~ [ source navigation ] ~ [ diff markup ] ~ [ identifier search ] ~

TOMOYO Linux Cross Reference
Linux/Documentation/admin-guide/device-mapper/verity.rst

Version: ~ [ linux-6.12-rc7 ] ~ [ linux-6.11.7 ] ~ [ linux-6.10.14 ] ~ [ linux-6.9.12 ] ~ [ linux-6.8.12 ] ~ [ linux-6.7.12 ] ~ [ linux-6.6.60 ] ~ [ linux-6.5.13 ] ~ [ linux-6.4.16 ] ~ [ linux-6.3.13 ] ~ [ linux-6.2.16 ] ~ [ linux-6.1.116 ] ~ [ linux-6.0.19 ] ~ [ linux-5.19.17 ] ~ [ linux-5.18.19 ] ~ [ linux-5.17.15 ] ~ [ linux-5.16.20 ] ~ [ linux-5.15.171 ] ~ [ linux-5.14.21 ] ~ [ linux-5.13.19 ] ~ [ linux-5.12.19 ] ~ [ linux-5.11.22 ] ~ [ linux-5.10.229 ] ~ [ linux-5.9.16 ] ~ [ linux-5.8.18 ] ~ [ linux-5.7.19 ] ~ [ linux-5.6.19 ] ~ [ linux-5.5.19 ] ~ [ linux-5.4.285 ] ~ [ linux-5.3.18 ] ~ [ linux-5.2.21 ] ~ [ linux-5.1.21 ] ~ [ linux-5.0.21 ] ~ [ linux-4.20.17 ] ~ [ linux-4.19.323 ] ~ [ linux-4.18.20 ] ~ [ linux-4.17.19 ] ~ [ linux-4.16.18 ] ~ [ linux-4.15.18 ] ~ [ linux-4.14.336 ] ~ [ linux-4.13.16 ] ~ [ linux-4.12.14 ] ~ [ linux-4.11.12 ] ~ [ linux-4.10.17 ] ~ [ linux-4.9.337 ] ~ [ linux-4.4.302 ] ~ [ linux-3.10.108 ] ~ [ linux-2.6.32.71 ] ~ [ linux-2.6.0 ] ~ [ linux-2.4.37.11 ] ~ [ unix-v6-master ] ~ [ ccs-tools-1.8.12 ] ~ [ policy-sample ] ~
Architecture: ~ [ i386 ] ~ [ alpha ] ~ [ m68k ] ~ [ mips ] ~ [ ppc ] ~ [ sparc ] ~ [ sparc64 ] ~

Diff markup

Differences between /Documentation/admin-guide/device-mapper/verity.rst (Version linux-6.12-rc7) and /Documentation/admin-guide/device-mapper/verity.rst (Version linux-6.1.116)


  1 =========                                           1 =========
  2 dm-verity                                           2 dm-verity
  3 =========                                           3 =========
  4                                                     4 
  5 Device-Mapper's "verity" target provides trans      5 Device-Mapper's "verity" target provides transparent integrity checking of
  6 block devices using a cryptographic digest pro      6 block devices using a cryptographic digest provided by the kernel crypto API.
  7 This target is read-only.                           7 This target is read-only.
  8                                                     8 
  9 Construction Parameters                             9 Construction Parameters
 10 =======================                            10 =======================
 11                                                    11 
 12 ::                                                 12 ::
 13                                                    13 
 14     <version> <dev> <hash_dev>                     14     <version> <dev> <hash_dev>
 15     <data_block_size> <hash_block_size>            15     <data_block_size> <hash_block_size>
 16     <num_data_blocks> <hash_start_block>           16     <num_data_blocks> <hash_start_block>
 17     <algorithm> <digest> <salt>                    17     <algorithm> <digest> <salt>
 18     [<#opt_params> <opt_params>]                   18     [<#opt_params> <opt_params>]
 19                                                    19 
 20 <version>                                          20 <version>
 21     This is the type of the on-disk hash forma     21     This is the type of the on-disk hash format.
 22                                                    22 
 23     0 is the original format used in the Chrom     23     0 is the original format used in the Chromium OS.
 24       The salt is appended when hashing, diges     24       The salt is appended when hashing, digests are stored continuously and
 25       the rest of the block is padded with zer     25       the rest of the block is padded with zeroes.
 26                                                    26 
 27     1 is the current format that should be use     27     1 is the current format that should be used for new devices.
 28       The salt is prepended when hashing and e     28       The salt is prepended when hashing and each digest is
 29       padded with zeroes to the power of two.      29       padded with zeroes to the power of two.
 30                                                    30 
 31 <dev>                                              31 <dev>
 32     This is the device containing data, the in     32     This is the device containing data, the integrity of which needs to be
 33     checked.  It may be specified as a path, l     33     checked.  It may be specified as a path, like /dev/sdaX, or a device number,
 34     <major>:<minor>.                               34     <major>:<minor>.
 35                                                    35 
 36 <hash_dev>                                         36 <hash_dev>
 37     This is the device that supplies the hash      37     This is the device that supplies the hash tree data.  It may be
 38     specified similarly to the device path and     38     specified similarly to the device path and may be the same device.  If the
 39     same device is used, the hash_start should     39     same device is used, the hash_start should be outside the configured
 40     dm-verity device.                              40     dm-verity device.
 41                                                    41 
 42 <data_block_size>                                  42 <data_block_size>
 43     The block size on a data device in bytes.      43     The block size on a data device in bytes.
 44     Each block corresponds to one digest on th     44     Each block corresponds to one digest on the hash device.
 45                                                    45 
 46 <hash_block_size>                                  46 <hash_block_size>
 47     The size of a hash block in bytes.             47     The size of a hash block in bytes.
 48                                                    48 
 49 <num_data_blocks>                                  49 <num_data_blocks>
 50     The number of data blocks on the data devi     50     The number of data blocks on the data device.  Additional blocks are
 51     inaccessible.  You can place hashes to the     51     inaccessible.  You can place hashes to the same partition as data, in this
 52     case hashes are placed after <num_data_blo     52     case hashes are placed after <num_data_blocks>.
 53                                                    53 
 54 <hash_start_block>                                 54 <hash_start_block>
 55     This is the offset, in <hash_block_size>-b     55     This is the offset, in <hash_block_size>-blocks, from the start of hash_dev
 56     to the root block of the hash tree.            56     to the root block of the hash tree.
 57                                                    57 
 58 <algorithm>                                        58 <algorithm>
 59     The cryptographic hash algorithm used for      59     The cryptographic hash algorithm used for this device.  This should
 60     be the name of the algorithm, like "sha1".     60     be the name of the algorithm, like "sha1".
 61                                                    61 
 62 <digest>                                           62 <digest>
 63     The hexadecimal encoding of the cryptograp     63     The hexadecimal encoding of the cryptographic hash of the root hash block
 64     and the salt.  This hash should be trusted     64     and the salt.  This hash should be trusted as there is no other authenticity
 65     beyond this point.                             65     beyond this point.
 66                                                    66 
 67 <salt>                                             67 <salt>
 68     The hexadecimal encoding of the salt value     68     The hexadecimal encoding of the salt value.
 69                                                    69 
 70 <#opt_params>                                      70 <#opt_params>
 71     Number of optional parameters. If there ar     71     Number of optional parameters. If there are no optional parameters,
 72     the optional parameters section can be ski     72     the optional parameters section can be skipped or #opt_params can be zero.
 73     Otherwise #opt_params is the number of fol     73     Otherwise #opt_params is the number of following arguments.
 74                                                    74 
 75     Example of optional parameters section:        75     Example of optional parameters section:
 76         1 ignore_corruption                        76         1 ignore_corruption
 77                                                    77 
 78 ignore_corruption                                  78 ignore_corruption
 79     Log corrupted blocks, but allow read opera     79     Log corrupted blocks, but allow read operations to proceed normally.
 80                                                    80 
 81 restart_on_corruption                              81 restart_on_corruption
 82     Restart the system when a corrupted block      82     Restart the system when a corrupted block is discovered. This option is
 83     not compatible with ignore_corruption and      83     not compatible with ignore_corruption and requires user space support to
 84     avoid restart loops.                           84     avoid restart loops.
 85                                                    85 
 86 panic_on_corruption                                86 panic_on_corruption
 87     Panic the device when a corrupted block is     87     Panic the device when a corrupted block is discovered. This option is
 88     not compatible with ignore_corruption and      88     not compatible with ignore_corruption and restart_on_corruption.
 89                                                    89 
 90 ignore_zero_blocks                                 90 ignore_zero_blocks
 91     Do not verify blocks that are expected to      91     Do not verify blocks that are expected to contain zeroes and always return
 92     zeroes instead. This may be useful if the      92     zeroes instead. This may be useful if the partition contains unused blocks
 93     that are not guaranteed to contain zeroes.     93     that are not guaranteed to contain zeroes.
 94                                                    94 
 95 use_fec_from_device <fec_dev>                      95 use_fec_from_device <fec_dev>
 96     Use forward error correction (FEC) to reco     96     Use forward error correction (FEC) to recover from corruption if hash
 97     verification fails. Use encoding data from     97     verification fails. Use encoding data from the specified device. This
 98     may be the same device where data and hash     98     may be the same device where data and hash blocks reside, in which case
 99     fec_start must be outside data and hash ar     99     fec_start must be outside data and hash areas.
100                                                   100 
101     If the encoding data covers additional met    101     If the encoding data covers additional metadata, it must be accessible
102     on the hash device after the hash blocks.     102     on the hash device after the hash blocks.
103                                                   103 
104     Note: block sizes for data and hash device    104     Note: block sizes for data and hash devices must match. Also, if the
105     verity <dev> is encrypted the <fec_dev> sh    105     verity <dev> is encrypted the <fec_dev> should be too.
106                                                   106 
107 fec_roots <num>                                   107 fec_roots <num>
108     Number of generator roots. This equals to     108     Number of generator roots. This equals to the number of parity bytes in
109     the encoding data. For example, in RS(M, N    109     the encoding data. For example, in RS(M, N) encoding, the number of roots
110     is M-N.                                       110     is M-N.
111                                                   111 
112 fec_blocks <num>                                  112 fec_blocks <num>
113     The number of encoding data blocks on the     113     The number of encoding data blocks on the FEC device. The block size for
114     the FEC device is <data_block_size>.          114     the FEC device is <data_block_size>.
115                                                   115 
116 fec_start <offset>                                116 fec_start <offset>
117     This is the offset, in <data_block_size> b    117     This is the offset, in <data_block_size> blocks, from the start of the
118     FEC device to the beginning of the encodin    118     FEC device to the beginning of the encoding data.
119                                                   119 
120 check_at_most_once                                120 check_at_most_once
121     Verify data blocks only the first time the    121     Verify data blocks only the first time they are read from the data device,
122     rather than every time.  This reduces the     122     rather than every time.  This reduces the overhead of dm-verity so that it
123     can be used on systems that are memory and    123     can be used on systems that are memory and/or CPU constrained.  However, it
124     provides a reduced level of security becau    124     provides a reduced level of security because only offline tampering of the
125     data device's content will be detected, no    125     data device's content will be detected, not online tampering.
126                                                   126 
127     Hash blocks are still verified each time t    127     Hash blocks are still verified each time they are read from the hash device,
128     since verification of hash blocks is less     128     since verification of hash blocks is less performance critical than data
129     blocks, and a hash block will not be verif    129     blocks, and a hash block will not be verified any more after all the data
130     blocks it covers have been verified anyway    130     blocks it covers have been verified anyway.
131                                                   131 
132 root_hash_sig_key_desc <key_description>          132 root_hash_sig_key_desc <key_description>
133     This is the description of the USER_KEY th    133     This is the description of the USER_KEY that the kernel will lookup to get
134     the pkcs7 signature of the roothash. The p    134     the pkcs7 signature of the roothash. The pkcs7 signature is used to validate
135     the root hash during the creation of the d    135     the root hash during the creation of the device mapper block device.
136     Verification of roothash depends on the co    136     Verification of roothash depends on the config DM_VERITY_VERIFY_ROOTHASH_SIG
137     being set in the kernel.  The signatures a    137     being set in the kernel.  The signatures are checked against the builtin
138     trusted keyring by default, or the seconda    138     trusted keyring by default, or the secondary trusted keyring if
139     DM_VERITY_VERIFY_ROOTHASH_SIG_SECONDARY_KE    139     DM_VERITY_VERIFY_ROOTHASH_SIG_SECONDARY_KEYRING is set.  The secondary
140     trusted keyring includes by default the bu    140     trusted keyring includes by default the builtin trusted keyring, and it can
141     also gain new certificates at run time if     141     also gain new certificates at run time if they are signed by a certificate
142     already in the secondary trusted keyring.     142     already in the secondary trusted keyring.
143                                                   143 
144 try_verify_in_tasklet                             144 try_verify_in_tasklet
145     If verity hashes are in cache, verify data    145     If verity hashes are in cache, verify data blocks in kernel tasklet instead
146     of workqueue. This option can reduce IO la    146     of workqueue. This option can reduce IO latency.
147                                                   147 
148 Theory of operation                               148 Theory of operation
149 ===================                               149 ===================
150                                                   150 
151 dm-verity is meant to be set up as part of a v    151 dm-verity is meant to be set up as part of a verified boot path.  This
152 may be anything ranging from a boot using tboo    152 may be anything ranging from a boot using tboot or trustedgrub to just
153 booting from a known-good device (like a USB d    153 booting from a known-good device (like a USB drive or CD).
154                                                   154 
155 When a dm-verity device is configured, it is e    155 When a dm-verity device is configured, it is expected that the caller
156 has been authenticated in some way (cryptograp    156 has been authenticated in some way (cryptographic signatures, etc).
157 After instantiation, all hashes will be verifi    157 After instantiation, all hashes will be verified on-demand during
158 disk access.  If they cannot be verified up to    158 disk access.  If they cannot be verified up to the root node of the
159 tree, the root hash, then the I/O will fail.      159 tree, the root hash, then the I/O will fail.  This should detect
160 tampering with any data on the device and the     160 tampering with any data on the device and the hash data.
161                                                   161 
162 Cryptographic hashes are used to assert the in    162 Cryptographic hashes are used to assert the integrity of the device on a
163 per-block basis. This allows for a lightweight    163 per-block basis. This allows for a lightweight hash computation on first read
164 into the page cache. Block hashes are stored l    164 into the page cache. Block hashes are stored linearly, aligned to the nearest
165 block size.                                       165 block size.
166                                                   166 
167 If forward error correction (FEC) support is e    167 If forward error correction (FEC) support is enabled any recovery of
168 corrupted data will be verified using the cryp    168 corrupted data will be verified using the cryptographic hash of the
169 corresponding data. This is why combining erro    169 corresponding data. This is why combining error correction with
170 integrity checking is essential.                  170 integrity checking is essential.
171                                                   171 
172 Hash Tree                                         172 Hash Tree
173 ---------                                         173 ---------
174                                                   174 
175 Each node in the tree is a cryptographic hash.    175 Each node in the tree is a cryptographic hash.  If it is a leaf node, the hash
176 of some data block on disk is calculated. If i    176 of some data block on disk is calculated. If it is an intermediary node,
177 the hash of a number of child nodes is calcula    177 the hash of a number of child nodes is calculated.
178                                                   178 
179 Each entry in the tree is a collection of neig    179 Each entry in the tree is a collection of neighboring nodes that fit in one
180 block.  The number is determined based on bloc    180 block.  The number is determined based on block_size and the size of the
181 selected cryptographic digest algorithm.  The     181 selected cryptographic digest algorithm.  The hashes are linearly-ordered in
182 this entry and any unaligned trailing space is    182 this entry and any unaligned trailing space is ignored but included when
183 calculating the parent node.                      183 calculating the parent node.
184                                                   184 
185 The tree looks something like:                    185 The tree looks something like:
186                                                   186 
187         alg = sha256, num_blocks = 32768, bloc    187         alg = sha256, num_blocks = 32768, block_size = 4096
188                                                   188 
189 ::                                                189 ::
190                                                   190 
191                                  [   root    ]    191                                  [   root    ]
192                                 /    . . .        192                                 /    . . .    \
193                      [entry_0]                    193                      [entry_0]                 [entry_1]
194                     /  . . .  \                   194                     /  . . .  \                 . . .   \
195          [entry_0_0]   . . .  [entry_0_127]       195          [entry_0_0]   . . .  [entry_0_127]    . . . .  [entry_1_127]
196            / ... \             /   . . .  \       196            / ... \             /   . . .  \             /           \
197      blk_0 ... blk_127  blk_16256   blk_16383     197      blk_0 ... blk_127  blk_16256   blk_16383      blk_32640 . . . blk_32767
198                                                   198 
199                                                   199 
200 On-disk format                                    200 On-disk format
201 ==============                                    201 ==============
202                                                   202 
203 The verity kernel code does not read the verit    203 The verity kernel code does not read the verity metadata on-disk header.
204 It only reads the hash blocks which directly f    204 It only reads the hash blocks which directly follow the header.
205 It is expected that a user-space tool will ver    205 It is expected that a user-space tool will verify the integrity of the
206 verity header.                                    206 verity header.
207                                                   207 
208 Alternatively, the header can be omitted and t    208 Alternatively, the header can be omitted and the dmsetup parameters can
209 be passed via the kernel command-line in a roo    209 be passed via the kernel command-line in a rooted chain of trust where
210 the command-line is verified.                     210 the command-line is verified.
211                                                   211 
212 Directly following the header (and with sector    212 Directly following the header (and with sector number padded to the next hash
213 block boundary) are the hash blocks which are     213 block boundary) are the hash blocks which are stored a depth at a time
214 (starting from the root), sorted in order of i    214 (starting from the root), sorted in order of increasing index.
215                                                   215 
216 The full specification of kernel parameters an    216 The full specification of kernel parameters and on-disk metadata format
217 is available at the cryptsetup project's wiki     217 is available at the cryptsetup project's wiki page
218                                                   218 
219   https://gitlab.com/cryptsetup/cryptsetup/wik    219   https://gitlab.com/cryptsetup/cryptsetup/wikis/DMVerity
220                                                   220 
221 Status                                            221 Status
222 ======                                            222 ======
223 V (for Valid) is returned if every check perfo    223 V (for Valid) is returned if every check performed so far was valid.
224 If any check failed, C (for Corruption) is ret    224 If any check failed, C (for Corruption) is returned.
225                                                   225 
226 Example                                           226 Example
227 =======                                           227 =======
228 Set up a device::                                 228 Set up a device::
229                                                   229 
230   # dmsetup create vroot --readonly --table \     230   # dmsetup create vroot --readonly --table \
231     "0 2097152 verity 1 /dev/sda1 /dev/sda2 40    231     "0 2097152 verity 1 /dev/sda1 /dev/sda2 4096 4096 262144 1 sha256 "\
232     "4392712ba01368efdf14b05c76f9e4df0d5366463    232     "4392712ba01368efdf14b05c76f9e4df0d53664630b5d48632ed17a137f39076 "\
233     "12340000000000000000000000000000000000000    233     "1234000000000000000000000000000000000000000000000000000000000000"
234                                                   234 
235 A command line tool veritysetup is available t    235 A command line tool veritysetup is available to compute or verify
236 the hash tree or activate the kernel device. T    236 the hash tree or activate the kernel device. This is available from
237 the cryptsetup upstream repository https://git    237 the cryptsetup upstream repository https://gitlab.com/cryptsetup/cryptsetup/
238 (as a libcryptsetup extension).                   238 (as a libcryptsetup extension).
239                                                   239 
240 Create hash on the device::                       240 Create hash on the device::
241                                                   241 
242   # veritysetup format /dev/sda1 /dev/sda2        242   # veritysetup format /dev/sda1 /dev/sda2
243   ...                                             243   ...
244   Root hash: 4392712ba01368efdf14b05c76f9e4df0    244   Root hash: 4392712ba01368efdf14b05c76f9e4df0d53664630b5d48632ed17a137f39076
245                                                   245 
246 Activate the device::                             246 Activate the device::
247                                                   247 
248   # veritysetup create vroot /dev/sda1 /dev/sd    248   # veritysetup create vroot /dev/sda1 /dev/sda2 \
249     4392712ba01368efdf14b05c76f9e4df0d53664630    249     4392712ba01368efdf14b05c76f9e4df0d53664630b5d48632ed17a137f39076
                                                      

~ [ source navigation ] ~ [ diff markup ] ~ [ identifier search ] ~

kernel.org | git.kernel.org | LWN.net | Project Home | SVN repository | Mail admin

Linux® is a registered trademark of Linus Torvalds in the United States and other countries.
TOMOYO® is a registered trademark of NTT DATA CORPORATION.

sflogo.php