summary |
shortlog |
log |
commit | commitdiff |
tree
raw |
patch |
inline | side by side (from parent 1:
9309ca1)
* move to separate section (like we use for LOOP DEVICE support)
* explain what dm-verity + mount(8) does
Signed-off-by: Karel Zak <kzak@redhat.com>
.I devices
(default: uid=gid=0, mode=0444). The mode is given in octal.
.I devices
(default: uid=gid=0, mode=0444). The mode is given in octal.
-.SS "Mount options for dm-verity""
-Mounting volumes using dm-verity for integrity verification is supported where appropriate
-using the following options. Requires libcryptsetup.
-If libcryptsetup supports extracting the root hash of an already mounted device, existing
-devices will be automatically reused in case of a match.
+.SH "DM-VERITY SUPPORT (experimental)"
+The device-mapper verity target provides read-only transparent integrity
+checking of block devices using kernel crypto API. The mount command can open
+the dm-verity device and do the integrity verification before on the device
+filesystem is mounted. Requires libcryptsetup with in libmount. If
+libcryptsetup supports extracting the root hash of an already mounted device,
+existing devices will be automatically reused in case of a match.
+Mount options for dm-verity:
.TP
\fBverity.hashdevice=\fP\,\fIpath\fP
Path to the hash tree device associated with the source volume to pass to dm-verity.
.TP
\fBverity.hashdevice=\fP\,\fIpath\fP
Path to the hash tree device associated with the source volume to pass to dm-verity.
If the hash tree device is embedded in the source volume,
.I offset
(default: 0) is used by dm-verity to get to the tree.
If the hash tree device is embedded in the source volume,
.I offset
(default: 0) is used by dm-verity to get to the tree.
+.RE
+.PP
+Supported since util-linux v2.35.
+.SH "LOOP-DEVICE SUPPORT"
One further possible type is a mount via the loop device. For example,
the command
.RS
One further possible type is a mount via the loop device. For example,
the command
.RS