[dm-devel] [Fwd: Re: DM-Verity Tool]

pavankumar.p at globaledgesoft.com pavankumar.p at globaledgesoft.com
Fri May 31 13:28:08 UTC 2013 

---------------------------- Original Message ----------------------------
Subject: Re: DM-Verity Tool
From:    pavankumar.p at globaledgesoft.com
Date:    Mon, May 27, 2013 9:22 pm
To:      "Milan Broz" <gmazyland at gmail.com>
         mpatocka at redhat.com
         "device-mapper development" <dm-devel at redhat.com>
         "Marian Csontos" <mcsontos at redhat.com>
--------------------------------------------------------------------------

Hello Mikulas,

> By corrupting the image? :) See tests/verity-compat-test in cryptsetup
> tree, it is basic regression test which is simulating both data and hash
> corruption (it just dd random data to know offset and expects failure.)

In tests/verity-compat-test, in the following line
"check_root_hash  512
9de18652fe74edfb9b805aaed72ae2aa48f94333f1ba5c452ac33b1c39325174 $SALT 1
sha256 8388608"

How's the last parameter (hash_offset) calculated? it's hard coded
here(8388608).

Regards,
Pavan


> Hi All,
>
> Thanks a lot for your support. Now I am able to configure verity target
> using both veritysetup & dmsetup.
>
> Regards,
> Pavan
>
>
>>
>> On 05/23/2013 08:41 AM, pavankumar.p at globaledgesoft.com wrote:
>>> 1. What are the difference between configuring a verity target using
>>> dmsetup & veritysetup. Can these be used interchangeably?
>>
>> dmsetup is just low level tool, you need to know all table parameters
>> while veritysetup will prepare table for you using high level commands
>> and on-disk metadata (if present).
>>
>>> 2. I tried passing the root hash value generated by veritysetup as a
>>> parameter to dmsetup but this doesn't work. On doing dmsetup status,
>>> the
>>> output is showing as the target corrupted (C). I examined dmesg & found
>>> the following error
>>
>> Be sure you are using proper parameters, metadata version etc.
>>
>> Try activate device with veritysetup, then run "dmsetup table" and
>> check what is different in your dmsetup line.
>>
>>> 3. After creating a verity target using "veritysetup" how to test the
>>> target for corrupted case (As soon as creating the status is Verified
>>> (V))
>>
>> By corrupting the image? :) See tests/verity-compat-test in cryptsetup
>> tree, it is basic regression test which is simulating both data and hash
>> corruption (it just dd random data to know offset and expects failure.)
>>
>> Milan
>>
>
>

More information about the dm-devel mailing list