[dm-devel] dm-integrity
Milan Broz
gmazyland at gmail.com
Mon Jul 3 15:05:35 UTC 2017
On 07/03/2017 06:44 AM, Renesanso wrote:
> Hi for all.
>
> Dmitry Kasatkin's fork of linux.git write dm-integrity patch for linux
...
yes, unfortunately we named the target the same (and I realized it too late).
It is doing something similar but definitely it is not the same.
> I try to use dmsetup to setup dm-integrity in ecc mode (but if change
> block on backend device dm-integrity gives not reaction and give another
> md5sum to upper level. but non error), for dm-crypt I cannot understand
> how to use AEAD mode.
You probably configured it in mode when it only provide tag space,
but does not calculate and verify internal hash.
(ECC means error correction, this target do not provide error correction,
only detection of error (such a tool could be written on top of dm-integrity though).
> Please, give full instrustion to use dm-integrity in ecc mode and with
> dm-crypt (with kernel keychain creation)..
dm-integrity can work in standalone mode or together with dm-crypt.
For the standalone mode, it is the best to use integritysetup tool
(for now in master branch of cryptsetup project).
https://gitlab.com/cryptsetup/cryptsetup
There is some simple documentation in man page and on this page
https://gitlab.com/cryptsetup/cryptsetup/wikis/DMIntegrity
(You can setup HMAC integrity protection in standalone mode as well.)
I will update it soon with some more info and prepare some better examples
(the whole userspace is still not finished though but should work.)
For the combination with dm-crypt and AEAD - this is part of LUKS2 branch
in the same repository but it is really only for experiments.
Once we will have some testing build, I'll write more here, sorry, it takes
longer than I expected.
Milan
More information about the dm-devel
mailing list