~ [ source navigation ] ~ [ diff markup ] ~ [ identifier search ] ~

TOMOYO Linux Cross Reference
Linux/Documentation/admin-guide/device-mapper/verity.rst

Version: ~ [ linux-6.12-rc7 ] ~ [ linux-6.11.7 ] ~ [ linux-6.10.14 ] ~ [ linux-6.9.12 ] ~ [ linux-6.8.12 ] ~ [ linux-6.7.12 ] ~ [ linux-6.6.60 ] ~ [ linux-6.5.13 ] ~ [ linux-6.4.16 ] ~ [ linux-6.3.13 ] ~ [ linux-6.2.16 ] ~ [ linux-6.1.116 ] ~ [ linux-6.0.19 ] ~ [ linux-5.19.17 ] ~ [ linux-5.18.19 ] ~ [ linux-5.17.15 ] ~ [ linux-5.16.20 ] ~ [ linux-5.15.171 ] ~ [ linux-5.14.21 ] ~ [ linux-5.13.19 ] ~ [ linux-5.12.19 ] ~ [ linux-5.11.22 ] ~ [ linux-5.10.229 ] ~ [ linux-5.9.16 ] ~ [ linux-5.8.18 ] ~ [ linux-5.7.19 ] ~ [ linux-5.6.19 ] ~ [ linux-5.5.19 ] ~ [ linux-5.4.285 ] ~ [ linux-5.3.18 ] ~ [ linux-5.2.21 ] ~ [ linux-5.1.21 ] ~ [ linux-5.0.21 ] ~ [ linux-4.20.17 ] ~ [ linux-4.19.323 ] ~ [ linux-4.18.20 ] ~ [ linux-4.17.19 ] ~ [ linux-4.16.18 ] ~ [ linux-4.15.18 ] ~ [ linux-4.14.336 ] ~ [ linux-4.13.16 ] ~ [ linux-4.12.14 ] ~ [ linux-4.11.12 ] ~ [ linux-4.10.17 ] ~ [ linux-4.9.337 ] ~ [ linux-4.4.302 ] ~ [ linux-3.10.108 ] ~ [ linux-2.6.32.71 ] ~ [ linux-2.6.0 ] ~ [ linux-2.4.37.11 ] ~ [ unix-v6-master ] ~ [ ccs-tools-1.8.12 ] ~ [ policy-sample ] ~
Architecture: ~ [ i386 ] ~ [ alpha ] ~ [ m68k ] ~ [ mips ] ~ [ ppc ] ~ [ sparc ] ~ [ sparc64 ] ~

Diff markup

Differences between /Documentation/admin-guide/device-mapper/verity.rst (Version linux-6.12-rc7) and /Documentation/admin-guide/device-mapper/verity.rst (Version linux-5.6.19)


  1 =========                                           1 =========
  2 dm-verity                                           2 dm-verity
  3 =========                                           3 =========
  4                                                     4 
  5 Device-Mapper's "verity" target provides trans      5 Device-Mapper's "verity" target provides transparent integrity checking of
  6 block devices using a cryptographic digest pro      6 block devices using a cryptographic digest provided by the kernel crypto API.
  7 This target is read-only.                           7 This target is read-only.
  8                                                     8 
  9 Construction Parameters                             9 Construction Parameters
 10 =======================                            10 =======================
 11                                                    11 
 12 ::                                                 12 ::
 13                                                    13 
 14     <version> <dev> <hash_dev>                     14     <version> <dev> <hash_dev>
 15     <data_block_size> <hash_block_size>            15     <data_block_size> <hash_block_size>
 16     <num_data_blocks> <hash_start_block>           16     <num_data_blocks> <hash_start_block>
 17     <algorithm> <digest> <salt>                    17     <algorithm> <digest> <salt>
 18     [<#opt_params> <opt_params>]                   18     [<#opt_params> <opt_params>]
 19                                                    19 
 20 <version>                                          20 <version>
 21     This is the type of the on-disk hash forma     21     This is the type of the on-disk hash format.
 22                                                    22 
 23     0 is the original format used in the Chrom     23     0 is the original format used in the Chromium OS.
 24       The salt is appended when hashing, diges     24       The salt is appended when hashing, digests are stored continuously and
 25       the rest of the block is padded with zer     25       the rest of the block is padded with zeroes.
 26                                                    26 
 27     1 is the current format that should be use     27     1 is the current format that should be used for new devices.
 28       The salt is prepended when hashing and e     28       The salt is prepended when hashing and each digest is
 29       padded with zeroes to the power of two.      29       padded with zeroes to the power of two.
 30                                                    30 
 31 <dev>                                              31 <dev>
 32     This is the device containing data, the in     32     This is the device containing data, the integrity of which needs to be
 33     checked.  It may be specified as a path, l     33     checked.  It may be specified as a path, like /dev/sdaX, or a device number,
 34     <major>:<minor>.                               34     <major>:<minor>.
 35                                                    35 
 36 <hash_dev>                                         36 <hash_dev>
 37     This is the device that supplies the hash      37     This is the device that supplies the hash tree data.  It may be
 38     specified similarly to the device path and     38     specified similarly to the device path and may be the same device.  If the
 39     same device is used, the hash_start should     39     same device is used, the hash_start should be outside the configured
 40     dm-verity device.                              40     dm-verity device.
 41                                                    41 
 42 <data_block_size>                                  42 <data_block_size>
 43     The block size on a data device in bytes.      43     The block size on a data device in bytes.
 44     Each block corresponds to one digest on th     44     Each block corresponds to one digest on the hash device.
 45                                                    45 
 46 <hash_block_size>                                  46 <hash_block_size>
 47     The size of a hash block in bytes.             47     The size of a hash block in bytes.
 48                                                    48 
 49 <num_data_blocks>                                  49 <num_data_blocks>
 50     The number of data blocks on the data devi     50     The number of data blocks on the data device.  Additional blocks are
 51     inaccessible.  You can place hashes to the     51     inaccessible.  You can place hashes to the same partition as data, in this
 52     case hashes are placed after <num_data_blo     52     case hashes are placed after <num_data_blocks>.
 53                                                    53 
 54 <hash_start_block>                                 54 <hash_start_block>
 55     This is the offset, in <hash_block_size>-b     55     This is the offset, in <hash_block_size>-blocks, from the start of hash_dev
 56     to the root block of the hash tree.            56     to the root block of the hash tree.
 57                                                    57 
 58 <algorithm>                                        58 <algorithm>
 59     The cryptographic hash algorithm used for      59     The cryptographic hash algorithm used for this device.  This should
 60     be the name of the algorithm, like "sha1".     60     be the name of the algorithm, like "sha1".
 61                                                    61 
 62 <digest>                                           62 <digest>
 63     The hexadecimal encoding of the cryptograp     63     The hexadecimal encoding of the cryptographic hash of the root hash block
 64     and the salt.  This hash should be trusted     64     and the salt.  This hash should be trusted as there is no other authenticity
 65     beyond this point.                             65     beyond this point.
 66                                                    66 
 67 <salt>                                             67 <salt>
 68     The hexadecimal encoding of the salt value     68     The hexadecimal encoding of the salt value.
 69                                                    69 
 70 <#opt_params>                                      70 <#opt_params>
 71     Number of optional parameters. If there ar     71     Number of optional parameters. If there are no optional parameters,
 72     the optional parameters section can be ski !!  72     the optional paramaters section can be skipped or #opt_params can be zero.
 73     Otherwise #opt_params is the number of fol     73     Otherwise #opt_params is the number of following arguments.
 74                                                    74 
 75     Example of optional parameters section:        75     Example of optional parameters section:
 76         1 ignore_corruption                        76         1 ignore_corruption
 77                                                    77 
 78 ignore_corruption                                  78 ignore_corruption
 79     Log corrupted blocks, but allow read opera     79     Log corrupted blocks, but allow read operations to proceed normally.
 80                                                    80 
 81 restart_on_corruption                              81 restart_on_corruption
 82     Restart the system when a corrupted block      82     Restart the system when a corrupted block is discovered. This option is
 83     not compatible with ignore_corruption and      83     not compatible with ignore_corruption and requires user space support to
 84     avoid restart loops.                           84     avoid restart loops.
 85                                                    85 
 86 panic_on_corruption                            << 
 87     Panic the device when a corrupted block is << 
 88     not compatible with ignore_corruption and  << 
 89                                                << 
 90 ignore_zero_blocks                                 86 ignore_zero_blocks
 91     Do not verify blocks that are expected to      87     Do not verify blocks that are expected to contain zeroes and always return
 92     zeroes instead. This may be useful if the      88     zeroes instead. This may be useful if the partition contains unused blocks
 93     that are not guaranteed to contain zeroes.     89     that are not guaranteed to contain zeroes.
 94                                                    90 
 95 use_fec_from_device <fec_dev>                      91 use_fec_from_device <fec_dev>
 96     Use forward error correction (FEC) to reco     92     Use forward error correction (FEC) to recover from corruption if hash
 97     verification fails. Use encoding data from     93     verification fails. Use encoding data from the specified device. This
 98     may be the same device where data and hash     94     may be the same device where data and hash blocks reside, in which case
 99     fec_start must be outside data and hash ar     95     fec_start must be outside data and hash areas.
100                                                    96 
101     If the encoding data covers additional met     97     If the encoding data covers additional metadata, it must be accessible
102     on the hash device after the hash blocks.      98     on the hash device after the hash blocks.
103                                                    99 
104     Note: block sizes for data and hash device    100     Note: block sizes for data and hash devices must match. Also, if the
105     verity <dev> is encrypted the <fec_dev> sh    101     verity <dev> is encrypted the <fec_dev> should be too.
106                                                   102 
107 fec_roots <num>                                   103 fec_roots <num>
108     Number of generator roots. This equals to     104     Number of generator roots. This equals to the number of parity bytes in
109     the encoding data. For example, in RS(M, N    105     the encoding data. For example, in RS(M, N) encoding, the number of roots
110     is M-N.                                       106     is M-N.
111                                                   107 
112 fec_blocks <num>                                  108 fec_blocks <num>
113     The number of encoding data blocks on the     109     The number of encoding data blocks on the FEC device. The block size for
114     the FEC device is <data_block_size>.          110     the FEC device is <data_block_size>.
115                                                   111 
116 fec_start <offset>                                112 fec_start <offset>
117     This is the offset, in <data_block_size> b    113     This is the offset, in <data_block_size> blocks, from the start of the
118     FEC device to the beginning of the encodin    114     FEC device to the beginning of the encoding data.
119                                                   115 
120 check_at_most_once                                116 check_at_most_once
121     Verify data blocks only the first time the    117     Verify data blocks only the first time they are read from the data device,
122     rather than every time.  This reduces the     118     rather than every time.  This reduces the overhead of dm-verity so that it
123     can be used on systems that are memory and    119     can be used on systems that are memory and/or CPU constrained.  However, it
124     provides a reduced level of security becau    120     provides a reduced level of security because only offline tampering of the
125     data device's content will be detected, no    121     data device's content will be detected, not online tampering.
126                                                   122 
127     Hash blocks are still verified each time t    123     Hash blocks are still verified each time they are read from the hash device,
128     since verification of hash blocks is less     124     since verification of hash blocks is less performance critical than data
129     blocks, and a hash block will not be verif    125     blocks, and a hash block will not be verified any more after all the data
130     blocks it covers have been verified anyway    126     blocks it covers have been verified anyway.
131                                                   127 
132 root_hash_sig_key_desc <key_description>          128 root_hash_sig_key_desc <key_description>
133     This is the description of the USER_KEY th    129     This is the description of the USER_KEY that the kernel will lookup to get
134     the pkcs7 signature of the roothash. The p    130     the pkcs7 signature of the roothash. The pkcs7 signature is used to validate
135     the root hash during the creation of the d    131     the root hash during the creation of the device mapper block device.
136     Verification of roothash depends on the co    132     Verification of roothash depends on the config DM_VERITY_VERIFY_ROOTHASH_SIG
137     being set in the kernel.  The signatures a !! 133     being set in the kernel.
138     trusted keyring by default, or the seconda << 
139     DM_VERITY_VERIFY_ROOTHASH_SIG_SECONDARY_KE << 
140     trusted keyring includes by default the bu << 
141     also gain new certificates at run time if  << 
142     already in the secondary trusted keyring.  << 
143                                                << 
144 try_verify_in_tasklet                          << 
145     If verity hashes are in cache, verify data << 
146     of workqueue. This option can reduce IO la << 
147                                                   134 
148 Theory of operation                               135 Theory of operation
149 ===================                               136 ===================
150                                                   137 
151 dm-verity is meant to be set up as part of a v    138 dm-verity is meant to be set up as part of a verified boot path.  This
152 may be anything ranging from a boot using tboo    139 may be anything ranging from a boot using tboot or trustedgrub to just
153 booting from a known-good device (like a USB d    140 booting from a known-good device (like a USB drive or CD).
154                                                   141 
155 When a dm-verity device is configured, it is e    142 When a dm-verity device is configured, it is expected that the caller
156 has been authenticated in some way (cryptograp    143 has been authenticated in some way (cryptographic signatures, etc).
157 After instantiation, all hashes will be verifi    144 After instantiation, all hashes will be verified on-demand during
158 disk access.  If they cannot be verified up to    145 disk access.  If they cannot be verified up to the root node of the
159 tree, the root hash, then the I/O will fail.      146 tree, the root hash, then the I/O will fail.  This should detect
160 tampering with any data on the device and the     147 tampering with any data on the device and the hash data.
161                                                   148 
162 Cryptographic hashes are used to assert the in    149 Cryptographic hashes are used to assert the integrity of the device on a
163 per-block basis. This allows for a lightweight    150 per-block basis. This allows for a lightweight hash computation on first read
164 into the page cache. Block hashes are stored l    151 into the page cache. Block hashes are stored linearly, aligned to the nearest
165 block size.                                       152 block size.
166                                                   153 
167 If forward error correction (FEC) support is e    154 If forward error correction (FEC) support is enabled any recovery of
168 corrupted data will be verified using the cryp    155 corrupted data will be verified using the cryptographic hash of the
169 corresponding data. This is why combining erro    156 corresponding data. This is why combining error correction with
170 integrity checking is essential.                  157 integrity checking is essential.
171                                                   158 
172 Hash Tree                                         159 Hash Tree
173 ---------                                         160 ---------
174                                                   161 
175 Each node in the tree is a cryptographic hash.    162 Each node in the tree is a cryptographic hash.  If it is a leaf node, the hash
176 of some data block on disk is calculated. If i    163 of some data block on disk is calculated. If it is an intermediary node,
177 the hash of a number of child nodes is calcula    164 the hash of a number of child nodes is calculated.
178                                                   165 
179 Each entry in the tree is a collection of neig    166 Each entry in the tree is a collection of neighboring nodes that fit in one
180 block.  The number is determined based on bloc    167 block.  The number is determined based on block_size and the size of the
181 selected cryptographic digest algorithm.  The     168 selected cryptographic digest algorithm.  The hashes are linearly-ordered in
182 this entry and any unaligned trailing space is    169 this entry and any unaligned trailing space is ignored but included when
183 calculating the parent node.                      170 calculating the parent node.
184                                                   171 
185 The tree looks something like:                    172 The tree looks something like:
186                                                   173 
187         alg = sha256, num_blocks = 32768, bloc    174         alg = sha256, num_blocks = 32768, block_size = 4096
188                                                   175 
189 ::                                                176 ::
190                                                   177 
191                                  [   root    ]    178                                  [   root    ]
192                                 /    . . .        179                                 /    . . .    \
193                      [entry_0]                    180                      [entry_0]                 [entry_1]
194                     /  . . .  \                   181                     /  . . .  \                 . . .   \
195          [entry_0_0]   . . .  [entry_0_127]       182          [entry_0_0]   . . .  [entry_0_127]    . . . .  [entry_1_127]
196            / ... \             /   . . .  \       183            / ... \             /   . . .  \             /           \
197      blk_0 ... blk_127  blk_16256   blk_16383     184      blk_0 ... blk_127  blk_16256   blk_16383      blk_32640 . . . blk_32767
198                                                   185 
199                                                   186 
200 On-disk format                                    187 On-disk format
201 ==============                                    188 ==============
202                                                   189 
203 The verity kernel code does not read the verit    190 The verity kernel code does not read the verity metadata on-disk header.
204 It only reads the hash blocks which directly f    191 It only reads the hash blocks which directly follow the header.
205 It is expected that a user-space tool will ver    192 It is expected that a user-space tool will verify the integrity of the
206 verity header.                                    193 verity header.
207                                                   194 
208 Alternatively, the header can be omitted and t    195 Alternatively, the header can be omitted and the dmsetup parameters can
209 be passed via the kernel command-line in a roo    196 be passed via the kernel command-line in a rooted chain of trust where
210 the command-line is verified.                     197 the command-line is verified.
211                                                   198 
212 Directly following the header (and with sector    199 Directly following the header (and with sector number padded to the next hash
213 block boundary) are the hash blocks which are     200 block boundary) are the hash blocks which are stored a depth at a time
214 (starting from the root), sorted in order of i    201 (starting from the root), sorted in order of increasing index.
215                                                   202 
216 The full specification of kernel parameters an    203 The full specification of kernel parameters and on-disk metadata format
217 is available at the cryptsetup project's wiki     204 is available at the cryptsetup project's wiki page
218                                                   205 
219   https://gitlab.com/cryptsetup/cryptsetup/wik    206   https://gitlab.com/cryptsetup/cryptsetup/wikis/DMVerity
220                                                   207 
221 Status                                            208 Status
222 ======                                            209 ======
223 V (for Valid) is returned if every check perfo    210 V (for Valid) is returned if every check performed so far was valid.
224 If any check failed, C (for Corruption) is ret    211 If any check failed, C (for Corruption) is returned.
225                                                   212 
226 Example                                           213 Example
227 =======                                           214 =======
228 Set up a device::                                 215 Set up a device::
229                                                   216 
230   # dmsetup create vroot --readonly --table \     217   # dmsetup create vroot --readonly --table \
231     "0 2097152 verity 1 /dev/sda1 /dev/sda2 40    218     "0 2097152 verity 1 /dev/sda1 /dev/sda2 4096 4096 262144 1 sha256 "\
232     "4392712ba01368efdf14b05c76f9e4df0d5366463    219     "4392712ba01368efdf14b05c76f9e4df0d53664630b5d48632ed17a137f39076 "\
233     "12340000000000000000000000000000000000000    220     "1234000000000000000000000000000000000000000000000000000000000000"
234                                                   221 
235 A command line tool veritysetup is available t    222 A command line tool veritysetup is available to compute or verify
236 the hash tree or activate the kernel device. T    223 the hash tree or activate the kernel device. This is available from
237 the cryptsetup upstream repository https://git    224 the cryptsetup upstream repository https://gitlab.com/cryptsetup/cryptsetup/
238 (as a libcryptsetup extension).                   225 (as a libcryptsetup extension).
239                                                   226 
240 Create hash on the device::                       227 Create hash on the device::
241                                                   228 
242   # veritysetup format /dev/sda1 /dev/sda2        229   # veritysetup format /dev/sda1 /dev/sda2
243   ...                                             230   ...
244   Root hash: 4392712ba01368efdf14b05c76f9e4df0    231   Root hash: 4392712ba01368efdf14b05c76f9e4df0d53664630b5d48632ed17a137f39076
245                                                   232 
246 Activate the device::                             233 Activate the device::
247                                                   234 
248   # veritysetup create vroot /dev/sda1 /dev/sd    235   # veritysetup create vroot /dev/sda1 /dev/sda2 \
249     4392712ba01368efdf14b05c76f9e4df0d53664630    236     4392712ba01368efdf14b05c76f9e4df0d53664630b5d48632ed17a137f39076
                                                      

~ [ source navigation ] ~ [ diff markup ] ~ [ identifier search ] ~

kernel.org | git.kernel.org | LWN.net | Project Home | SVN repository | Mail admin

Linux® is a registered trademark of Linus Torvalds in the United States and other countries.
TOMOYO® is a registered trademark of NTT DATA CORPORATION.

sflogo.php