3 :manmanual: Maintenance Commands
4 :mansource: veritysetup {release-version}
5 :man-linkstyle: pass:[blue R < >]
9 veritysetup - manage dm-verity (block level verification) volumes
13 *veritysetup <action> [<options>] <action args>*
17 Veritysetup is used to configure dm-verity managed device-mapper
20 Device-mapper verity target provides read-only transparent integrity
21 checking of block devices using kernel crypto API.
23 The dm-verity devices are always read-only.
27 Veritysetup supports these operations:
30 *format <data_device> <hash_device>*
32 Calculates and permanently stores hash verification data for
33 data_device. Hash area can be located on the same device after data if
34 specified by --hash-offset option.
36 Note you need to provide root hash string for device verification or
37 activation. Root hash must be trusted.
39 The data or hash device argument can be block device or file image. If
40 hash device path doesn't exist, it will be created as file.
42 *<options>* can be [--hash, --no-superblock, --format,
43 --data-block-size, --hash-block-size, --data-blocks, --hash-offset,
44 --salt, --uuid, --root-hash-file].
46 If option --root-hash-file is used, the root hash is stored in
47 hex-encoded text format in <path>.
50 *open <data_device> <name> <hash_device> <root_hash>* +
51 *open <data_device> <name> <hash_device> --root-hash-file <path>* +
52 create <name> <data_device> <hash_device> <root_hash> (*OBSOLETE syntax*)
54 Creates a mapping with <name> backed by device <data_device> and using
55 <hash_device> for in-kernel verification.
57 The <root_hash> is a hexadecimal string.
59 *<options>* can be [--hash-offset, --no-superblock, --ignore-corruption
60 or --restart-on-corruption, --panic-on-corruption, --ignore-zero-blocks,
61 --check-at-most-once, --root-hash-signature, --root-hash-file, --use-tasklets].
63 If option --root-hash-file is used, the root hash is read from <path>
64 instead of from the command line parameter. Expects hex-encoded text,
65 without terminating newline.
67 If option --no-superblock is used, you have to use as the same options
68 as in initial format operation.
71 *verify <data_device> <hash_device> <root_hash>* +
72 *verify <data_device> <hash_device> --root-hash-file <path>*
74 Verifies data on data_device with use of hash blocks stored on
77 This command performs userspace verification, no kernel device is
80 The <root_hash> is a hexadecimal string.
82 If option --root-hash-file is used, the root hash is read from <path>
83 instead of from the command line parameter. Expects hex-encoded text,
84 without terminating newline.
86 *<options>* can be [--hash-offset, --no-superblock, --root-hash-file].
88 If option --no-superblock is used, you have to use as the same options
89 as in initial format operation.
93 remove <name> (*OBSOLETE syntax*)
95 Removes existing mapping <name>.
97 *<options>* can be [--deferred] or [--cancel-deferred].
102 Reports status for the active verity mapping <name>.
107 Reports parameters of verity device from on-disk stored superblock.
109 *<options>* can be [--hash-offset].
114 Create or use dm-verity without permanent on-disk superblock.
117 Specifies the hash version type. Format type 0 is original Chrome OS
118 version. Format type 1 is current version.
120 *--data-block-size=bytes*::
121 Used block size for the data device. (Note kernel supports only
122 page-size as maximum here.)
124 *--hash-block-size=bytes*::
125 Used block size for the hash device. (Note kernel supports only
126 page-size as maximum here.)
128 *--data-blocks=blocks*::
129 Size of data device used in verification. If not specified, the whole
132 *--hash-offset=bytes*::
133 Offset of hash area/superblock on hash_device. Value must be aligned
134 to disk sector offset.
136 *--salt=hex string*::
137 Salt used for format or verification. Format is a hexadecimal string.
140 Use the provided UUID for format command instead of generating new
143 The UUID must be provided in standard UUID format, e.g.
144 12345678-1234-1234-1234-123456789abc.
145 *--ignore-corruption , --restart-on-corruption ,
146 --panic-on-corruption*::
147 Defines what to do if data integrity problem is detected (data
150 Without these options kernel fails the IO operation with I/O error. With
151 --ignore-corruption option the corruption is only logged. With
152 --restart-on-corruption or --panic-on-corruption the kernel is restarted
153 (panicked) immediately. (You have to provide way how to avoid restart
156 *WARNING:* Use these options only for very specific cases. These options
157 are available since Linux kernel version 4.1.
159 *--ignore-zero-blocks*::
160 Instruct kernel to not verify blocks that are expected to contain
161 zeroes and always directly return zeroes instead.
163 *WARNING:* Use this option only in very specific cases. This option is
164 available since Linux kernel version 4.5.
166 *--check-at-most-once*::
167 Instruct kernel to verify blocks only the first time they are read
168 from the data device, rather than every time.
170 *WARNING:* It provides a reduced level of security because only offline
171 tampering of the data device's content will be detected, not online
172 tampering. This option is available since Linux kernel version 4.17.
175 Hash algorithm for dm-verity. For default see --help option.
177 *--fec-device=fec_device*::
178 Use forward error correction (FEC) to recover from corruption if hash
179 verification fails. Use encoding data from the specified device.
181 The fec device argument can be block device or file image. For format,
182 if fec device path doesn't exist, it will be created as file.
184 Block sizes for data and hash devices must match. Also, if the verity
185 data_device is encrypted the fec_device should be too.
187 FEC calculation covers data, hash area, and optional foreign metadata
188 stored on the same device with the hash tree (additional space after
189 hash area). Size of this optional additional area protected by FEC is
190 calculated from image sizes, so you must be sure that you use the same
191 images for activation.
193 If the hash device is in a separate image, metadata covers the whole
194 rest of the image after the hash area.
196 If hash and FEC device is in the image, metadata ends on the FEC area
199 *--fec-offset=bytes*::
200 This is the offset, in bytes, from the start of the FEC device to the
201 beginning of the encoding data.
204 Number of generator roots. This equals to the number of parity bytes
205 in the encoding data. In RS(M, N) encoding, the number of roots is
206 M-N. M is 255 and M-N is between 2 and 24 (including).
208 *--root-hash-file=FILE*::
209 Path to file with stored root hash in hex-encoded text.
211 *--root-hash-signature=FILE*::
212 Path to root hash signature file used to verify the root hash (in
213 kernel). This feature requires Linux kernel version 5.4 or more
217 Try to use kernel tasklets in dm-verity driver for performance reasons.
218 This option is available since Linux kernel version 6.0.
221 Defers device removal in *close* command until the last user closes
224 *--cancel-deferred*::
225 Removes a previously configured deferred device removal in *close*
229 Print more information on command execution.
232 Run in debug mode with full diagnostic logs. Debug output lines are
233 always prefixed by *#*.
236 Show the program version.
239 Do not ask for confirmation.
242 Show short option help.
245 Show help text and default parameters.
249 Veritysetup returns *0* on success and a non-zero value on error.
251 Error codes are: *1* wrong parameters, *2* no permission, *3* out of memory,
252 *4* wrong device specified, *5* device already exists or device is busy.
256 *veritysetup --data-blocks=256 format <data_device> <hash_device>*
258 Calculates and stores verification data on hash_device for the first 256
259 blocks (of block-size). If hash_device does not exist, it is created (as
262 *veritysetup format --root-hash-file <path> <data_device> <hash_device>*
264 Calculates and stores verification data on hash_device for the whole
265 data_device, and store the root hash as hex-encoded text in <path>.
267 *veritysetup --data-blocks=256 --hash-offset=1052672 format <device>
270 Verification data (hashes) is stored on the same device as data
271 (starting at hash-offset). Hash-offset must be greater than number of
274 *veritysetup --data-blocks=256 --hash-offset=1052672 create test-device
275 <device> <device> <root_hash>*
277 Activates the verity device named test-device. Options --data-blocks and
278 --hash-offset are the same as in the format command. The <root_hash> was
279 calculated in format command.
281 *veritysetup --data-blocks=256 --hash-offset=1052672 verify
282 <data_device> <hash_device> <root_hash>*
284 Verifies device without activation (in userspace).
286 *veritysetup --data-blocks=256 --hash-offset=1052672 --root-hash-file
287 <path> verify <data_device> <hash_device>*
289 Verifies device without activation (in userspace). Root hash passed via
290 a file rather than inline.
292 *veritysetup --fec-device=<fec_device> --fec-roots=10 format
293 <data_device> <hash_device>*
295 Calculates and stores verification and encoding data for data_device.
297 == DM-VERITY ON-DISK SPECIFICATION
299 The on-disk format specification is available at
300 https://gitlab.com/cryptsetup/cryptsetup/wikis/DMVerity[*DMVerity*] page.
304 The first implementation of veritysetup was written by Chrome OS
307 This version is based on verification code written by
308 mailto:mpatocka@redhat.com[Mikulas Patocka] and rewritten for libcryptsetup
309 by mailto:gmazyland@gmail.com[Milan Broz].
311 include::man/common_footer.adoc[]