blob: 393041eac24c2bc63cdd2070ca321f7ee44a859a [file] [log] [blame] [edit]
Verity is the userspace tool for creating integrity hashes for a device image.
This tool is a frontend for dm-bht, a device-mapper friendly block hash
table structure. `verity' produces dm-bht-based images for use with
dm-verity. The dm-verity module provides a transparent, integrity-checking
layer over a given block device. This expects a backing device and a secondary
device which provides cryptographic digests of the blocks on the primary
device
Note, the secondary device image can be appended to the primary device or
used as a standalone device.
This tool creates an image of the format:
[hash of hash of blocks n ... n+n-1]
[hash of hash of blocks 0 ... n-1]
[...]
[hash of block 1]
[hash of block 0]
Upon completion, the hash of the root hash will be printed to standard
out. The root hash, tree depth, number of hashed blocks, and cryptographic
hash algorithm used must be supplied to the dm-verity when configuring a
device.
To build outside of Chromium OS:
- make all WITH_CHROME=0
To use:
./build-opt/verity mode depth alg image hash_image [root_hexdigest]
E.g.,
dd if=/dev/zero of=/tmp/image bs=4k count=512
./build-opt/verity create 2 sha256 /tmp/image /tmp/hash | tee table
# ...
cat table
ls -la /tmp/hash
Licensing note:
All the source code is licensed GPLv2 to be completely kernel compatible.
The Makefiles are from the parent project and are licensed under a BSD-style
license.