[dm-crypt] verity setup on active device.

Milan Broz gmazyland at gmail.com
Sat Apr 5 20:39:21 CEST 2014


On 04/04/2014 11:34 PM, Shiva wrote:
...
> 5.Used the root hash in this command.
> veritysetup --debug create nfs /dev/sdb /dev/sdc "root hash"
> 
> Everything works well.
> My problem is I am not able to perform step5 for a mounted partition.
> 
> I require a mounted partition since nfs-share will use this partition.
> (For addition and deletion)
> 
> Is there a command switch that needs to be performed in order to achieve this?

I am afraid this is not possible. Dm-verity was designed to provide
verification of (read-only) device (to provide verified boot path),
all IOs must go through dm-verity.
(So it must be in the stack from the beginning).

You cannot just add it later or run it parallel with mounted partition.
And how this can work if some data are already in page/fs cache?

Milan


More information about the dm-crypt mailing list