verity.rst - OpenGrok cross reference for /Documentation/admin-guide/device-mapper/verity.rst

Lines Matching +full:i +full:- +full:cache +full:- +full:block +full:- +full:size
2 dm-verity
5 Device-Mapper's "verity" target provides transparent integrity checking of
6 block devices using a cryptographic digest provided by the kernel crypto API.
7 This target is read-only.
21     This is the type of the on-disk hash format.
25       the rest of the block is padded with zeroes.
40     dm-verity device.
43     The block size on a data device in bytes.
44     Each block corresponds to one digest on the hash device.
47     The size of a hash block in bytes.
55     This is the offset, in <hash_block_size>-blocks, from the start of hash_dev
56     to the root block of the hash tree.
63     The hexadecimal encoding of the cryptographic hash of the root hash block
82     Restart the system when a corrupted block is discovered. This option is
87     Panic the device when a corrupted block is discovered. This option is
104     Note: block sizes for data and hash devices must match. Also, if the
110     is M-N.
113     The number of encoding data blocks on the FEC device. The block size for
122     rather than every time.  This reduces the overhead of dm-verity so that it
129     blocks, and a hash block will not be verified any more after all the data
135     the root hash during the creation of the device mapper block device.
145     If verity hashes are in cache and the IO size does not exceed the limit,
147     reduce IO latency. The size limits can be configured via
158 dm-verity is meant to be set up as part of a verified boot path.  This
160 booting from a known-good device (like a USB drive or CD).
162 When a dm-verity device is configured, it is expected that the caller
164 After instantiation, all hashes will be verified on-demand during
166 tree, the root hash, then the I/O will fail.  This should detect
170 per-block basis. This allows for a lightweight hash computation on first read
171 into the page cache. Block hashes are stored linearly, aligned to the nearest
172 block size.
180 ---------
183 of some data block on disk is calculated. If it is an intermediary node,
187 block.  The number is determined based on block_size and the size of the
188 selected cryptographic digest algorithm.  The hashes are linearly-ordered in
207 On-disk format
210 The verity kernel code does not read the verity metadata on-disk header.
212 It is expected that a user-space tool will verify the integrity of the
216 be passed via the kernel command-line in a rooted chain of trust where
217 the command-line is verified.
220 block boundary) are the hash blocks which are stored a depth at a time
223 The full specification of kernel parameters and on-disk metadata format
237   # dmsetup create vroot --readonly --table \