_dm_crypt_checked = 1;
}
+static void _dm_set_verity_compat(const char *dm_version, unsigned verity_maj,
+ unsigned verity_min, unsigned verity_patch)
+{
+ if (verity_maj > 0)
+ _dm_crypt_flags |= DM_VERITY_SUPPORTED;
+
+ log_dbg("Detected dm-verity version %i.%i.%i.",
+ verity_maj, verity_min, verity_patch);
+}
+
static int _dm_check_versions(void)
{
struct dm_task *dmt;
(unsigned)target->version[0],
(unsigned)target->version[1],
(unsigned)target->version[2]);
+ } else if (!strcmp(DM_VERITY_TARGET, target->name)) {
+ _dm_set_verity_compat(dm_version,
+ (unsigned)target->version[0],
+ (unsigned)target->version[1],
+ (unsigned)target->version[2]);
}
target = (struct dm_versions *)((char *) target + target->next);
} while (last_target != target);
#define DM_SECURE_SUPPORTED (1 << 2) /* wipe (secure) buffer flag */
#define DM_PLAIN64_SUPPORTED (1 << 3) /* plain64 IV */
#define DM_DISCARDS_SUPPORTED (1 << 4) /* discards/TRIM option is supported */
+#define DM_VERITY_SUPPORTED (1 << 5) /* dm-verity target supported */
uint32_t dm_flags(void);
#define DM_ACTIVE_DEVICE (1 << 0)
return r;
r = dm_create_verity(name, verity_hdr, &dmd);
+ if (!r && !(dm_flags() & DM_VERITY_SUPPORTED)) {
+ log_err(cd, _("Kernel doesn't support dm-verity mapping.\n"));
+ return -ENOTSUP;
+ }
if (r < 0)
return r;