[dm-devel] DM-Verity Tool
pavankumar.p at globaledgesoft.com
pavankumar.p at globaledgesoft.com
Fri May 31 16:15:39 UTC 2013
Hi Mikulas,
Thanks for the reply.
Pavan>> 5. How to update DM-Veirty device without removing device mapping.
I tried mounting the dm-verity target but it fails
Mikulas>
Mikulas> You can't update it.
Mikulas>
Mikulas> If you want to update it, you need to unmount the filesystem,
unload the dm-verity target, mount the underlying device read-write, make
changes, unmount it, recreate checksums with veritysetup, load the
dm-verity target and mount it read only.
If the filesystem is mounted as read-only, how the filesystem can be
modified or corrupted (without removing mapping)? How we can test the
dm-verity functionality?
Thanks,
Pavan
>
>
> On Thu, 30 May 2013, pavankumar.p at globaledgesoft.com wrote:
>
>> Hi All,
>> Thanks for your answers to previous questions. I have some more
>> doubts
>> regarding DM-Verity please clarify it.
>> 1. When dm-verity validation fails, do we lose access to the file? And
how
>> about accessing the rest of the filesystem?
>
> You lose access to the affected files, but the rest of the filesystem is
still accessible.
>
>> 2. Is there any recovery mechanism for a validation failure?
>
> No.
>
>> 3. How do we update a DM-Verity filesystem? Can it be done on a file
basis?
>> I believe that dm-verity works on the blocks & not on the file system, is
>> that true?
>
> You don't update it. You create the filesystems, then calculate
dm-verity
> checksums and then mount it read only.
>
> Yes, dm-verity works on blocks.
>
>> 4. Can we use dm-verity for any filesystem (say UBIFS)? Is there any
restriction on filesystem?
>
> You can use it for any filesystem.
>
>> 5. How to update DM-Veirty device without removing device mapping. I tried
>> mounting the dm-verity target but it fails
>
> You can't update it.
>
> If you want to update it, you need to unmount the filesystem, unload the
dm-verity target, mount the underlying device read-write, make changes,
unmount it, recreate checksums with veritysetup, load the dm-verity
target
> and mount it read only.
>
>> Thanks in advance,
>> Pavan Kumar P
>
> Mikulas
>
More information about the dm-devel
mailing list