh1hïhŸh¶h K/hhìhžhubhð)”}”(hŒÒ The number of data blocks on the data device. Additional blocks are inaccessible. You can place hashes to the same partition as data, in this case hashes are placed after . ”h]”(hö)”}”(hŒ”h]”hŒ”…””}”(hjKhžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”uh1hõhŸh¶h K4hjGubj)”}”(hhh]”h¸)”}”(hŒ¿The number of data blocks on the data device. Additional blocks are inaccessible. You can place hashes to the same partition as data, in this case hashes are placed after .”h]”hŒ¿The number of data blocks on the data device. Additional blocks are inaccessible. You can place hashes to the same partition as data, in this case hashes are placed after .”…””}”(hj\hžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”uh1h·hŸh¶h K2hjYubah}”(h]”h ]”h"]”h$]”h&]”uh1jhjGubeh}”(h]”h ]”h"]”h$]”h&]”uh1hïhŸh¶h K4hhìhžhubhð)”}”(hŒƒ This is the offset, in -blocks, from the start of hash_dev to the root block of the hash tree. ”h]”(hö)”}”(hŒ”h]”hŒ”…””}”(hjzhžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”uh1hõhŸh¶h K8hjvubj)”}”(hhh]”h¸)”}”(hŒoThis is the offset, in -blocks, from the start of hash_dev to the root block of the hash tree.”h]”hŒoThis is the offset, in -blocks, from the start of hash_dev to the root block of the hash tree.”…””}”(hj‹hžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”uh1h·hŸh¶h K7hjˆubah}”(h]”h ]”h"]”h$]”h&]”uh1jhjvubeh}”(h]”h ]”h"]”h$]”h&]”uh1hïhŸh¶h K8hhìhžhubhð)”}”(hŒ{ The cryptographic hash algorithm used for this device. This should be the name of the algorithm, like "sha1". ”h]”(hö)”}”(hŒ”h]”hŒ”…””}”(hj©hžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”uh1hõhŸh¶h K The hexadecimal encoding of the cryptographic hash of the root hash block and the salt. This hash should be trusted as there is no other authenticity beyond this point. ”h]”(hö)”}”(hŒ”h]”hŒ”…””}”(hjØhžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”uh1hõhŸh¶h KAhjÔubj)”}”(hhh]”h¸)”}”(hŒ©The hexadecimal encoding of the cryptographic hash of the root hash block and the salt. This hash should be trusted as there is no other authenticity beyond this point.”h]”hŒ©The hexadecimal encoding of the cryptographic hash of the root hash block and the salt. This hash should be trusted as there is no other authenticity beyond this point.”…””}”(hjéhžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”uh1h·hŸh¶h K?hjæubah}”(h]”h ]”h"]”h$]”h&]”uh1jhjÔubeh}”(h]”h ]”h"]”h$]”h&]”uh1hïhŸh¶h KAhhìhžhubhð)”}”(hŒ3 The hexadecimal encoding of the salt value. ”h]”(hö)”}”(hŒ”h]”hŒ”…””}”(hjhžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”uh1hõhŸh¶h KDhjubj)”}”(hhh]”h¸)”}”(hŒ+The hexadecimal encoding of the salt value.”h]”hŒ+The hexadecimal encoding of the salt value.”…””}”(hjhžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”uh1h·hŸh¶h KDhjubah}”(h]”h ]”h"]”h$]”h&]”uh1jhjubeh}”(h]”h ]”h"]”h$]”h&]”uh1hïhŸh¶h KDhhìhžhubhð)”}”(hX<#opt_params> Number of optional parameters. If there are no optional parameters, the optional parameters section can be skipped or #opt_params can be zero. Otherwise #opt_params is the number of following arguments. Example of optional parameters section: 1 ignore_corruption ”h]”(hö)”}”(hŒ <#opt_params>”h]”hŒ <#opt_params>”…””}”(hj6hžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”uh1hõhŸh¶h KLhj2ubj)”}”(hhh]”(h¸)”}”(hŒÊNumber of optional parameters. If there are no optional parameters, the optional parameters section can be skipped or #opt_params can be zero. Otherwise #opt_params is the number of following arguments.”h]”hŒÊNumber of optional parameters. If there are no optional parameters, the optional parameters section can be skipped or #opt_params can be zero. Otherwise #opt_params is the number of following arguments.”…””}”(hjGhžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”uh1h·hŸh¶h KGhjDubhë)”}”(hhh]”hð)”}”(hŒ Use forward error correction (FEC) to recover from corruption if hash verification fails. Use encoding data from the specified device. This may be the same device where data and hash blocks reside, in which case fec_start must be outside data and hash areas. If the encoding data covers additional metadata, it must be accessible on the hash device after the hash blocks. Note: block sizes for data and hash devices must match. Also, if the verity is encrypted the should be too. ”h]”(hö)”}”(hŒuse_fec_from_device ”h]”hŒuse_fec_from_device ”…””}”(hj·hžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”uh1hõhŸh¶h Krhj³ubj)”}”(hhh]”(h¸)”}”(hXUse forward error correction (FEC) to recover from corruption if hash verification fails. Use encoding data from the specified device. This may be the same device where data and hash blocks reside, in which case fec_start must be outside data and hash areas.”h]”hXUse forward error correction (FEC) to recover from corruption if hash verification fails. Use encoding data from the specified device. This may be the same device where data and hash blocks reside, in which case fec_start must be outside data and hash areas.”…””}”(hjÈhžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”uh1h·hŸh¶h KihjÅubh¸)”}”(hŒpIf the encoding data covers additional metadata, it must be accessible on the hash device after the hash blocks.”h]”hŒpIf the encoding data covers additional metadata, it must be accessible on the hash device after the hash blocks.”…””}”(hjÖhžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”uh1h·hŸh¶h KnhjÅubh¸)”}”(hŒ{Note: block sizes for data and hash devices must match. Also, if the verity is encrypted the should be too.”h]”hŒ{Note: block sizes for data and hash devices must match. Also, if the verity is encrypted the should be too.”…””}”(hjähžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”uh1h·hŸh¶h KqhjÅubeh}”(h]”h ]”h"]”h$]”h&]”uh1jhj³ubeh}”(h]”h ]”h"]”h$]”h&]”uh1hïhŸh¶h Krhhìhžhubhð)”}”(hŒªfec_roots Number of generator roots. This equals to the number of parity bytes in the encoding data. For example, in RS(M, N) encoding, the number of roots is M-N. ”h]”(hö)”}”(hŒfec_roots ”h]”hŒfec_roots ”…””}”(hjhžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”uh1hõhŸh¶h Kwhjþubj)”}”(hhh]”h¸)”}”(hŒ™Number of generator roots. This equals to the number of parity bytes in the encoding data. For example, in RS(M, N) encoding, the number of roots is M-N.”h]”hŒ™Number of generator roots. This equals to the number of parity bytes in the encoding data. For example, in RS(M, N) encoding, the number of roots is M-N.”…””}”(hjhžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”uh1h·hŸh¶h Kuhjubah}”(h]”h ]”h"]”h$]”h&]”uh1jhjþubeh}”(h]”h ]”h"]”h$]”h&]”uh1hïhŸh¶h Kwhhìhžhubhð)”}”(hŒfec_blocks The number of encoding data blocks on the FEC device. The block size for the FEC device is . ”h]”(hö)”}”(hŒfec_blocks ”h]”hŒfec_blocks ”…””}”(hj1hžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”uh1hõhŸh¶h K{hj-ubj)”}”(hhh]”h¸)”}”(hŒmThe number of encoding data blocks on the FEC device. The block size for the FEC device is .”h]”hŒmThe number of encoding data blocks on the FEC device. The block size for the FEC device is .”…””}”(hjBhžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”uh1h·hŸh¶h Kzhj?ubah}”(h]”h ]”h"]”h$]”h&]”uh1jhj-ubeh}”(h]”h ]”h"]”h$]”h&]”uh1hïhŸh¶h K{hhìhžhubhð)”}”(hŒŒfec_start This is the offset, in blocks, from the start of the FEC device to the beginning of the encoding data. ”h]”(hö)”}”(hŒfec_start ”h]”hŒfec_start ”…””}”(hj`hžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”uh1hõhŸh¶h Khj\ubj)”}”(hhh]”h¸)”}”(hŒxThis is the offset, in blocks, from the start of the FEC device to the beginning of the encoding data.”h]”hŒxThis is the offset, in blocks, from the start of the FEC device to the beginning of the encoding data.”…””}”(hjqhžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”uh1h·hŸh¶h K~hjnubah}”(h]”h ]”h"]”h$]”h&]”uh1jhj\ubeh}”(h]”h ]”h"]”h$]”h&]”uh1hïhŸh¶h Khhìhžhubhð)”}”(hX‹check_at_most_once Verify data blocks only the first time they are read from the data device, rather than every time. This reduces the overhead of dm-verity so that it can be used on systems that are memory and/or CPU constrained. However, it provides a reduced level of security because only offline tampering of the data device's content will be detected, not online tampering. Hash blocks are still verified each time they are read from the hash device, since verification of hash blocks is less performance critical than data blocks, and a hash block will not be verified any more after all the data blocks it covers have been verified anyway. ”h]”(hö)”}”(hŒcheck_at_most_once”h]”hŒcheck_at_most_once”…””}”(hjhžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”uh1hõhŸh¶h K‹hj‹ubj)”}”(hhh]”(h¸)”}”(hXjVerify data blocks only the first time they are read from the data device, rather than every time. This reduces the overhead of dm-verity so that it can be used on systems that are memory and/or CPU constrained. However, it provides a reduced level of security because only offline tampering of the data device's content will be detected, not online tampering.”h]”hXlVerify data blocks only the first time they are read from the data device, rather than every time. This reduces the overhead of dm-verity so that it can be used on systems that are memory and/or CPU constrained. However, it provides a reduced level of security because only offline tampering of the data deviceâ€™s content will be detected, not online tampering.”…””}”(hj hžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”uh1h·hŸh¶h K‚hjubh¸)”}”(hXHash blocks are still verified each time they are read from the hash device, since verification of hash blocks is less performance critical than data blocks, and a hash block will not be verified any more after all the data blocks it covers have been verified anyway.”h]”hXHash blocks are still verified each time they are read from the hash device, since verification of hash blocks is less performance critical than data blocks, and a hash block will not be verified any more after all the data blocks it covers have been verified anyway.”…””}”(hj®hžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”uh1h·hŸh¶h Kˆhjubeh}”(h]”h ]”h"]”h$]”h&]”uh1jhj‹ubeh}”(h]”h ]”h"]”h$]”h&]”uh1hïhŸh¶h K‹hhìhžhubhð)”}”(hXäroot_hash_sig_key_desc This is the description of the USER_KEY that the kernel will lookup to get the pkcs7 signature of the roothash. The pkcs7 signature is used to validate the root hash during the creation of the device mapper block device. Verification of roothash depends on the config DM_VERITY_VERIFY_ROOTHASH_SIG being set in the kernel. The signatures are checked against the builtin trusted keyring by default, or the secondary trusted keyring if DM_VERITY_VERIFY_ROOTHASH_SIG_SECONDARY_KEYRING is set. The secondary trusted keyring includes by default the builtin trusted keyring, and it can also gain new certificates at run time if they are signed by a certificate already in the secondary trusted keyring. ”h]”(hö)”}”(hŒ(root_hash_sig_key_desc ”h]”hŒ(root_hash_sig_key_desc ”…””}”(hjÌhžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”uh1hõhŸh¶h K—hjÈubj)”}”(hhh]”h¸)”}”(hXºThis is the description of the USER_KEY that the kernel will lookup to get the pkcs7 signature of the roothash. The pkcs7 signature is used to validate the root hash during the creation of the device mapper block device. Verification of roothash depends on the config DM_VERITY_VERIFY_ROOTHASH_SIG being set in the kernel. The signatures are checked against the builtin trusted keyring by default, or the secondary trusted keyring if DM_VERITY_VERIFY_ROOTHASH_SIG_SECONDARY_KEYRING is set. The secondary trusted keyring includes by default the builtin trusted keyring, and it can also gain new certificates at run time if they are signed by a certificate already in the secondary trusted keyring.”h]”hXºThis is the description of the USER_KEY that the kernel will lookup to get the pkcs7 signature of the roothash. The pkcs7 signature is used to validate the root hash during the creation of the device mapper block device. Verification of roothash depends on the config DM_VERITY_VERIFY_ROOTHASH_SIG being set in the kernel. The signatures are checked against the builtin trusted keyring by default, or the secondary trusted keyring if DM_VERITY_VERIFY_ROOTHASH_SIG_SECONDARY_KEYRING is set. The secondary trusted keyring includes by default the builtin trusted keyring, and it can also gain new certificates at run time if they are signed by a certificate already in the secondary trusted keyring.”…””}”(hjÝhžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”uh1h·hŸh¶h KŽhjÚubah}”(h]”h ]”h"]”h$]”h&]”uh1jhjÈubeh}”(h]”h ]”h"]”h$]”h&]”uh1hïhŸh¶h K—hhìhžhubhð)”}”(hXÈtry_verify_in_tasklet If verity hashes are in cache and the IO size does not exceed the limit, verify data blocks in bottom half instead of workqueue. This option can reduce IO latency. The size limits can be configured via /sys/module/dm_verity/parameters/use_bh_bytes. The four parameters correspond to limits for IOPRIO_CLASS_NONE, IOPRIO_CLASS_RT, IOPRIO_CLASS_BE and IOPRIO_CLASS_IDLE in turn. For example: ,,, 4096,4096,4096,4096 ”h]”(hö)”}”(hŒtry_verify_in_tasklet”h]”hŒtry_verify_in_tasklet”…””}”(hjûhžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”uh1hõhŸh¶h K¢hj÷ubj)”}”(hhh]”h¸)”}”(hX±If verity hashes are in cache and the IO size does not exceed the limit, verify data blocks in bottom half instead of workqueue. This option can reduce IO latency. The size limits can be configured via /sys/module/dm_verity/parameters/use_bh_bytes. The four parameters correspond to limits for IOPRIO_CLASS_NONE, IOPRIO_CLASS_RT, IOPRIO_CLASS_BE and IOPRIO_CLASS_IDLE in turn. For example: ,,, 4096,4096,4096,4096”h]”hX±If verity hashes are in cache and the IO size does not exceed the limit, verify data blocks in bottom half instead of workqueue. This option can reduce IO latency. The size limits can be configured via /sys/module/dm_verity/parameters/use_bh_bytes. The four parameters correspond to limits for IOPRIO_CLASS_NONE, IOPRIO_CLASS_RT, IOPRIO_CLASS_BE and IOPRIO_CLASS_IDLE in turn. For example: ,,, 4096,4096,4096,4096”…””}”(hjhžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”uh1h·hŸh¶h Kšhj ubah}”(h]”h ]”h"]”h$]”h&]”uh1jhj÷ubeh}”(h]”h ]”h"]”h$]”h&]”uh1hïhŸh¶h K¢hhìhžhubeh}”(h]”h ]”h"]”h$]”h&]”uh1hêhhÇhžhhŸNh Nubeh}”(h]”Œconstruction-parameters”ah ]”h"]”Œconstruction parameters”ah$]”h&]”uh1h¡hh£hžhhŸh¶h K ubh¢)”}”(hhh]”(h§)”}”(hŒTheory of operation”h]”hŒTheory of operation”…””}”(hj7hžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”uh1h¦hj4hžhhŸh¶h K¥ubh¸)”}”(hŒÈdm-verity is meant to be set up as part of a verified boot path. This may be anything ranging from a boot using tboot or trustedgrub to just booting from a known-good device (like a USB drive or CD).”h]”hŒÈdm-verity is meant to be set up as part of a verified boot path. This may be anything ranging from a boot using tboot or trustedgrub to just booting from a known-good device (like a USB drive or CD).”…””}”(hjEhžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”uh1h·hŸh¶h K§hj4hžhubh¸)”}”(hX‰When a dm-verity device is configured, it is expected that the caller has been authenticated in some way (cryptographic signatures, etc). After instantiation, all hashes will be verified on-demand during disk access. If they cannot be verified up to the root node of the tree, the root hash, then the I/O will fail. This should detect tampering with any data on the device and the hash data.”h]”hX‰When a dm-verity device is configured, it is expected that the caller has been authenticated in some way (cryptographic signatures, etc). After instantiation, all hashes will be verified on-demand during disk access. If they cannot be verified up to the root node of the tree, the root hash, then the I/O will fail. This should detect tampering with any data on the device and the hash data.”…””}”(hjShžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”uh1h·hŸh¶h K«hj4hžhubh¸)”}”(hŒðCryptographic hashes are used to assert the integrity of the device on a per-block basis. This allows for a lightweight hash computation on first read into the page cache. Block hashes are stored linearly, aligned to the nearest block size.”h]”hŒðCryptographic hashes are used to assert the integrity of the device on a per-block basis. This allows for a lightweight hash computation on first read into the page cache. Block hashes are stored linearly, aligned to the nearest block size.”…””}”(hjahžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”uh1h·hŸh¶h K²hj4hžhubh¸)”}”(hŒéIf forward error correction (FEC) support is enabled any recovery of corrupted data will be verified using the cryptographic hash of the corresponding data. This is why combining error correction with integrity checking is essential.”h]”hŒéIf forward error correction (FEC) support is enabled any recovery of corrupted data will be verified using the cryptographic hash of the corresponding data. This is why combining error correction with integrity checking is essential.”…””}”(hjohžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”uh1h·hŸh¶h K·hj4hžhubh¢)”}”(hhh]”(h§)”}”(hŒ Hash Tree”h]”hŒ Hash Tree”…””}”(hj€hžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”uh1h¦hj}hžhhŸh¶h K½ubh¸)”}”(hŒÊEach node in the tree is a cryptographic hash. If it is a leaf node, the hash of some data block on disk is calculated. If it is an intermediary node, the hash of a number of child nodes is calculated.”h]”hŒÊEach node in the tree is a cryptographic hash. If it is a leaf node, the hash of some data block on disk is calculated. If it is an intermediary node, the hash of a number of child nodes is calculated.”…””}”(hjŽhžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”uh1h·hŸh¶h K¿hj}hžhubh¸)”}”(hXGEach entry in the tree is a collection of neighboring nodes that fit in one block. The number is determined based on block_size and the size of the selected cryptographic digest algorithm. The hashes are linearly-ordered in this entry and any unaligned trailing space is ignored but included when calculating the parent node.”h]”hXGEach entry in the tree is a collection of neighboring nodes that fit in one block. The number is determined based on block_size and the size of the selected cryptographic digest algorithm. The hashes are linearly-ordered in this entry and any unaligned trailing space is ignored but included when calculating the parent node.”…””}”(hjœhžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”uh1h·hŸh¶h KÃhj}hžhubh¸)”}”(hŒThe tree looks something like:”h]”hŒThe tree looks something like:”…””}”(hjªhžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”uh1h·hŸh¶h KÉhj}hžhubhŒblock_quote”“”)”}”(hŒ4alg = sha256, num_blocks = 32768, block_size = 4096 ”h]”h¸)”}”(hŒ3alg = sha256, num_blocks = 32768, block_size = 4096”h]”hŒ3alg = sha256, num_blocks = 32768, block_size = 4096”…””}”(hj¾hžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”uh1h·hŸh¶h KËhjºubah}”(h]”h ]”h"]”h$]”h&]”uh1j¸hŸh¶h KËhj}hžhubhÙ)”}”(hX‡ [ root ] / . . . \ [entry_0] [entry_1] / . . . \ . . . \ [entry_0_0] . . . [entry_0_127] . . . . [entry_1_127] / ... \ / . . . \ / \ blk_0 ... blk_127 blk_16256 blk_16383 blk_32640 . . . blk_32767”h]”hX‡ [ root ] / . . . \ [entry_0] [entry_1] / . . . \ . . . \ [entry_0_0] . . . [entry_0_127] . . . . [entry_1_127] / ... \ / . . . \ / \ blk_0 ... blk_127 blk_16256 blk_16383 blk_32640 . . . blk_32767”…””}”hjÒsbah}”(h]”h ]”h"]”h$]”h&]”hèhéuh1hØhŸh¶h KÏhj}hžhubeh}”(h]”Œ hash-tree”ah ]”h"]”Œ hash tree”ah$]”h&]”uh1h¡hj4hžhhŸh¶h K½ubeh}”(h]”Œtheory-of-operation”ah ]”h"]”Œtheory of operation”ah$]”h&]”uh1h¡hh£hžhhŸh¶h K¥ubh¢)”}”(hhh]”(h§)”}”(hŒOn-disk format”h]”hŒOn-disk format”…””}”(hjóhžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”uh1h¦hjðhžhhŸh¶h KÙubh¸)”}”(hŒÞThe verity kernel code does not read the verity metadata on-disk header. It only reads the hash blocks which directly follow the header. It is expected that a user-space tool will verify the integrity of the verity header.”h]”hŒÞThe verity kernel code does not read the verity metadata on-disk header. It only reads the hash blocks which directly follow the header. It is expected that a user-space tool will verify the integrity of the verity header.”…””}”(hjhžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”uh1h·hŸh¶h KÛhjðhžhubh¸)”}”(hŒ¬Alternatively, the header can be omitted and the dmsetup parameters can be passed via the kernel command-line in a rooted chain of trust where the command-line is verified.”h]”hŒ¬Alternatively, the header can be omitted and the dmsetup parameters can be passed via the kernel command-line in a rooted chain of trust where the command-line is verified.”…””}”(hjhžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”uh1h·hŸh¶h Kàhjðhžhubh¸)”}”(hŒÓDirectly following the header (and with sector number padded to the next hash block boundary) are the hash blocks which are stored a depth at a time (starting from the root), sorted in order of increasing index.”h]”hŒÓDirectly following the header (and with sector number padded to the next hash block boundary) are the hash blocks which are stored a depth at a time (starting from the root), sorted in order of increasing index.”…””}”(hjhžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”uh1h·hŸh¶h Kähjðhžhubh¸)”}”(hŒzThe full specification of kernel parameters and on-disk metadata format is available at the cryptsetup project's wiki page”h]”hŒ|The full specification of kernel parameters and on-disk metadata format is available at the cryptsetup projectâ€™s wiki page”…””}”(hj+hžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”uh1h·hŸh¶h Kèhjðhžhubj¹)”}”(hŒ8https://gitlab.com/cryptsetup/cryptsetup/wikis/DMVerity ”h]”h¸)”}”(hŒ7https://gitlab.com/cryptsetup/cryptsetup/wikis/DMVerity”h]”hŒ reference”“”)”}”(hj?h]”hŒ7https://gitlab.com/cryptsetup/cryptsetup/wikis/DMVerity”…””}”(hjChžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”Œrefuri”j?uh1jAhj=ubah}”(h]”h ]”h"]”h$]”h&]”uh1h·hŸh¶h Këhj9ubah}”(h]”h ]”h"]”h$]”h&]”uh1j¸hŸh¶h Këhjðhžhubeh}”(h]”Œon-disk-format”ah ]”h"]”Œon-disk format”ah$]”h&]”uh1h¡hh£hžhhŸh¶h KÙubh¢)”}”(hhh]”(h§)”}”(hŒStatus”h]”hŒStatus”…””}”(hjhhžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”uh1h¦hjehžhhŸh¶h Kîubh¸)”}”(hŒyV (for Valid) is returned if every check performed so far was valid. If any check failed, C (for Corruption) is returned.”h]”hŒyV (for Valid) is returned if every check performed so far was valid. If any check failed, C (for Corruption) is returned.”…””}”(hjvhžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”uh1h·hŸh¶h Kïhjehžhubeh}”(h]”Œstatus”ah ]”h"]”Œstatus”ah$]”h&]”uh1h¡hh£hžhhŸh¶h Kîubh¢)”}”(hhh]”(h§)”}”(hŒExample”h]”hŒExample”…””}”(hjhžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”uh1h¦hjŒhžhhŸh¶h Kóubh¸)”}”(hŒSet up a device::”h]”hŒSet up a device:”…””}”(hjhžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”uh1h·hŸh¶h KôhjŒhžhubhÙ)”}”(hŒþ# dmsetup create vroot --readonly --table \ "0 2097152 verity 1 /dev/sda1 /dev/sda2 4096 4096 262144 1 sha256 "\ "4392712ba01368efdf14b05c76f9e4df0d53664630b5d48632ed17a137f39076 "\ "1234000000000000000000000000000000000000000000000000000000000000"”h]”hŒþ# dmsetup create vroot --readonly --table \ "0 2097152 verity 1 /dev/sda1 /dev/sda2 4096 4096 262144 1 sha256 "\ "4392712ba01368efdf14b05c76f9e4df0d53664630b5d48632ed17a137f39076 "\ "1234000000000000000000000000000000000000000000000000000000000000"”…””}”hj«sbah}”(h]”h ]”h"]”h$]”h&]”hèhéuh1hØhŸh¶h KöhjŒhžhubh¸)”}”(hŒòA command line tool veritysetup is available to compute or verify the hash tree or activate the kernel device. This is available from the cryptsetup upstream repository https://gitlab.com/cryptsetup/cryptsetup/ (as a libcryptsetup extension).”h]”(hŒ©A command line tool veritysetup is available to compute or verify the hash tree or activate the kernel device. This is available from the cryptsetup upstream repository ”…””}”(hj¹hžhhŸNh NubjB)”}”(hŒ)https://gitlab.com/cryptsetup/cryptsetup/”h]”hŒ)https://gitlab.com/cryptsetup/cryptsetup/”…””}”(hjÁhžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”Œrefuri”jÃuh1jAhj¹ubhŒ (as a libcryptsetup extension).”…””}”(hj¹hžhhŸNh Nubeh}”(h]”h ]”h"]”h$]”h&]”uh1h·hŸh¶h KûhjŒhžhubh¸)”}”(hŒCreate hash on the device::”h]”hŒCreate hash on the device:”…””}”(hjÚhžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”uh1h·hŸh¶h MhjŒhžhubhÙ)”}”(hŒx# veritysetup format /dev/sda1 /dev/sda2 ... Root hash: 4392712ba01368efdf14b05c76f9e4df0d53664630b5d48632ed17a137f39076”h]”hŒx# veritysetup format /dev/sda1 /dev/sda2 ... Root hash: 4392712ba01368efdf14b05c76f9e4df0d53664630b5d48632ed17a137f39076”…””}”hjèsbah}”(h]”h ]”h"]”h$]”h&]”hèhéuh1hØhŸh¶h MhjŒhžhubh¸)”}”(hŒActivate the device::”h]”hŒActivate the device:”…””}”(hjöhžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”uh1h·hŸh¶h MhjŒhžhubhÙ)”}”(hŒs# veritysetup create vroot /dev/sda1 /dev/sda2 \ 4392712ba01368efdf14b05c76f9e4df0d53664630b5d48632ed17a137f39076”h]”hŒs# veritysetup create vroot /dev/sda1 /dev/sda2 \ 4392712ba01368efdf14b05c76f9e4df0d53664630b5d48632ed17a137f39076”…””}”hjsbah}”(h]”h ]”h"]”h$]”h&]”hèhéuh1hØhŸh¶h MhjŒhžhubeh}”(h]”Œexample”ah ]”h"]”Œexample”ah$]”h&]”uh1h¡hh£hžhhŸh¶h Kóubeh}”(h]”Œ dm-verity”ah ]”h"]”Œ dm-verity”ah$]”h&]”uh1h¡hhhžhhŸh¶h Kubeh}”(h]”h ]”h"]”h$]”h&]”Œsource”h¶uh1hŒcurrent_source”NŒcurrent_line”NŒsettings”Œdocutils.frontend”ŒValues”“”)”}”(h¦NŒ generator”NŒ datestamp”NŒsource_link”NŒ source_url”NŒ toc_backlinks”Œentry”Œfootnote_backlinks”KŒ sectnum_xform”KŒstrip_comments”NŒstrip_elements_with_classes”NŒ strip_classes”NŒreport_level”KŒ halt_level”KŒexit_status_level”KŒdebug”NŒwarning_stream”NŒ traceback”ˆŒinput_encoding”Œ utf-8-sig”Œinput_encoding_error_handler”Œstrict”Œoutput_encoding”Œutf-8”Œoutput_encoding_error_handler”jEŒerror_encoding”Œutf-8”Œerror_encoding_error_handler”Œbackslashreplace”Œ language_code”Œen”Œrecord_dependencies”NŒconfig”NŒ id_prefix”hŒauto_id_prefix”Œid”Œ dump_settings”NŒdump_internals”NŒdump_transforms”NŒdump_pseudo_xml”NŒexpose_internals”NŒstrict_visitor”NŒ_disable_config”NŒ_source”h¶Œ_destination”NŒ _config_files”]”Œ7/var/lib/git/docbuild/linux/Documentation/docutils.conf”aŒfile_insertion_enabled”ˆŒraw_enabled”KŒline_length_limit”M'Œpep_references”NŒpep_base_url”Œhttps://peps.python.org/”Œpep_file_url_template”Œpep-%04d”Œrfc_references”NŒrfc_base_url”Œ&https://datatracker.ietf.org/doc/html/”Œ tab_width”KŒtrim_footnote_reference_space”‰Œsyntax_highlight”Œlong”Œsmart_quotes”ˆŒsmartquotes_locales”]”Œcharacter_level_inline_markup”‰Œdoctitle_xform”‰Œ docinfo_xform”KŒsectsubtitle_xform”‰Œ image_loading”Œlink”Œembed_stylesheet”‰Œcloak_email_addresses”ˆŒsection_self_link”‰Œenv”NubŒreporter”NŒindirect_targets”]”Œsubstitution_defs”}”Œsubstitution_names”}”Œrefnames”}”Œrefids”}”Œnameids”}”(jjj1j.jíjêjåjâjbj_j‰j†jjuŒ nametypes”}”(j‰j1‰jí‰jå‰jb‰j‰‰j‰uh}”(jh£j.hÇjêj4jâj}j_jðj†jejjŒuŒ footnote_refs”}”Œ citation_refs”}”Œ autofootnotes”]”Œautofootnote_refs”]”Œsymbol_footnotes”]”Œsymbol_footnote_refs”]”Œ footnotes”]”Œ citations”]”Œautofootnote_start”KŒsymbol_footnote_start”KŒ id_counter”Œcollections”ŒCounter”“”}”…”R”Œparse_messages”]”Œtransform_messages”]”Œtransformer”NŒinclude_log”]”Œ decoration”Nhžhub.