diff options
Diffstat (limited to '')
-rw-r--r-- | man/veritytab.xml | 63 |
1 files changed, 32 insertions, 31 deletions
diff --git a/man/veritytab.xml b/man/veritytab.xml index bc9aa58..6bd0960 100644 --- a/man/veritytab.xml +++ b/man/veritytab.xml @@ -1,7 +1,7 @@ <?xml version="1.0"?> <!--*-nxml-*--> <!DOCTYPE refentry PUBLIC "-//OASIS//DTD DocBook XML V4.5//EN" - "http://www.oasis-open.org/docbook/xml/4.2/docbookx.dtd"> + "http://www.oasis-open.org/docbook/xml/4.5/docbookx.dtd"> <!-- SPDX-License-Identifier: LGPL-2.1-or-later @@ -41,19 +41,19 @@ This is based on crypttab(5). verity protected block device. Fields are delimited by white space.</para> - <para>Each line is in the form<programlisting><replaceable>volume-name</replaceable> <replaceable>data-device</replaceable> <replaceable>hash-device</replaceable> <replaceable>roothash</replaceable> <replaceable>options</replaceable></programlisting> + <para>Each line is in the form<programlisting><replaceable>volume-name</replaceable> <replaceable>data-device</replaceable> <replaceable>hash-device</replaceable> <replaceable>roothash</replaceable> <optional><replaceable>options</replaceable></optional></programlisting> The first four fields are mandatory, the remaining one is optional.</para> <para>The first field contains the name of the resulting verity volume; its block device is set up below <filename>/dev/mapper/</filename>.</para> <para>The second field contains a path to the underlying block data device, or a specification of a block device via - <literal>UUID=</literal> followed by the UUID.</para> + <varname>UUID=</varname> followed by the <replaceable>UUID</replaceable>.</para> <para>The third field contains a path to the underlying block hash device, or a specification of a block device via - <literal>UUID=</literal> followed by the UUID.</para> + <varname>UUID=</varname> followed by the <replaceable>UUID</replaceable>.</para> - <para>The fourth field is the <literal>roothash</literal> in hexadecimal.</para> + <para>The fourth field is the <replaceable>roothash</replaceable> in hexadecimal.</para> <para>The fifth field, if present, is a comma-delimited list of options. The following options are recognized:</para> @@ -71,7 +71,7 @@ This is based on crypttab(5). <varlistentry> <term><option>format=<replaceable>NUMBER</replaceable></option></term> - <listitem><para>Specifies the hash version type. Format type 0 is original Chrome OS version. Format type 1 is + <listitem><para>Specifies the hash version type. Format type <literal>0</literal> is original Chrome OS version. Format type <literal>1</literal> is modern version.</para> <xi:include href="version-info.xml" xpointer="v254"/></listitem> @@ -117,7 +117,7 @@ This is based on crypttab(5). <term><option>salt=<replaceable>HEX</replaceable></option></term> <listitem><para>Salt used for format or verification. Format is a hexadecimal string; 256 bytes long maximum; - <literal>-</literal>is the special value for empty.</para> + <literal>-</literal> is the special value for empty.</para> <xi:include href="version-info.xml" xpointer="v254"/></listitem> </varlistentry> @@ -125,11 +125,10 @@ This is based on crypttab(5). <varlistentry> <term><option>uuid=<replaceable>UUID</replaceable></option></term> - <listitem><para>Use the provided UUID for format command instead of generating new one. The UUID must be - provided in standard UUID format, e.g. 12345678-1234-1234-1234-123456789abc.</para> + <listitem><para>Use the provided <replaceable>UUID</replaceable> instead of generating new one. The <replaceable>UUID</replaceable> must be + provided in standard <acronym>UUID</acronym> format, e.g. <literal>12345678-1234-1234-1234-123456789abc</literal>.</para> <xi:include href="version-info.xml" xpointer="v254"/></listitem> - <listitem><para></para></listitem> </varlistentry> <varlistentry> @@ -138,9 +137,9 @@ This is based on crypttab(5). <term><option>panic-on-corruption</option></term> <listitem><para>Defines what to do if a data verity problem is detected (data corruption). Without these - options kernel fails the IO operation with I/O error. With <literal>--ignore-corruption</literal> option the - corruption is only logged. With <literal>--restart-on-corruption</literal> or - <literal>--panic-on-corruption</literal> the kernel is restarted (panicked) immediately. + options kernel fails the <acronym>IO</acronym> operation with <acronym>I/O</acronym> error. With <option>--ignore-corruption</option> option the + corruption is only logged. With <option>--restart-on-corruption</option> or + <option>--panic-on-corruption</option> the kernel is restarted (panicked) immediately. (You have to provide way how to avoid restart loops.)</para> @@ -151,10 +150,11 @@ This is based on crypttab(5). <term><option>ignore-zero-blocks</option></term> <listitem><para>Instruct kernel to not verify blocks that are expected to contain zeroes and always directly - return zeroes instead. + return zeroes instead.</para> - WARNING: Use this option only in very specific cases. This option is available since Linux kernel version 4.5. - </para> + <warning> + <para>Use this option only in very specific cases. This option is available since Linux kernel version 4.5.</para> + </warning> <xi:include href="version-info.xml" xpointer="v248"/></listitem> </varlistentry> @@ -163,11 +163,12 @@ This is based on crypttab(5). <term><option>check-at-most-once</option></term> <listitem><para>Instruct kernel to verify blocks only the first time they are read from the data device, rather - than every time. + than every time.</para> - WARNING: It provides a reduced level of security because only offline tampering of the data device's content - will be detected, not online tampering. This option is available since Linux kernel version 4.17. - </para> + <warning> + <para>It provides a reduced level of security because only offline tampering of the data device's content + will be detected, not online tampering. This option is available since Linux kernel version 4.17.</para> + </warning> <xi:include href="version-info.xml" xpointer="v248"/></listitem> </varlistentry> @@ -184,9 +185,9 @@ This is based on crypttab(5). <varlistentry> <term><option>fec-device=<replaceable>PATH</replaceable></option></term> - <listitem><para>Use forward error correction (FEC) to recover from corruption if hash verification fails. Use - encoding data from the specified device. The fec device argument can be block device or file image. For format, - if fec device path doesn't exist, it will be created as file. Note: block sizes for data and hash devices must + <listitem><para>Use forward error correction (<acronym>FEC</acronym>) to recover from corruption if hash verification fails. Use + encoding data from the specified device. The fec device argument can be block device or file image. + If fec device path doesn't exist, it will be created as file. Note: block sizes for data and hash devices must match. Also, if the verity data_device is encrypted the fec_device should be too.</para> <xi:include href="version-info.xml" xpointer="v254"/></listitem> @@ -195,7 +196,7 @@ This is based on crypttab(5). <varlistentry> <term><option>fec-offset=<replaceable>BYTES</replaceable></option></term> - <listitem><para>This is the offset, in bytes, from the start of the FEC device to the beginning of the encoding + <listitem><para>This is the offset, in bytes, from the start of the <acronym>FEC</acronym> device to the beginning of the encoding data. (Aligned on 512 bytes.)</para> <xi:include href="version-info.xml" xpointer="v254"/></listitem> @@ -313,13 +314,13 @@ data /etc/data /etc/hash a5ee4b42f70ae1f46a08a7c92c2e0a20672ad2f514792730f5d49d7 <refsect1> <title>See Also</title> - <para> - <citerefentry><refentrytitle>systemd</refentrytitle><manvolnum>1</manvolnum></citerefentry>, - <citerefentry><refentrytitle>systemd-veritysetup@.service</refentrytitle><manvolnum>8</manvolnum></citerefentry>, - <citerefentry><refentrytitle>systemd-veritysetup-generator</refentrytitle><manvolnum>8</manvolnum></citerefentry>, - <citerefentry project='man-pages'><refentrytitle>fstab</refentrytitle><manvolnum>5</manvolnum></citerefentry>, - <citerefentry project='die-net'><refentrytitle>veritysetup</refentrytitle><manvolnum>8</manvolnum></citerefentry>, - </para> + <para><simplelist type="inline"> + <member><citerefentry><refentrytitle>systemd</refentrytitle><manvolnum>1</manvolnum></citerefentry></member> + <member><citerefentry><refentrytitle>systemd-veritysetup@.service</refentrytitle><manvolnum>8</manvolnum></citerefentry></member> + <member><citerefentry><refentrytitle>systemd-veritysetup-generator</refentrytitle><manvolnum>8</manvolnum></citerefentry></member> + <member><citerefentry project='man-pages'><refentrytitle>fstab</refentrytitle><manvolnum>5</manvolnum></citerefentry></member> + <member><citerefentry project='die-net'><refentrytitle>veritysetup</refentrytitle><manvolnum>8</manvolnum></citerefentry></member> + </simplelist></para> </refsect1> </refentry> |