.IP
Calculates and permanently stores hash verification data for data_device.
Hash area can be located on the same device after data if specified
-by \-\-hash\-start option.
+by \-\-hash\-offset option.
Note you need to provide root hash string for device verification
or activation. Root hash must be trusted.
to store the hash area.
\fB<options>\fR can be [\-\-hash, \-\-no-superblock, \-\-format,
-\-\-data-block-size, \-\-hash-block-size, \-\-data-blocks, \-\-hash-start,
+\-\-data-block-size, \-\-hash-block-size, \-\-data-blocks, \-\-hash-offset,
\-\-salt, \-\-uuid]
.PP
\fIcreate\fR <name> <data_device> <hash_device> <root_hash>
The <root_hash> is a hexadecimal string.
-\fB<options>\fR can be [\-\-hash-start, \-\-no-superblock]
+\fB<options>\fR can be [\-\-hash-offset, \-\-no-superblock]
If option \-\-no-superblock is used, you have to use as the same options
as in initial format operation.
Size of data device used in verification.
If not specified, the whole device is used.
.TP
-.B "\-\-hash-start=512-bytes sectors"
+.B "\-\-hash-offset=bytes"
Offset of hash area/superblock on hash_device.
+Value must be aligned to disk sector offset.
.TP
.B "\-\-salt=hex string"
Salt used for format or verification.
static int hash_block_size = DEFAULT_VERITY_HASH_BLOCK;
static uint64_t data_blocks = 0;
static const char *salt_string = NULL;
-static uint64_t hash_start = 0;
+static uint64_t hash_offset = 0;
static const char *opt_uuid = NULL;
static int opt_verbose = 0;
params->data_block_size = data_block_size;
params->hash_block_size = hash_block_size;
params->data_size = data_blocks;
- params->hash_area_offset = hash_start;
+ params->hash_area_offset = hash_offset;
params->hash_type = hash_type;
params->flags = flags;
if (use_superblock) {
params.flags = flags;
- params.hash_area_offset = hash_start;
+ params.hash_area_offset = hash_offset;
r = crypt_load(cd, CRYPT_VERITY, ¶ms);
} else {
r = _prepare_format(¶ms, data_device, flags | CRYPT_VERITY_NO_HEADER);
if ((r = crypt_init(&cd, action_argv[0])))
return r;
- params.hash_area_offset = hash_start;
+ params.hash_area_offset = hash_offset;
r = crypt_load(cd, CRYPT_VERITY, ¶ms);
if (!r)
crypt_dump(cd);
{ "data-block-size", 0, POPT_ARG_INT, &data_block_size, 0, N_("Block size on the data device"), N_("bytes") },
{ "hash-block-size", 0, POPT_ARG_INT, &hash_block_size, 0, N_("Block size on the hash device"), N_("bytes") },
{ "data-blocks", 0, POPT_ARG_STRING, &popt_tmp, 1, N_("The number of blocks in the data file"), N_("blocks") },
- { "hash-start", 0, POPT_ARG_STRING, &popt_tmp, 2, N_("Starting block on the hash device"), N_("512-byte sectors") },
+ { "hash-offset", 0, POPT_ARG_STRING, &popt_tmp, 2, N_("Starting offset on the hash device"), N_("bytes") },
{ "hash", 'h', POPT_ARG_STRING, &hash_algorithm, 0, N_("Hash algorithm"), N_("string") },
{ "salt", 's', POPT_ARG_STRING, &salt_string, 0, N_("Salt"), N_("hex string") },
{ "uuid", '\0', POPT_ARG_STRING, &opt_uuid, 0, N_("UUID for device to use."), NULL },
data_blocks = ull_value;
break;
case 2:
- hash_start = ull_value * 512;
- if (hash_start / 512 != ull_value)
- r = POPT_ERROR_BADNUMBER;
+ hash_offset = ull_value;
break;
}
function check_root_hash() # $1 size, $2 hash, $3 salt, $4 version, $5 hash, [$6 offset]
{
if [ -z "$LOOPDEV2" ] ; then
- BLOCKS=$(($6 * 512 / $1))
+ BLOCKS=$(($6 / $1))
DEV_PARAMS="$LOOPDEV1 $LOOPDEV1 \
- --hash-start $6 \
+ --hash-offset $6 \
--data-blocks=$BLOCKS --debug"
else
DEV_PARAMS="$LOOPDEV1 $LOOPDEV2"
echo "Verity tests [one device offset]"
prepare $((8192 + 1024))
-check_root_hash 512 9de18652fe74edfb9b805aaed72ae2aa48f94333f1ba5c452ac33b1c39325174 $SALT 1 sha256 16384
-check_root_hash 1024 54d92778750495d1f80832b486ebd007617d746271511bbf0e295e143da2b3df $SALT 1 sha256 16384
-check_root_hash 4096 e522df0f97da4febb882ac40f30b37dc0b444bf6df418929463fa25280f09d5c $SALT 1 sha256 16384
+check_root_hash 512 9de18652fe74edfb9b805aaed72ae2aa48f94333f1ba5c452ac33b1c39325174 $SALT 1 sha256 8388608
+check_root_hash 1024 54d92778750495d1f80832b486ebd007617d746271511bbf0e295e143da2b3df $SALT 1 sha256 8388608
+check_root_hash 4096 e522df0f97da4febb882ac40f30b37dc0b444bf6df418929463fa25280f09d5c $SALT 1 sha256 8388608
# version 0
-check_root_hash 4096 cbbf4ebd004ef65e29b935bb635a39cf754d677f3fa10b0126da725bbdf10f7d $SALT 0 sha256 16384
+check_root_hash 4096 cbbf4ebd004ef65e29b935bb635a39cf754d677f3fa10b0126da725bbdf10f7d $SALT 0 sha256 8388608
# no salt
-check_root_hash 4096 ef29c902d87350f1da4bfa536e16cebc162a909bf89abe448b81ec500d4fb9bf - 1 sha256 16384
+check_root_hash 4096 ef29c902d87350f1da4bfa536e16cebc162a909bf89abe448b81ec500d4fb9bf - 1 sha256 8388608
# sha1
-check_root_hash 1024 d0e9163ca8844aaa2e88fe5265a8c5d9ee494a99 $SALT 1 sha1 16384
-check_root_hash 1024 73509e8e868be6b8ac939817a98a3d35121413b2 dadada 1 sha1 16384
+check_root_hash 1024 d0e9163ca8844aaa2e88fe5265a8c5d9ee494a99 $SALT 1 sha1 8388608
+check_root_hash 1024 73509e8e868be6b8ac939817a98a3d35121413b2 dadada 1 sha1 8388608
remove_mapping
exit 0