From c9300c7d6ead5bf0d566248052f1fcc94822b161 Mon Sep 17 00:00:00 2001 From: Karel Zak Date: Thu, 5 Dec 2019 13:40:42 +0100 Subject: [PATCH 1/1] mount: (dm-verity) update man page * move to separate section (like we use for LOOP DEVICE support) * explain what dm-verity + mount(8) does Signed-off-by: Karel Zak --- sys-utils/mount.8 | 18 ++++++++++++------ 1 file changed, 12 insertions(+), 6 deletions(-) diff --git a/sys-utils/mount.8 b/sys-utils/mount.8 index 9c633bf26b..5ab776c076 100644 --- a/sys-utils/mount.8 +++ b/sys-utils/mount.8 @@ -2373,11 +2373,14 @@ Set the owner and group and mode of the file .I devices (default: uid=gid=0, mode=0444). The mode is given in octal. -.SS "Mount options for dm-verity"" -Mounting volumes using dm-verity for integrity verification is supported where appropriate -using the following options. Requires libcryptsetup. -If libcryptsetup supports extracting the root hash of an already mounted device, existing -devices will be automatically reused in case of a match. +.SH "DM-VERITY SUPPORT (experimental)" +The device-mapper verity target provides read-only transparent integrity +checking of block devices using kernel crypto API. The mount command can open +the dm-verity device and do the integrity verification before on the device +filesystem is mounted. Requires libcryptsetup with in libmount. If +libcryptsetup supports extracting the root hash of an already mounted device, +existing devices will be automatically reused in case of a match. +Mount options for dm-verity: .TP \fBverity.hashdevice=\fP\,\fIpath\fP Path to the hash tree device associated with the source volume to pass to dm-verity. @@ -2390,8 +2393,11 @@ Hex-encoded hash of the root of If the hash tree device is embedded in the source volume, .I offset (default: 0) is used by dm-verity to get to the tree. +.RE +.PP +Supported since util-linux v2.35. -.SH "THE LOOP DEVICE" +.SH "LOOP-DEVICE SUPPORT" One further possible type is a mount via the loop device. For example, the command .RS -- 2.39.2