summaryrefslogtreecommitdiffstats
path: root/upstream/fedora-rawhide/man5/veritytab.5
diff options
context:
space:
mode:
Diffstat (limited to 'upstream/fedora-rawhide/man5/veritytab.5')
-rw-r--r--upstream/fedora-rawhide/man5/veritytab.590
1 files changed, 67 insertions, 23 deletions
diff --git a/upstream/fedora-rawhide/man5/veritytab.5 b/upstream/fedora-rawhide/man5/veritytab.5
index d68a8af4..c8b0b5d3 100644
--- a/upstream/fedora-rawhide/man5/veritytab.5
+++ b/upstream/fedora-rawhide/man5/veritytab.5
@@ -1,5 +1,5 @@
'\" t
-.TH "VERITYTAB" "5" "" "systemd 255" "veritytab"
+.TH "VERITYTAB" "5" "" "systemd 256~rc3" "veritytab"
.\" -----------------------------------------------------------------
.\" * Define some portability stuff
.\" -----------------------------------------------------------------
@@ -40,7 +40,7 @@ Each line is in the form
.RS 4
.\}
.nf
-\fIvolume\-name\fR \fIdata\-device\fR \fIhash\-device\fR \fIroothash\fR \fIoptions\fR
+\fIvolume\-name\fR \fIdata\-device\fR \fIhash\-device\fR \fIroothash\fR [\fIoptions\fR]
.fi
.if n \{\
.RE
@@ -52,15 +52,17 @@ The first field contains the name of the resulting verity volume; its block devi
/dev/mapper/\&.
.PP
The second field contains a path to the underlying block data device, or a specification of a block device via
-"UUID="
-followed by the UUID\&.
+\fIUUID=\fR
+followed by the
+\fIUUID\fR\&.
.PP
The third field contains a path to the underlying block hash device, or a specification of a block device via
-"UUID="
-followed by the UUID\&.
+\fIUUID=\fR
+followed by the
+\fIUUID\fR\&.
.PP
The fourth field is the
-"roothash"
+\fIroothash\fR
in hexadecimal\&.
.PP
The fifth field, if present, is a comma\-delimited list of options\&. The following options are recognized:
@@ -74,7 +76,11 @@ Added in version 254\&.
.PP
\fBformat=\fR\fB\fINUMBER\fR\fR
.RS 4
-Specifies the hash version type\&. Format type 0 is original Chrome OS version\&. Format type 1 is modern version\&.
+Specifies the hash version type\&. Format type
+"0"
+is original Chrome OS version\&. Format type
+"1"
+is modern version\&.
.sp
Added in version 254\&.
.RE
@@ -111,26 +117,38 @@ Added in version 254\&.
\fBsalt=\fR\fB\fIHEX\fR\fR
.RS 4
Salt used for format or verification\&. Format is a hexadecimal string; 256 bytes long maximum;
-"\-"is the special value for empty\&.
+"\-"
+is the special value for empty\&.
.sp
Added in version 254\&.
.RE
.PP
\fBuuid=\fR\fB\fIUUID\fR\fR
.RS 4
-Use the provided UUID for format command instead of generating new one\&. The UUID must be provided in standard UUID format, e\&.g\&. 12345678\-1234\-1234\-1234\-123456789abc\&.
+Use the provided
+\fIUUID\fR
+instead of generating new one\&. The
+\fIUUID\fR
+must be provided in standard
+UUID
+format, e\&.g\&.
+"12345678\-1234\-1234\-1234\-123456789abc"\&.
.sp
Added in version 254\&.
.RE
.PP
\fBignore\-corruption\fR, \fBrestart\-on\-corruption\fR, \fBpanic\-on\-corruption\fR
.RS 4
-Defines what to do if a data verity problem is detected (data corruption)\&. Without these options kernel fails the IO operation with I/O error\&. With
-"\-\-ignore\-corruption"
+Defines what to do if a data verity problem is detected (data corruption)\&. Without these options kernel fails the
+IO
+operation with
+I/O
+error\&. With
+\fB\-\-ignore\-corruption\fR
option the corruption is only logged\&. With
-"\-\-restart\-on\-corruption"
+\fB\-\-restart\-on\-corruption\fR
or
-"\-\-panic\-on\-corruption"
+\fB\-\-panic\-on\-corruption\fR
the kernel is restarted (panicked) immediately\&. (You have to provide way how to avoid restart loops\&.)
.sp
Added in version 248\&.
@@ -138,15 +156,43 @@ Added in version 248\&.
.PP
\fBignore\-zero\-blocks\fR
.RS 4
-Instruct kernel to not verify blocks that are expected to contain zeroes and always directly return zeroes instead\&. WARNING: Use this option only in very specific cases\&. This option is available since Linux kernel version 4\&.5\&.
+Instruct kernel to not verify blocks that are expected to contain zeroes and always directly return zeroes instead\&.
+.if n \{\
.sp
+.\}
+.RS 4
+.it 1 an-trap
+.nr an-no-space-flag 1
+.nr an-break-flag 1
+.br
+.ps +1
+\fBWarning\fR
+.ps -1
+.br
+Use this option only in very specific cases\&. This option is available since Linux kernel version 4\&.5\&.
+.sp .5v
+.RE
Added in version 248\&.
.RE
.PP
\fBcheck\-at\-most\-once\fR
.RS 4
-Instruct kernel to verify blocks only the first time they are read from the data device, rather than every time\&. WARNING: It provides a reduced level of security because only offline tampering of the data device\*(Aqs content will be detected, not online tampering\&. This option is available since Linux kernel version 4\&.17\&.
+Instruct kernel to verify blocks only the first time they are read from the data device, rather than every time\&.
+.if n \{\
.sp
+.\}
+.RS 4
+.it 1 an-trap
+.nr an-no-space-flag 1
+.nr an-break-flag 1
+.br
+.ps +1
+\fBWarning\fR
+.ps -1
+.br
+It provides a reduced level of security because only offline tampering of the data device\*(Aqs content will be detected, not online tampering\&. This option is available since Linux kernel version 4\&.17\&.
+.sp .5v
+.RE
Added in version 248\&.
.RE
.PP
@@ -160,14 +206,16 @@ Added in version 254\&.
.PP
\fBfec\-device=\fR\fB\fIPATH\fR\fR
.RS 4
-Use forward error correction (FEC) to recover from corruption if hash verification fails\&. Use encoding data from the specified device\&. The fec device argument can be block device or file image\&. For format, if fec device path doesn\*(Aqt exist, it will be created as file\&. Note: block sizes for data and hash devices must match\&. Also, if the verity data_device is encrypted the fec_device should be too\&.
+Use forward error correction (FEC) to recover from corruption if hash verification fails\&. Use encoding data from the specified device\&. The fec device argument can be block device or file image\&. If fec device path doesn\*(Aqt exist, it will be created as file\&. Note: block sizes for data and hash devices must match\&. Also, if the verity data_device is encrypted the fec_device should be too\&.
.sp
Added in version 254\&.
.RE
.PP
\fBfec\-offset=\fR\fB\fIBYTES\fR\fR
.RS 4
-This is the offset, in bytes, from the start of the FEC device to the beginning of the encoding data\&. (Aligned on 512 bytes\&.)
+This is the offset, in bytes, from the start of the
+FEC
+device to the beginning of the encoding data\&. (Aligned on 512 bytes\&.)
.sp
Added in version 254\&.
.RE
@@ -268,8 +316,4 @@ data /etc/data /etc/hash a5ee4b42f70ae1f46a08a7c92c2e0a20672ad2f514792730f5d49d7
.\}
.SH "SEE ALSO"
.PP
-\fBsystemd\fR(1),
-\fBsystemd-veritysetup@.service\fR(8),
-\fBsystemd-veritysetup-generator\fR(8),
-\fBfstab\fR(5),
-\fBveritysetup\fR(8),
+\fBsystemd\fR(1), \fBsystemd-veritysetup@.service\fR(8), \fBsystemd-veritysetup-generator\fR(8), \fBfstab\fR(5), \fBveritysetup\fR(8)
generated by cgit v1.2.3 (git 2.39.1) at 2025-02-05 01:06:15 +0000