[dm-crypt] verity setup on active device.

Shivaramakrishnan Vaidyanathan shivaramakrishnan740 at gmail.com
Mon Apr 7 01:13:15 CEST 2014


I don't see the downloadable version for dm-integrity .Is there a link to
it.I see just dm-verity
https://code.google.com/p/cryptsetup/w/list?can=2&q=dm-integrity&colspec=PageName+Summary+Changed+ChangedBy

Can you please let me know the link?


On Sun, Apr 6, 2014 at 3:53 AM, Milan Broz <gmazyland at gmail.com> wrote:

> On 04/06/2014 12:26 AM, Shivaramakrishnan Vaidyanathan wrote:
> > Also,
> > http://lwn.net/Articles/533558/ tells that
> >  "The key advantage over dm-verity is that the target supports
> read-write and requires less hash calculation operations.Device-mapper
> "integrity" target provides transparent cryptographic integrity protection
> of underlying read-write block device using hash-based message
> authentication codes (HMACs), which can be stored on the same or different
> block device."
> >
> > I dont understand or get the main purpose of this tool. Could you please
> explain in a bit more elaborate way.Thanks
>
> DM-integrity is completely different tool, I just know it was
> proposed on dm-devel but never merged to mainline.
>
> The main difference from dm-verity is obviously it provides read-write
> functionality.
>
> Please read dmdevel archive and use Google, there is nice presentation
> by author of dm-integrity on LinuxCon Europe (2013)
> "Integrity protection solutions in Linux" which shortly mentions both
> verity and integrity targets.
>
> (And it is big question if this integrity checking should be on block or
> filesystem level.)
>
> Milan
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.saout.de/pipermail/dm-crypt/attachments/20140406/32b58c3e/attachment.html>


More information about the dm-crypt mailing list