[dm-devel] DM-Verity Tool
Mikulas Patocka
mpatocka at redhat.com
Fri May 31 12:31:50 UTC 2013
On Thu, 30 May 2013, pavankumar.p at globaledgesoft.com wrote:
> Hi All,
> Thanks for your answers to previous questions. I have some more doubts
> regarding DM-Verity please clarify it.
>
>
> 1. When dm-verity validation fails, do we lose access to the file? And how
> about accessing the rest of the filesystem?
You lose access to the affected files, but the rest of the filesystem is
still accessible.
> 2. Is there any recovery mechanism for a validation failure?
No.
> 3. How do we update a DM-Verity filesystem? Can it be done on a file basis?
> I believe that dm-verity works on the blocks & not on the file system, is
> that true?
You don't update it. You create the filesystems, then calculate dm-verity
checksums and then mount it read only.
Yes, dm-verity works on blocks.
> 4. Can we use dm-verity for any filesystem (say UBIFS)? Is there any
> restriction on filesystem?
You can use it for any filesystem.
> 5. How to update DM-Veirty device without removing device mapping. I tried
> mounting the dm-verity target but it fails
You can't update it.
If you want to update it, you need to unmount the filesystem, unload the
dm-verity target, mount the underlying device read-write, make changes,
unmount it, recreate checksums with veritysetup, load the dm-verity target
and mount it read only.
> Thanks in advance,
> Pavan Kumar P
Mikulas
More information about the dm-devel
mailing list