.I devices
(default: uid=gid=0, mode=0444). The mode is given in octal.
-.SS "Mount options for dm-verity""
-Mounting volumes using dm-verity for integrity verification is supported where appropriate
-using the following options. Requires libcryptsetup.
-If libcryptsetup supports extracting the root hash of an already mounted device, existing
-devices will be automatically reused in case of a match.
+.SH "DM-VERITY SUPPORT (experimental)"
+The device-mapper verity target provides read-only transparent integrity
+checking of block devices using kernel crypto API. The mount command can open
+the dm-verity device and do the integrity verification before on the device
+filesystem is mounted. Requires libcryptsetup with in libmount. If
+libcryptsetup supports extracting the root hash of an already mounted device,
+existing devices will be automatically reused in case of a match.
+Mount options for dm-verity:
.TP
\fBverity.hashdevice=\fP\,\fIpath\fP
Path to the hash tree device associated with the source volume to pass to dm-verity.
If the hash tree device is embedded in the source volume,
.I offset
(default: 0) is used by dm-verity to get to the tree.
+.RE
+.PP
+Supported since util-linux v2.35.
-.SH "THE LOOP DEVICE"
+.SH "LOOP-DEVICE SUPPORT"
One further possible type is a mount via the loop device. For example,
the command
.RS