[dm-devel] [Fwd: Re: DM-Verity Tool]
Mikulas Patocka
mpatocka at redhat.com
Mon Jun 3 14:29:30 UTC 2013
On Fri, 31 May 2013, pavankumar.p at globaledgesoft.com wrote:
> ---------------------------- Original Message ----------------------------
> Subject: Re: DM-Verity Tool
> From: pavankumar.p at globaledgesoft.com
> Date: Mon, May 27, 2013 9:22 pm
> To: "Milan Broz" <gmazyland at gmail.com>
> mpatocka at redhat.com
> "device-mapper development" <dm-devel at redhat.com>
> "Marian Csontos" <mcsontos at redhat.com>
> --------------------------------------------------------------------------
>
> Hello Mikulas,
>
> > By corrupting the image? :) See tests/verity-compat-test in cryptsetup
> > tree, it is basic regression test which is simulating both data and hash
> > corruption (it just dd random data to know offset and expects failure.)
>
> In tests/verity-compat-test, in the following line
> "check_root_hash 512
> 9de18652fe74edfb9b805aaed72ae2aa48f94333f1ba5c452ac33b1c39325174 $SALT 1
> sha256 8388608"
>
> How's the last parameter (hash_offset) calculated? it's hard coded
> here(8388608).
>
> Regards,
> Pavan
If you use two separate devices for data and hash, hash offset is zero
(hash starts at the beginning of the second device).
If you use one block device for both data and hash, hash offset points to
the end of the data (and beginning of hash) - if you want to use it this
way, you have to set hash offset manually.
Mikulas
More information about the dm-devel
mailing list