diff options
author | Gaël PORTAY <gael.portay@collabora.com> | 2020-12-23 10:10:15 -0500 |
---|---|---|
committer | Gaël PORTAY <gael.portay@rtone.fr> | 2023-04-13 05:15:20 +0200 |
commit | 0bbf7a842a3feb4952415d82d2b469f5c5d91836 (patch) | |
tree | cecb4cac208b48239f5bd24cf8b6b1bc5ac6112e /man/systemd-veritysetup-generator.xml | |
parent | 14de7ef914167ed08af6c0fb283e91f25e68b60f (diff) | |
download | systemd-0bbf7a842a3feb4952415d82d2b469f5c5d91836.tar.gz |
veritysetup: add support for superblock and underlying options
The verity parameter no_superblock allows to format/open an hash device
without the superblock. However, the superblock data must be set to open
the data-device.
This adds the option superblocks (sixth argument) and all the underlying
options which are implied to set the superblock manually if hash device
has no superblock:
- superblock=BOOL
- format=NUMBER (hash version type, 0 for original ChromeOS, 1 for
modern)
- data-block-size=BYTES (max page-size, multiple of 512)
- hash-block-size=BYTES (max page-size, multiple of 512)
- data-blocks=BLOCKS (size of data-device in blocks)
- salt=HEXSTR (salt used at format, max 256 bytes)
- uuid=UUID
- hash=STR (algorithm name for dm-verity used at format, default is
sha256)
See `veritysetup(8)` for more details.
Diffstat (limited to 'man/systemd-veritysetup-generator.xml')
-rw-r--r-- | man/systemd-veritysetup-generator.xml | 13 |
1 files changed, 10 insertions, 3 deletions
diff --git a/man/systemd-veritysetup-generator.xml b/man/systemd-veritysetup-generator.xml index 6098895f55..c591fcb24f 100644 --- a/man/systemd-veritysetup-generator.xml +++ b/man/systemd-veritysetup-generator.xml @@ -85,9 +85,16 @@ <term><varname>systemd.verity_root_options=</varname></term> <listitem><para>Takes a comma-separated list of dm-verity options. Expects the following options - <option>hash-offset=<replaceable>BYTES</replaceable></option>, <option>ignore-corruption</option>, - <option>restart-on-corruption</option>, <option>ignore-zero-blocks</option>, - <option>check-at-most-once</option>, <option>panic-on-corruption</option> and + <option>superblock=<replaceable>BOOLEAN</replaceable></option>, + <option>format=<replaceable>NUMBER</replaceable></option>, + <option>data-block-size=<replaceable>BYTES</replaceable></option>, + <option>hash-block-size=<replaceable>BYTES</replaceable></option>, + <option>data-blocks=<replaceable>BLOCKS</replaceable></option>, + <option>hash-offset=<replaceable>BYTES</replaceable></option>, + <option>salt=<replaceable>HEX</replaceable></option>, <option>uuid=<replaceable>UUID</replaceable></option>, + <option>ignore-corruption</option>, <option>restart-on-corruption</option>, <option>ignore-zero-blocks</option>, + <option>check-at-most-once</option>, <option>panic-on-corruption</option>, + <option>hash=<replaceable>HASH</replaceable></option> and <option>root-hash-signature=<replaceable>PATH</replaceable>|base64:<replaceable>HEX</replaceable></option>. See <citerefentry project='die-net'><refentrytitle>veritysetup</refentrytitle><manvolnum>8</manvolnum></citerefentry> for more details.</para></listitem> |