Google Git
Sign in
cos / mirrors / cros / chromiumos / platform / dm-verity / refs/heads/stabilize-13310.72.B
commit393cd4d510256b0bb2bdd0acd9656105cfd28771[log] [tgz]
authorJorge Lucangeli Obes <jorgelo@chromium.org>Tue Jun 18 13:10:32 2019 -0400
committerChris McDonald <cjmcdonald@chromium.org>Wed Jun 19 02:42:02 2019 +0000
tree1f77ce9d4bf7400f3d5f5a5f42698fee57abbd6d
parentb69aeca51481055c58780981d9e8aa1aef90491b [diff]
verity: Update OWNERS file.

We'd like to have at least two active owners on each project.
Start by adding Mattias and we can later transition this to other
members of the security team.

BUG=None
TEST=None

Change-Id: I5979c8271a39e2a23363c6166cdd2ac1849a3c48
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/dm-verity/+/1663998
Reviewed-by: Chris McDonald <cjmcdonald@chromium.org>
Reviewed-by: Mattias Nissler <mnissler@chromium.org>
Legacy-Commit-Queue: Commit Bot <commit-bot@chromium.org>
Commit-Queue: Jorge Lucangeli Obes <jorgelo@chromium.org>
Tested-by: Chris McDonald <cjmcdonald@chromium.org>
1 file changed
tree: 1f77ce9d4bf7400f3d5f5a5f42698fee57abbd6d
  1. include/
  2. kernel/
  3. logging/
  4. simple_file/
  5. .gitignore
  6. common.mk
  7. dm-bht-userspace.c
  8. dm-bht-userspace.h
  9. dm-bht.c
  10. dm-bht.h
  11. dm-bht_unittest.cc
  12. file_hasher.cc
  13. file_hasher.h
  14. file_hasher_unittest.cc
  15. LICENSE
  16. LICENSE.makefile
  17. logging.h
  18. Makefile
  19. OWNERS
  20. PRESUBMIT.cfg
  21. README.md
  22. utils.cc
  23. utils.h
  24. verity_main.cc
  25. verity_testrunner.cc
README.md

Verity

Verity is the userspace tool for creating integrity hashes for a device image.

This tool is a frontend for dm-bht, a device-mapper friendly block hash table structure. `verity' produces dm-bht-based images for use with dm-verity. The dm-verity module provides a transparent, integrity-checking layer over a given block device. This expects a backing device and a secondary device which provides cryptographic digests of the blocks on the primary device

Note, the secondary device image can be appended to the primary device or used as a standalone device.

This tool creates an image of the format:

  • [hash of hash of blocks n ... n+n-1]
  • [hash of hash of blocks 0 ... n-1]
  • [...]
  • [hash of block 1]
  • [hash of block 0]

Upon completion, the hash of the root hash will be printed to standard out. The root hash, tree depth, number of hashed blocks, and cryptographic hash algorithm used must be supplied to the dm-verity when configuring a device.

Building

To build outside of Chromium OS:

make

Example Usage

To use:

./verity mode depth alg image hash_image [root_hexdigest]

For example:

dd if=/dev/zero of=/tmp/image bs=4k count=512
./verity create 2 sha256 /tmp/image /tmp/hash | tee table
# ...
cat table
ls -la /tmp/hash

Licensing

All the source code is licensed GPLv2 to be completely kernel compatible. The Makefiles are from the parent project and are licensed under a BSD-style license.