diff options
author | Lennart Poettering <lennart@poettering.net> | 2023-04-13 11:32:57 +0200 |
---|---|---|
committer | GitHub <noreply@github.com> | 2023-04-13 11:32:57 +0200 |
commit | 796da645a06cb0ba0b5e2fd34cf610431588994e (patch) | |
tree | 355629c13369a81cc7c205af020141fb7a39dd8a /man | |
parent | 06e78680e3c36589b785f90ecda64d124905a3f7 (diff) | |
parent | 21c60c76e10b23d47b97fdd88a56314fc0b3c66b (diff) | |
download | systemd-796da645a06cb0ba0b5e2fd34cf610431588994e.tar.gz |
Merge pull request #18789 from gportay/veritysetup-add-options-for-parity-with-cryptsetup-verity-utility
veritysetup: Add options for parity support with the cryptsetup's verity utility
Diffstat (limited to 'man')
-rw-r--r-- | man/systemd-veritysetup-generator.xml | 11 | ||||
-rw-r--r-- | man/veritytab.xml | 87 |
2 files changed, 97 insertions, 1 deletions
diff --git a/man/systemd-veritysetup-generator.xml b/man/systemd-veritysetup-generator.xml index 37ded91a93..71bc1fda64 100644 --- a/man/systemd-veritysetup-generator.xml +++ b/man/systemd-veritysetup-generator.xml @@ -85,8 +85,17 @@ <term><varname>systemd.verity_root_options=</varname></term> <listitem><para>Takes a comma-separated list of dm-verity options. Expects the following options + <option>superblock=<replaceable>BOOLEAN</replaceable></option>, + <option>format=<replaceable>NUMBER</replaceable></option>, + <option>data-block-size=<replaceable>BYTES</replaceable></option>, + <option>hash-block-size=<replaceable>BYTES</replaceable></option>, + <option>data-blocks=<replaceable>BLOCKS</replaceable></option>, + <option>hash-offset=<replaceable>BYTES</replaceable></option>, + <option>salt=<replaceable>HEX</replaceable></option>, <option>uuid=<replaceable>UUID</replaceable></option>, <option>ignore-corruption</option>, <option>restart-on-corruption</option>, <option>ignore-zero-blocks</option>, - <option>check-at-most-once</option>, <option>panic-on-corruption</option> and + <option>check-at-most-once</option>, <option>panic-on-corruption</option>, + <option>hash=<replaceable>HASH</replaceable></option>, <option>fec-device=<replaceable>PATH</replaceable></option>, + <option>fec-offset=<replaceable>BYTES</replaceable></option>, <option>fec-roots=<replaceable>NUM</replaceable></option> and <option>root-hash-signature=<replaceable>PATH</replaceable>|base64:<replaceable>HEX</replaceable></option>. See <citerefentry project='die-net'><refentrytitle>veritysetup</refentrytitle><manvolnum>8</manvolnum></citerefentry> for more details.</para></listitem> diff --git a/man/veritytab.xml b/man/veritytab.xml index dc2f11c31e..557d13e1ed 100644 --- a/man/veritytab.xml +++ b/man/veritytab.xml @@ -61,6 +61,62 @@ This is based on crypttab(5). <variablelist class='fstab-options'> <varlistentry> + <term><option>superblock=<replaceable>BOOL</replaceable></option></term> + + <listitem><para>Use dm-verity with or without permanent on-disk superblock.</para></listitem> + </varlistentry> + + <varlistentry> + <term><option>format=<replaceable>NUMBER</replaceable></option></term> + + <listitem><para>Specifies the hash version type. Format type 0 is original Chrome OS version. Format type 1 is + modern version.</para></listitem> + </varlistentry> + + <varlistentry> + <term><option>data-block-size=<replaceable>BYTES</replaceable></option></term> + + <listitem><para>Used block size for the data device. (Note kernel supports only page-size as maximum + here; Multiples of 512 bytes.) </para></listitem> + </varlistentry> + + <varlistentry> + <term><option>hash-block-size=<replaceable>BYTES</replaceable></option></term> + + <listitem><para>Used block size for the hash device. (Note kernel supports only page-size as maximum + here; Multiples of 512 bytes.)</para></listitem> + </varlistentry> + + <varlistentry> + <term><option>data-blocks=<replaceable>BLOCKS</replaceable></option></term> + + <listitem><para>Number of blocks of data device used in verification. If not specified, the whole device is + used.</para></listitem> + </varlistentry> + + <varlistentry> + <term><option>hash-offset=<replaceable>BYTES</replaceable></option></term> + + <listitem><para>Offset of hash area/superblock on <literal>hash-device</literal>. (Multiples of 512 bytes.) + </para></listitem> + </varlistentry> + + <varlistentry> + <term><option>salt=<replaceable>HEX</replaceable></option></term> + + <listitem><para>Salt used for format or verification. Format is a hexadecimal string; 256 bytes long maximum; + <literal>-</literal>is the special value for empty.</para></listitem> + </varlistentry> + + <varlistentry> + <term><option>uuid=<replaceable>UUID</replaceable></option></term> + + <listitem><para>Use the provided UUID for format command instead of generating new one. The UUID must be + provided in standard UUID format, e.g. 12345678-1234-1234-1234-123456789abc.</para></listitem> + <listitem><para></para></listitem> + </varlistentry> + + <varlistentry> <term><option>ignore-corruption</option></term> <term><option>restart-on-corruption</option></term> <term><option>panic-on-corruption</option></term> @@ -95,6 +151,37 @@ This is based on crypttab(5). </varlistentry> <varlistentry> + <term><option>hash=<replaceable>HASH</replaceable></option></term> + + <listitem><para>Hash algorithm for dm-verity. This should be the name of the algorithm, like "sha1". For default + see <command>veritysetup --help</command>.</para></listitem> + </varlistentry> + + <varlistentry> + <term><option>fec-device=<replaceable>PATH</replaceable></option></term> + + <listitem><para>Use forward error correction (FEC) to recover from corruption if hash verification fails. Use + encoding data from the specified device. The fec device argument can be block device or file image. For format, + if fec device path doesn't exist, it will be created as file. Note: block sizes for data and hash devices must + match. Also, if the verity data_device is encrypted the fec_device should be too.</para></listitem> + </varlistentry> + + <varlistentry> + <term><option>fec-offset=<replaceable>BYTES</replaceable></option></term> + + <listitem><para>This is the offset, in bytes, from the start of the FEC device to the beginning of the encoding + data. (Aligned on 512 bytes.)</para></listitem> + </varlistentry> + + <varlistentry> + <term><option>fec-roots=<replaceable>NUM</replaceable></option></term> + + <listitem><para>Number of generator roots. This equals to the number of parity bytes in the encoding data. In + RS(M, N) encoding, the number of roots is M-N. M is 255 and M-N is between 2 and 24 (including).</para> + </listitem> + </varlistentry> + + <varlistentry> <term><option>root-hash-signature=<replaceable>PATH</replaceable>|base64:<replaceable>HEX</replaceable></option></term> <listitem><para>A base64 string encoding the root hash signature prefixed by <literal>base64:</literal> or a |