commit | a47361bb6d4bb9c879cba7b2c546ab94826c77ec | [log] [tgz] |
---|---|---|
author | Amin Hassani <ahassani@chromium.org> | Tue Aug 18 14:38:52 2020 -0700 |
committer | Commit Bot <commit-bot@chromium.org> | Thu Aug 20 22:01:26 2020 +0000 |
tree | 46c7adf66cfb6ac7d52c024d753e4ba90ec8fd68 | |
parent | 4c1a3b764ca301f5a28a681f537f1a9298f3d0ce [diff] |
Run clang-format on missed files It turnes out I missed a few files when doing the merge (crrev.com/c/2363183). Hopefully these are the last of them. No manual changes. Just clang-format on a copy in platform2/verity and rsynced back to platform/verity. BUG=chromium:886953 TEST=CQ passes Change-Id: Ib28f34bd23f19185770873dca9c5ef0b9549e634 Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/dm-verity/+/2363568 Tested-by: Amin Hassani <ahassani@chromium.org> Auto-Submit: Amin Hassani <ahassani@chromium.org> Reviewed-by: Mike Frysinger <vapier@chromium.org> Reviewed-by: Jorge Lucangeli Obes <jorgelo@chromium.org> Commit-Queue: Amin Hassani <ahassani@chromium.org>
Verity is the userspace tool for creating integrity hashes for a device image.
This tool is a frontend for dm-bht, a device-mapper friendly block hash table structure. `verity' produces dm-bht-based images for use with dm-verity. The dm-verity module provides a transparent, integrity-checking layer over a given block device. This expects a backing device and a secondary device which provides cryptographic digests of the blocks on the primary device
Note, the secondary device image can be appended to the primary device or used as a standalone device.
This tool creates an image of the format:
Upon completion, the hash of the root hash will be printed to standard out. The root hash, tree depth, number of hashed blocks, and cryptographic hash algorithm used must be supplied to the dm-verity when configuring a device.
To build outside of Chromium OS:
make
To use:
./verity mode depth alg image hash_image [root_hexdigest]
For example:
dd if=/dev/zero of=/tmp/image bs=4k count=512 ./verity create 2 sha256 /tmp/image /tmp/hash | tee table # ... cat table ls -la /tmp/hash
All the source code is licensed GPLv2 to be completely kernel compatible. The Makefiles are from the parent project and are licensed under a BSD-style license.