Loading Documentation/device-mapper/verity.txt +38 −2 Original line number Diff line number Diff line Loading @@ -17,11 +17,11 @@ Construction Parameters 0 is the original format used in the Chromium OS. The salt is appended when hashing, digests are stored continuously and the rest of the block is padded with zeros. the rest of the block is padded with zeroes. 1 is the current format that should be used for new devices. The salt is prepended when hashing and each digest is padded with zeros to the power of two. padded with zeroes to the power of two. <dev> This is the device containing data, the integrity of which needs to be Loading Loading @@ -72,6 +72,37 @@ Construction Parameters notify user space. ignore_zero_blocks Do not verify blocks that are expected to contain zeroes and always return zeroes instead. This may be useful if the partition contains unused blocks that are not guaranteed to contain zeroes. use_fec_from_device <fec_dev> Use forward error correction (FEC) to recover from corruption if hash verification fails. Use encoding data from the specified device. This may be the same device where data and hash blocks reside, in which case fec_start must be outside data and hash areas. If the encoding data covers additional metadata, it must be accessible on the hash device after the hash blocks. Note: block sizes for data and hash devices must match. Also, if the verity <dev> is encrypted the <fec_dev> should be too. fec_roots <num> Number of generator roots. This equals to the number of parity bytes in the encoding data. For example, in RS(M, N) encoding, the number of roots is M-N. fec_blocks <num> The number of encoding data blocks on the FEC device. The block size for the FEC device is <data_block_size>. fec_start <offset> This is the offset, in <data_block_size> blocks, from the start of the FEC device to the beginning of the encoding data. Theory of operation =================== Loading @@ -91,6 +122,11 @@ per-block basis. This allows for a lightweight hash computation on first read into the page cache. Block hashes are stored linearly, aligned to the nearest block size. If forward error correction (FEC) support is enabled any recovery of corrupted data will be verified using the cryptographic hash of the corresponding data. This is why combining error correction with integrity checking is essential. Hash Tree --------- Loading arch/arm/configs/msm8909-perf_defconfig +1 −0 Original line number Diff line number Diff line Loading @@ -216,6 +216,7 @@ CONFIG_SCSI_SCAN_ASYNC=y CONFIG_MD=y CONFIG_BLK_DEV_DM=y CONFIG_DM_VERITY=y CONFIG_DM_VERITY_FEC=y CONFIG_NETDEVICES=y CONFIG_DUMMY=y CONFIG_TUN=y Loading arch/arm/configs/msm8909_defconfig +1 −0 Original line number Diff line number Diff line Loading @@ -220,6 +220,7 @@ CONFIG_SCSI_SCAN_ASYNC=y CONFIG_MD=y CONFIG_BLK_DEV_DM=y CONFIG_DM_VERITY=y CONFIG_DM_VERITY_FEC=y CONFIG_NETDEVICES=y CONFIG_DUMMY=y CONFIG_TUN=y Loading arch/arm/configs/msm8909w-1gb-perf_defconfig +1 −0 Original line number Diff line number Diff line Loading @@ -221,6 +221,7 @@ CONFIG_SCSI_SCAN_ASYNC=y CONFIG_MD=y CONFIG_BLK_DEV_DM=y CONFIG_DM_VERITY=y CONFIG_DM_VERITY_FEC=y CONFIG_NETDEVICES=y CONFIG_DUMMY=y CONFIG_IFB=y Loading arch/arm/configs/msm8909w-1gb_defconfig +1 −0 Original line number Diff line number Diff line Loading @@ -223,6 +223,7 @@ CONFIG_SCSI_SCAN_ASYNC=y CONFIG_MD=y CONFIG_BLK_DEV_DM=y CONFIG_DM_VERITY=y CONFIG_DM_VERITY_FEC=y CONFIG_NETDEVICES=y CONFIG_DUMMY=y CONFIG_IFB=y Loading Loading
Documentation/device-mapper/verity.txt +38 −2 Original line number Diff line number Diff line Loading @@ -17,11 +17,11 @@ Construction Parameters 0 is the original format used in the Chromium OS. The salt is appended when hashing, digests are stored continuously and the rest of the block is padded with zeros. the rest of the block is padded with zeroes. 1 is the current format that should be used for new devices. The salt is prepended when hashing and each digest is padded with zeros to the power of two. padded with zeroes to the power of two. <dev> This is the device containing data, the integrity of which needs to be Loading Loading @@ -72,6 +72,37 @@ Construction Parameters notify user space. ignore_zero_blocks Do not verify blocks that are expected to contain zeroes and always return zeroes instead. This may be useful if the partition contains unused blocks that are not guaranteed to contain zeroes. use_fec_from_device <fec_dev> Use forward error correction (FEC) to recover from corruption if hash verification fails. Use encoding data from the specified device. This may be the same device where data and hash blocks reside, in which case fec_start must be outside data and hash areas. If the encoding data covers additional metadata, it must be accessible on the hash device after the hash blocks. Note: block sizes for data and hash devices must match. Also, if the verity <dev> is encrypted the <fec_dev> should be too. fec_roots <num> Number of generator roots. This equals to the number of parity bytes in the encoding data. For example, in RS(M, N) encoding, the number of roots is M-N. fec_blocks <num> The number of encoding data blocks on the FEC device. The block size for the FEC device is <data_block_size>. fec_start <offset> This is the offset, in <data_block_size> blocks, from the start of the FEC device to the beginning of the encoding data. Theory of operation =================== Loading @@ -91,6 +122,11 @@ per-block basis. This allows for a lightweight hash computation on first read into the page cache. Block hashes are stored linearly, aligned to the nearest block size. If forward error correction (FEC) support is enabled any recovery of corrupted data will be verified using the cryptographic hash of the corresponding data. This is why combining error correction with integrity checking is essential. Hash Tree --------- Loading
arch/arm/configs/msm8909-perf_defconfig +1 −0 Original line number Diff line number Diff line Loading @@ -216,6 +216,7 @@ CONFIG_SCSI_SCAN_ASYNC=y CONFIG_MD=y CONFIG_BLK_DEV_DM=y CONFIG_DM_VERITY=y CONFIG_DM_VERITY_FEC=y CONFIG_NETDEVICES=y CONFIG_DUMMY=y CONFIG_TUN=y Loading
arch/arm/configs/msm8909_defconfig +1 −0 Original line number Diff line number Diff line Loading @@ -220,6 +220,7 @@ CONFIG_SCSI_SCAN_ASYNC=y CONFIG_MD=y CONFIG_BLK_DEV_DM=y CONFIG_DM_VERITY=y CONFIG_DM_VERITY_FEC=y CONFIG_NETDEVICES=y CONFIG_DUMMY=y CONFIG_TUN=y Loading
arch/arm/configs/msm8909w-1gb-perf_defconfig +1 −0 Original line number Diff line number Diff line Loading @@ -221,6 +221,7 @@ CONFIG_SCSI_SCAN_ASYNC=y CONFIG_MD=y CONFIG_BLK_DEV_DM=y CONFIG_DM_VERITY=y CONFIG_DM_VERITY_FEC=y CONFIG_NETDEVICES=y CONFIG_DUMMY=y CONFIG_IFB=y Loading
arch/arm/configs/msm8909w-1gb_defconfig +1 −0 Original line number Diff line number Diff line Loading @@ -223,6 +223,7 @@ CONFIG_SCSI_SCAN_ASYNC=y CONFIG_MD=y CONFIG_BLK_DEV_DM=y CONFIG_DM_VERITY=y CONFIG_DM_VERITY_FEC=y CONFIG_NETDEVICES=y CONFIG_DUMMY=y CONFIG_IFB=y Loading
