From 0bbf7a842a3feb4952415d82d2b469f5c5d91836 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Ga=C3=ABl=20PORTAY?= Date: Wed, 23 Dec 2020 10:10:15 -0500 Subject: veritysetup: add support for superblock and underlying options The verity parameter no_superblock allows to format/open an hash device without the superblock. However, the superblock data must be set to open the data-device. This adds the option superblocks (sixth argument) and all the underlying options which are implied to set the superblock manually if hash device has no superblock: - superblock=BOOL - format=NUMBER (hash version type, 0 for original ChromeOS, 1 for modern) - data-block-size=BYTES (max page-size, multiple of 512) - hash-block-size=BYTES (max page-size, multiple of 512) - data-blocks=BLOCKS (size of data-device in blocks) - salt=HEXSTR (salt used at format, max 256 bytes) - uuid=UUID - hash=STR (algorithm name for dm-verity used at format, default is sha256) See `veritysetup(8)` for more details. --- man/systemd-veritysetup-generator.xml | 13 ++++++-- man/veritytab.xml | 56 +++++++++++++++++++++++++++++++++++ 2 files changed, 66 insertions(+), 3 deletions(-) (limited to 'man') diff --git a/man/systemd-veritysetup-generator.xml b/man/systemd-veritysetup-generator.xml index 6098895f55..c591fcb24f 100644 --- a/man/systemd-veritysetup-generator.xml +++ b/man/systemd-veritysetup-generator.xml @@ -85,9 +85,16 @@ systemd.verity_root_options= Takes a comma-separated list of dm-verity options. Expects the following options - , , - , , - , and + , + , + , + , + , + , + , , + , , , + , , + and . See veritysetup8 for more details. diff --git a/man/veritytab.xml b/man/veritytab.xml index ec5d0f45a1..b4f2be3e30 100644 --- a/man/veritytab.xml +++ b/man/veritytab.xml @@ -60,6 +60,40 @@ This is based on crypttab(5). + + + + Use dm-verity with or without permanent on-disk superblock. + + + + + + Specifies the hash version type. Format type 0 is original Chrome OS version. Format type 1 is + modern version. + + + + + + Used block size for the data device. (Note kernel supports only page-size as maximum + here; Multiples of 512 bytes.) + + + + + + Used block size for the hash device. (Note kernel supports only page-size as maximum + here; Multiples of 512 bytes.) + + + + + + Number of blocks of data device used in verification. If not specified, the whole device is + used. + + @@ -67,6 +101,21 @@ This is based on crypttab(5). + + + + Salt used for format or verification. Format is a hexadecimal string; 256 bytes long maximum; + -is the special value for empty. + + + + + + Use the provided UUID for format command instead of generating new one. The UUID must be + provided in standard UUID format, e.g. 12345678-1234-1234-1234-123456789abc. + + + @@ -101,6 +150,13 @@ This is based on crypttab(5). + + + + Hash algorithm for dm-verity. This should be the name of the algorithm, like "sha1". For default + see veritysetup --help. + + -- cgit v1.2.1