[dm-crypt] verity setup on active device.

Milan Broz gmazyland at gmail.com
Sun Apr 6 09:53:38 CEST 2014


On 04/06/2014 12:26 AM, Shivaramakrishnan Vaidyanathan wrote:
> Also,
> http://lwn.net/Articles/533558/ tells that
>  "The key advantage over dm-verity is that the target supports read-write and requires less hash calculation operations.Device-mapper "integrity" target provides transparent cryptographic integrity protection of underlying read-write block device using hash-based message authentication codes (HMACs), which can be stored on the same or different block device."
> 
> I dont understand or get the main purpose of this tool. Could you please explain in a bit more elaborate way.Thanks

DM-integrity is completely different tool, I just know it was
proposed on dm-devel but never merged to mainline.

The main difference from dm-verity is obviously it provides read-write
functionality.

Please read dmdevel archive and use Google, there is nice presentation
by author of dm-integrity on LinuxCon Europe (2013)
"Integrity protection solutions in Linux" which shortly mentions both
verity and integrity targets.

(And it is big question if this integrity checking should be on block or filesystem level.)

Milan


More information about the dm-crypt mailing list