"Fossies" - the Fresh Open Source Software Archive  

Source code changes of the file "man/integritysetup.8" between
cryptsetup-2.3.6.tar.xz and cryptsetup-2.4.0.tar.xz

About: cryptsetup is a utility used to conveniently setup disk encryption based on the dm-crypt kernel module. These include plain dm-crypt volumes, LUKS volumes, loop-AES and TrueCrypt compatible format.

integritysetup.8  (cryptsetup-2.3.6.tar.xz):integritysetup.8  (cryptsetup-2.4.0.tar.xz)
skipping to change at line 34 skipping to change at line 34
--tag-size, --integrity, --integrity-key-size, --integrity-key- file, --sector-size, --progress- --tag-size, --integrity, --integrity-key-size, --integrity-key- file, --sector-size, --progress-
frequency] frequency]
open <device> <name> open <device> <name>
create <name> <device> (OBSOLETE syntax) create <name> <device> (OBSOLETE syntax)
Open a mapping with <name> backed by device <device>. Open a mapping with <name> backed by device <device>.
<options> can be [--data-device, --batch-mode, --journal-watermark , --journal-commit-time, --buf- <options> can be [--data-device, --batch-mode, --journal-watermark , --journal-commit-time, --buf-
fer-sectors, --integrity, --integrity-key-size, --integrity-ke y-file, --integrity-no-journal, fer-sectors, --integrity, --integrity-key-size, --integrity-ke y-file, --integrity-no-journal,
--integrity-recalculate, --integrity-recovery-mode, --allow-discar --integrity-recalculate, --integrity-recalculate-reset,--integri
ds] ty-recovery-mode, --allow-dis-
cards]
close <name> close <name>
Removes existing mapping <name>. Removes existing mapping <name>.
For backward compatibility, there is remove command alias for the close command. For backward compatibility, there is remove command alias for the close command.
<options> can be [--deferred] or [--cancel-deferred]
status <name> status <name>
Reports status for the active integrity mapping <name>. Reports status for the active integrity mapping <name>.
dump <device> dump <device>
Reports parameters from on-disk stored superblock. Reports parameters from on-disk stored superblock.
OPTIONS OPTIONS
--verbose, -v --verbose, -v
skipping to change at line 67 skipping to change at line 70
--version --version
Show the program version. Show the program version.
--batch-mode --batch-mode
Do not ask for confirmation. Do not ask for confirmation.
--progress-frequency <seconds> --progress-frequency <seconds>
Print separate line every <seconds> with wipe progress. Print separate line every <seconds> with wipe progress.
--no-wipe --no-wipe
Do not wipe the device after format. A device that is not initiall y wiped will contain invalid Do not wipe the device after format. A device that is not init ially wiped will contain invalid
checksums. checksums.
--journal-size, -j BYTES --journal-size, -j BYTES
Size of the journal. Size of the journal.
--interleave-sectors SECTORS --interleave-sectors SECTORS
The number of interleaved sectors. The number of interleaved sectors.
--integrity-recalculate --integrity-recalculate
Automatically recalculate integrity tags in kernel on activation Automatically recalculate integrity tags in kernel on activation.
. The device can be used during The device can be used during
automatic integrity recalculation but becomes fully integrity prot automatic integrity recalculation but becomes fully integrity pro
ected only after the background tected only after the background
operation is finished. This option is available since the Linux k ernel version 4.19. operation is finished. This option is available since the Linux k ernel version 4.19.
--integrity-recalculate-reset
Restart recalculation from the beginning of the device. It can be
used to change the integrity
checksum function. Note it does not change the tag length. Th
is option is available since the
Linux kernel version 5.13.
--journal-watermark PERCENT --journal-watermark PERCENT
Journal watermark in percents. When the size of the journal exc eeds this watermark, the journal Journal watermark in percents. When the size of the journal exceed s this watermark, the journal
flush will be started. flush will be started.
--journal-commit-time MS --journal-commit-time MS
Commit time in milliseconds. When this time passes (and no explici t flush operation was issued), Commit time in milliseconds. When this time passes (and no expli cit flush operation was issued),
the journal is written. the journal is written.
--tag-size, -t BYTES --tag-size, -t BYTES
Size of the integrity tag per-sector (here the integrity function will store authentication tag). Size of the integrity tag per-sector (here the integrity function will store authentication tag).
NOTE: The size can be smaller that output size of the hash functio n, in that case only part of the NOTE: The size can be smaller that output size of the hash functio n, in that case only part of the
hash will be stored. hash will be stored.
--data-device --data-device
Specify a separate data device that contains existing data. The <d evice> then will contain calcu- Specify a separate data device that contains existing data. The < device> then will contain calcu-
lated integrity tags and journal for this data device. lated integrity tags and journal for this data device.
--sector-size, -s BYTES --sector-size, -s BYTES
Sector size (power of two: 512, 1024, 2048, 4096). Sector size (power of two: 512, 1024, 2048, 4096).
--buffer-sectors SECTORS --buffer-sectors SECTORS
The number of sectors in one buffer. The number of sectors in one buffer.
The tag area is accessed using buffers, the large buffer size means that the I/O size will be The tag area is accessed using buffers, the large buffer size mean s that the I/O size will be
larger, but there could be less I/Os issued. larger, but there could be less I/Os issued.
--integrity, -I ALGORITHM --integrity, -I ALGORITHM
Use internal integrity calculation (standalone mode). The in tegrity algorithm can be CRC Use internal integrity calculation (standalone mode). The integrity algorithm can be CRC
(crc32c/crc32) or hash function (sha1, sha256). (crc32c/crc32) or hash function (sha1, sha256).
For HMAC (hmac-sha256) you have also to specify an integrity key a nd its size. For HMAC (hmac-sha256) you have also to specify an integrity key a nd its size.
--integrity-key-size BYTES --integrity-key-size BYTES
The size of the data integrity key. Maximum is 4096 bytes. The size of the data integrity key. Maximum is 4096 bytes.
--integrity-key-file FILE --integrity-key-file FILE
The file with the integrity key. The file with the integrity key.
--integrity-no-journal, -D --integrity-no-journal, -D
Disable journal for integrity device. Disable journal for integrity device.
--integrity-bitmap-mode. -B --integrity-bitmap-mode. -B
Use alternate bitmap mode (available since Linux kernel 5.2) Use alternate bitmap mode (available since Linux kernel 5.2) w
where dm-integrity uses bitmap here dm-integrity uses bitmap
instead of a journal. If a bit in the bitmap is 1, the correspondi instead of a journal. If a bit in the bitmap is 1, the correspon
ng region's data and integrity ding region's data and integrity
tags are not synchronized - if the machine crashes, the unsynch tags are not synchronized - if the machine crashes, the unsynchron
ronized regions will be recalcu- ized regions will be recalcu-
lated. The bitmap mode is faster than the journal mode, because w lated. The bitmap mode is faster than the journal mode, because
e don't have to write the data we don't have to write the data
twice, but it is also less reliable, because if data corruption h twice, but it is also less reliable, because if data corruption ha
appens when the machine crashes, ppens when the machine crashes,
it may not be detected. it may not be detected.
--bitmap-sectors-per-bit SECTORS --bitmap-sectors-per-bit SECTORS
Number of 512-byte sectors per bitmap bit, the value must be power of two. Number of 512-byte sectors per bitmap bit, the value must be power of two.
--bitmap-flush-time MS --bitmap-flush-time MS
Bitmap flush time in milliseconds. Bitmap flush time in milliseconds.
WARNING: WARNING:
In case of a crash, it is possible that the data and integrity tag doesn't match if the journal is In case of a crash, it is possible that the data and integrity tag doesn't match if the journal is
skipping to change at line 158 skipping to change at line 166
--journal-integrity ALGORITHM --journal-integrity ALGORITHM
Integrity algorithm for journal area. See --integrity option for detailed specification. Integrity algorithm for journal area. See --integrity option for detailed specification.
--journal-integrity-key-size BYTES --journal-integrity-key-size BYTES
The size of the journal integrity key. Maximum is 4096 bytes. The size of the journal integrity key. Maximum is 4096 bytes.
--journal-integrity-key-file FILE --journal-integrity-key-file FILE
The file with the integrity key. The file with the integrity key.
--journal-crypt ALGORITHM --journal-crypt ALGORITHM
Encryption algorithm for journal data area. You can use a block c ipher here such as cbc-aes or a Encryption algorithm for journal data area. You can use a block cipher here such as cbc-aes or a
stream cipher, for example, chacha20 or ctr-aes. stream cipher, for example, chacha20 or ctr-aes.
--journal-crypt-key-size BYTES --journal-crypt-key-size BYTES
The size of the journal encryption key. Maximum is 4096 bytes. The size of the journal encryption key. Maximum is 4096 bytes.
--journal-crypt-key-file FILE --journal-crypt-key-file FILE
The file with the journal encryption key. The file with the journal encryption key.
--allow-discards --allow-discards
Allow the use of discard (TRIM) requests for the device. This opt ion is available since the Linux Allow the use of discard (TRIM) requests for the device. This opt ion is available since the Linux
kernel version 5.7. kernel version 5.7.
--deferred
Defers device removal in close command until the last user closes
it.
--cancel-deferred
Removes a previously configured deferred device removal in close c
ommand.
The dm-integrity target is available since Linux kernel version 4.12. The dm-integrity target is available since Linux kernel version 4.12.
NOTE: Format and activation of an integrity device always require su peruser privilege because the NOTE: Format and activation of an integrity device always require superuser privilege because the
superblock is calculated and handled in dm-integrity kernel target . superblock is calculated and handled in dm-integrity kernel target .
LEGACY COMPATIBILITY OPTIONS LEGACY COMPATIBILITY OPTIONS
WARNING: WARNING:
Do not use these options until you need compatibility with specifi c old kernel. Do not use these options until you need compatibility with specifi c old kernel.
--integrity-legacy-padding --integrity-legacy-padding
Use inefficient legacy padding. Use inefficient legacy padding.
--integrity-legacy-hmac --integrity-legacy-hmac
Use old flawed HMAC calclation (also does not protect superblock). Use old flawed HMAC calclation (also does not protect superblock).
--integrity-legacy-recalculate --integrity-legacy-recalculate
Allow insecure recalculating of volumes with HMAC keys (recalcual tion offset in superblock is not Allow insecure recalculating of volumes with HMAC keys (recalcualt ion offset in superblock is not
protected). protected).
RETURN CODES RETURN CODES
Integritysetup returns 0 on success and a non-zero value on error. Integritysetup returns 0 on success and a non-zero value on error.
Error codes are: Error codes are:
1 wrong parameters 1 wrong parameters
2 no permission 2 no permission
3 out of memory 3 out of memory
4 wrong device specified 4 wrong device specified
skipping to change at line 211 skipping to change at line 225
Format the device with default standalone mode (CRC32C): Format the device with default standalone mode (CRC32C):
integritysetup format <device> integritysetup format <device>
Open the device with default parameters: Open the device with default parameters:
integritysetup open <device> test integritysetup open <device> test
Format the device in standalone mode for use with HMAC(SHA256): Format the device in standalone mode for use with HMAC(SHA256):
integritysetup format <device> --tag-size 32 --integrity hmac-sha256 --integrity-key-file <keyfile> integritysetup format <device> --tag-size 32 --integrity hmac-sha25 6 --integrity-key-file <keyfile>
--integrity-key-size <key_bytes> --integrity-key-size <key_bytes>
Open (activate) the device with HMAC(SHA256) and HMAC key in file: Open (activate) the device with HMAC(SHA256) and HMAC key in file:
integritysetup open <device> test --integrity hmac-sha256 --integrity-key-file <keyfile> integritysetup open <device> test --integrity hmac-sha256 - -integrity-key-file <keyfile>
--integrity-key-size <key_bytes> --integrity-key-size <key_bytes>
Dump dm-integrity superblock information: Dump dm-integrity superblock information:
integritysetup dump <device> integritysetup dump <device>
REPORTING BUGS REPORTING BUGS
Report bugs, including ones in the documentation, on the cryptsetup maili Report bugs, including ones in the documentation, on the cryptsetup mai
ng list at <dm-crypt@saout.de> ling list at <dm-crypt@saout.de>
or in the 'Issues' section on LUKS website. Please attach the outpu or in the 'Issues' section on LUKS website. Please attach the output of
t of the failed command with the the failed command with the
--debug option added. --debug option added.
AUTHORS AUTHORS
The integritysetup tool is written by Milan Broz <gmazyland@gmail.com> an d is part of the cryptsetup The integritysetup tool is written by Milan Broz <gmazyland@gmail.co m> and is part of the cryptsetup
project. project.
COPYRIGHT COPYRIGHT
Copyright © 2016-2021 Red Hat, Inc. Copyright © 2016-2021 Red Hat, Inc.
Copyright © 2016-2021 Milan Broz Copyright © 2016-2021 Milan Broz
This is free software; see the source for copying conditions. There i s NO warranty; not even for MER- This is free software; see the source for copying conditions. There is N O warranty; not even for MER-
CHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. CHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
SEE ALSO SEE ALSO
The project website at https://gitlab.com/cryptsetup/cryptsetup The project website at https://gitlab.com/cryptsetup/cryptsetup
The integrity on-disk format specification available at http s://gitlab.com/cryptsetup/crypt- The integrity on-disk format specification available at http s://gitlab.com/cryptsetup/crypt-
setup/wikis/DMIntegrity setup/wikis/DMIntegrity
integritysetup January 2021 INTEGRITYSETUP(8) integritysetup January 2021 INTEGRITYSETUP(8)
 End of changes. 21 change blocks. 
34 lines changed or deleted 52 lines changed or added

Home  |  About  |  Features  |  All  |  Newest  |  Dox  |  Diffs  |  RSS Feeds  |  Screenshots  |  Comments  |  Imprint  |  Privacy  |  HTTP(S)