Merge pull request #18789 from gportay/veritysetup-add-options-for-parity-with-cryptsetup-verity-utility

veritysetup: Add options for parity support with the cryptsetup's verity utility
author: Lennart Poettering <lennart@poettering.net> 2023-04-13 11:32:57 +0200
committer: GitHub <noreply@github.com> 2023-04-13 11:32:57 +0200
commit: 796da645a06cb0ba0b5e2fd34cf610431588994e (patch)
tree: 355629c13369a81cc7c205af020141fb7a39dd8a /man
parent: 06e78680e3c36589b785f90ecda64d124905a3f7 (diff)
parent: 21c60c76e10b23d47b97fdd88a56314fc0b3c66b (diff)
download: systemd-796da645a06cb0ba0b5e2fd34cf610431588994e.tar.gz
2 files changed, 97 insertions, 1 deletions
diff --git a/man/systemd-veritysetup-generator.xml b/man/systemd-veritysetup-generator.xml
index 37ded91a93..71bc1fda64 100644
--- a/man/systemd-veritysetup-generator.xml
+++ b/man/systemd-veritysetup-generator.xml
@@ -85,8 +85,17 @@
         <term><varname>systemd.verity_root_options=</varname></term>
 
         <listitem><para>Takes a comma-separated list of dm-verity options. Expects the following options
+        <option>superblock=<replaceable>BOOLEAN</replaceable></option>,
+        <option>format=<replaceable>NUMBER</replaceable></option>,
+        <option>data-block-size=<replaceable>BYTES</replaceable></option>,
+        <option>hash-block-size=<replaceable>BYTES</replaceable></option>,
+        <option>data-blocks=<replaceable>BLOCKS</replaceable></option>,
+        <option>hash-offset=<replaceable>BYTES</replaceable></option>,
+        <option>salt=<replaceable>HEX</replaceable></option>, <option>uuid=<replaceable>UUID</replaceable></option>,
         <option>ignore-corruption</option>, <option>restart-on-corruption</option>, <option>ignore-zero-blocks</option>,
-        <option>check-at-most-once</option>, <option>panic-on-corruption</option> and
+        <option>check-at-most-once</option>, <option>panic-on-corruption</option>,
+        <option>hash=<replaceable>HASH</replaceable></option>, <option>fec-device=<replaceable>PATH</replaceable></option>,
+        <option>fec-offset=<replaceable>BYTES</replaceable></option>, <option>fec-roots=<replaceable>NUM</replaceable></option> and
         <option>root-hash-signature=<replaceable>PATH</replaceable>|base64:<replaceable>HEX</replaceable></option>. See
         <citerefentry project='die-net'><refentrytitle>veritysetup</refentrytitle><manvolnum>8</manvolnum></citerefentry> for more
         details.</para></listitem>
diff --git a/man/veritytab.xml b/man/veritytab.xml
index dc2f11c31e..557d13e1ed 100644
--- a/man/veritytab.xml
+++ b/man/veritytab.xml
@@ -61,6 +61,62 @@ This is based on crypttab(5).
     <variablelist class='fstab-options'>
 
       <varlistentry>
+        <term><option>superblock=<replaceable>BOOL</replaceable></option></term>
+
+        <listitem><para>Use dm-verity with or without permanent on-disk superblock.</para></listitem>
+      </varlistentry>
+
+      <varlistentry>
+        <term><option>format=<replaceable>NUMBER</replaceable></option></term>
+
+        <listitem><para>Specifies the hash version type. Format type 0 is original Chrome OS version. Format type 1 is
+        modern version.</para></listitem>
+      </varlistentry>
+
+      <varlistentry>
+        <term><option>data-block-size=<replaceable>BYTES</replaceable></option></term>
+
+        <listitem><para>Used block size for the data device. (Note kernel supports only page-size as maximum
+        here; Multiples of 512 bytes.) </para></listitem>
+      </varlistentry>
+
+      <varlistentry>
+        <term><option>hash-block-size=<replaceable>BYTES</replaceable></option></term>
+
+        <listitem><para>Used block size for the hash device. (Note kernel supports only page-size as maximum
+        here; Multiples of 512 bytes.)</para></listitem>
+      </varlistentry>
+
+      <varlistentry>
+        <term><option>data-blocks=<replaceable>BLOCKS</replaceable></option></term>
+
+        <listitem><para>Number of blocks of data device used in verification. If not specified, the whole device is
+        used.</para></listitem>
+      </varlistentry>
+
+      <varlistentry>
+        <term><option>hash-offset=<replaceable>BYTES</replaceable></option></term>
+
+        <listitem><para>Offset of hash area/superblock on <literal>hash-device</literal>. (Multiples of 512 bytes.)
+        </para></listitem>
+      </varlistentry>
+
+      <varlistentry>
+        <term><option>salt=<replaceable>HEX</replaceable></option></term>
+
+        <listitem><para>Salt used for format or verification. Format is a hexadecimal string; 256 bytes long maximum;
+        <literal>-</literal>is the special value for empty.</para></listitem>
+      </varlistentry>
+
+      <varlistentry>
+        <term><option>uuid=<replaceable>UUID</replaceable></option></term>
+
+        <listitem><para>Use the provided UUID for format command instead of generating new one. The UUID must be
+        provided in standard UUID format, e.g. 12345678-1234-1234-1234-123456789abc.</para></listitem>
+        <listitem><para></para></listitem>
+      </varlistentry>
+
+      <varlistentry>
         <term><option>ignore-corruption</option></term>
         <term><option>restart-on-corruption</option></term>
         <term><option>panic-on-corruption</option></term>
@@ -95,6 +151,37 @@ This is based on crypttab(5).
       </varlistentry>
 
       <varlistentry>
+        <term><option>hash=<replaceable>HASH</replaceable></option></term>
+
+        <listitem><para>Hash algorithm for dm-verity. This should be the name of the algorithm, like "sha1". For default
+        see <command>veritysetup --help</command>.</para></listitem>
+      </varlistentry>
+
+      <varlistentry>
+        <term><option>fec-device=<replaceable>PATH</replaceable></option></term>
+
+        <listitem><para>Use forward error correction (FEC) to recover from corruption if hash verification fails. Use
+        encoding data from the specified device. The fec device argument can be block device or file image. For format,
+        if fec device path doesn't exist, it will be created as file. Note: block sizes for data and hash devices must
+        match. Also, if the verity data_device is encrypted the fec_device should be too.</para></listitem>
+      </varlistentry>
+
+      <varlistentry>
+        <term><option>fec-offset=<replaceable>BYTES</replaceable></option></term>
+
+        <listitem><para>This is the offset, in bytes, from the start of the FEC device to the beginning of the encoding
+        data. (Aligned on 512 bytes.)</para></listitem>
+      </varlistentry>
+
+      <varlistentry>
+        <term><option>fec-roots=<replaceable>NUM</replaceable></option></term>
+
+        <listitem><para>Number of generator roots. This equals to the number of parity bytes in the encoding data. In
+        RS(M, N) encoding, the number of roots is M-N. M is 255 and M-N is between 2 and 24 (including).</para>
+        </listitem>
+      </varlistentry>
+
+      <varlistentry>
         <term><option>root-hash-signature=<replaceable>PATH</replaceable>|base64:<replaceable>HEX</replaceable></option></term>
 
         <listitem><para>A base64 string encoding the root hash signature prefixed by <literal>base64:</literal> or a
author	Lennart Poettering <lennart@poettering.net>	2023-04-13 11:32:57 +0200
committer	GitHub <noreply@github.com>	2023-04-13 11:32:57 +0200
commit	796da645a06cb0ba0b5e2fd34cf610431588994e (patch)
tree	355629c13369a81cc7c205af020141fb7a39dd8a /man
parent	06e78680e3c36589b785f90ecda64d124905a3f7 (diff)
parent	21c60c76e10b23d47b97fdd88a56314fc0b3c66b (diff)
download	systemd-796da645a06cb0ba0b5e2fd34cf610431588994e.tar.gz