Man page or keyword search:   man All Sections 1 - General Commands 2 - System Calls 3 - Subroutines, Functions 4 - Special Files 5 - File Formats 6 - Games and Screensavers 7 - Macros and Conventions 8 - Maintenence Commands 9 - Kernel Interface New Commands Server 4.4BSD AIX Alpinelinux Archlinux Aros BSDOS BSDi Bifrost CentOS Cygwin Darwin Debian DigitalUNIX DragonFly ElementaryOS Fedora FreeBSD Gentoo GhostBSD HP-UX Haiku Hurd IRIX Inferno JazzOS Kali Knoppix LinuxMint MacOSX Mageia Mandriva Manjaro Minix MirBSD NeXTSTEP NetBSD OPENSTEP OSF1 OpenBSD OpenDarwin OpenIndiana OpenMandriva OpenServer OpenSuSE OpenVMS Oracle PC-BSD Peanut Pidora Plan9 QNX Raspbian RedHat Scientific Slackware SmartOS Solaris SuSE SunOS Syllable Tru64 UNIXv7 Ubuntu Ultrix UnixWare Xenix YellowDog aLinux   4994 pages apropos Keyword Search (all sections) Output format html ascii pdf view pdf save postscript

VERITYSETUP(8)		     Maintenance Commands		VERITYSETUP(8)

NAME
       veritysetup - manage dm-verity (block level verification) volumes

SYNOPSIS
       veritysetup <options> <action> <action args>

DESCRIPTION
       Veritysetup  is	used to configure dm-verity managed device-mapper map‐
       pings.

       Device-mapper verity target provides  read-only	transparent  integrity
       checking of block devices using kernel crypto API.

       The dm-verity devices are always read-only.

       Veritysetup supports these operations:

       format <data_device> <hash_device>

	      Calculates  and  permanently  stores  hash verification data for
	      data_device.  Hash area can be located on the same device	 after
	      data if specified by --hash-offset option.

	      Note  you	 need to provide root hash string for device verifica‐
	      tion or activation. Root hash must be trusted.

	      The data or hash device argument can be  block  device  or  file
	      image.  If hash device path doesn't exist, it will be created as
	      file.

	      <options> can be	[--hash,  --no-superblock,  --format,  --data-
	      block-size,   --hash-block-size,	--data-blocks,	--hash-offset,
	      --salt, --uuid]

       create <name> <data_device> <hash_device> <root_hash>

	      Creates a mapping with <name> backed by device <data_device> and
	      using <hash_device> for in-kernel verification.

	      The <root_hash> is a hexadecimal string.

	      <options> can be [--hash-offset, --no-superblock]

	      If  option  --no-superblock is used, you have to use as the same
	      options as in initial format operation.

       verify <data_device> <hash_device> <root_hash>

	      Verifies data on data_device with use of hash blocks  stored  on
	      hash_device.

	      This  command  performs userspace verification, no kernel device
	      is created.

	      The <root_hash> is a hexadecimal string.

	      <options> can be [--hash-offset, --no-superblock]

	      If option --no-superblock is used, you have to use as  the  same
	      options as in initial format operation.

       remove <name>

	      Removes existing mapping <name>.

       status <name>

	      Reports status for the active verity mapping <name>.

       dump <hash_device>

	      Reports	parameters   of	 verity	 device	 from  on-disk	stored
	      superblock.

	      <options> can be [--no-superblock]

OPTIONS
       --verbose, -v
	      Print more information on command execution.

       --debug
	      Run in debug mode with full diagnostic logs. Debug output	 lines
	      are always prefixed by '#'.

       --no-superblock
	      Create or use dm-verity without permanent on-disk superblock.

       --format=number
	      Specifies	 the  hash  version  type.   Format type 0 is original
	      Chrome OS verion. Format type 1 is current version.

       --data-block-size=bytes
	      Used block size for the data device.  (Note kernel supports only
	      page-size as maximum here.)

       --hash-block-size=bytes
	      Used block size for the hash device.  (Note kernel supports only
	      page-size as maximum here.)

       --data-blocks=blocks
	      Size of data device used in verification.	 If not specified, the
	      whole device is used.

       --hash-offset=bytes
	      Offset  of  hash	area/superblock on hash_device.	 Value must be
	      aligned to disk sector offset.

       --salt=hex string
	      Salt used for format or verification.  Format is	a  hexadecimal
	      string.

       --uuid=UUID
	      Use  the	provided UUID for format command instead of generating
	      new one.

	      The  UUID	 must  be  provided  in	 standard  UUID	 format,  e.g.
	      12345678-1234-1234-1234-123456789abc.

       --version
	      Show the program version.

RETURN CODES
       Veritysetup returns 0 on success and a non-zero value on error.

       Error  codes are: 1 wrong parameters, 2 no permission, 3 out of memory,
       4 wrong device specified, 5 device already exists or device is busy.

REPORTING BUGS
       Report bugs, including ones in the  documentation,  on  the  cryptsetup
       mailing	list at <dm-crypt@saout.de> or in the 'Issues' section on LUKS
       website.	 Please attach the output  of  the  failed  command  with  the
       --debug option added.

AUTHORS
       The  first  implementation  of  veritysetup  was	 written  by Chrome OS
       authors.

       This version is based on verification code written by  Mikulas  Patocka
       <mpatocka@redhat.com>  and  rewritten  for  libcryptsetup by Milan Broz
       <gmazyland@gmail.com>.

COPYRIGHT
       Copyright © 2012 Red Hat, Inc.

       This is free software; see the source for copying conditions.  There is
       NO  warranty;  not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR
       PURPOSE.

SEE ALSO
       The project website at http://code.google.com/p/cryptsetup/

       The    verity	on-disk	   format    specification    available	    at
       http://code.google.com/p/cryptsetup/wiki/DMVerity

veritysetup			   June 2012			VERITYSETUP(8)

Vote for polarhome