diff options
Diffstat (limited to '')
-rw-r--r-- | man/integritysetup.8.adoc | 334 |
1 files changed, 334 insertions, 0 deletions
diff --git a/man/integritysetup.8.adoc b/man/integritysetup.8.adoc new file mode 100644 index 0000000..2aec1a6 --- /dev/null +++ b/man/integritysetup.8.adoc @@ -0,0 +1,334 @@ += integritysetup(8) +:doctype: manpage +:manmanual: Maintenance Commands +:mansource: integritysetup {release-version} +:man-linkstyle: pass:[blue R < >] + +== NAME + +integritysetup - manage dm-integrity (block level integrity) volumes + +== SYNOPSIS + +*integritysetup <action> [<options>] <action args>* + +== DESCRIPTION + +Integritysetup is used to configure dm-integrity managed device-mapper +mappings. + +Device-mapper integrity target provides read-write transparent integrity +checking of block devices. The dm-integrity target emulates an additional +data integrity field per-sector. You can use this additional field +directly with integritysetup utility, or indirectly (for authenticated +encryption) through cryptsetup. + +== BASIC ACTIONS + +Integritysetup supports these operations: + +=== FORMAT +*format <device>* + +Formats <device> (calculates space and dm-integrity superblock and wipes +the device). + +*<options>* can be [--data-device, --batch-mode, --no-wipe, +--journal-size, --interleave-sectors, --tag-size, --integrity, +--integrity-key-size, --integrity-key-file, --sector-size, +--progress-frequency, --progress-json]. + +=== OPEN +*open <device> <name>* + +create <name> <device> (*OBSOLETE syntax*) + +Open a mapping with <name> backed by device <device>. + +*<options>* can be [--data-device, --batch-mode, --journal-watermark, +--journal-commit-time, --buffer-sectors, --integrity, +--integrity-key-size, --integrity-key-file, --integrity-no-journal, +--integrity-recalculate, +--integrity-recalculate-reset,--integrity-recovery-mode, +--allow-discards]. + +=== CLOSE +*close <name>* + +remove <name> (*OBSOLETE syntax*) + +Removes existing mapping <name>. + +*<options>* can be [--deferred] or [--cancel-deferred] + +=== STATUS +*status <name>* + +Reports status for the active integrity mapping <name>. + +=== DUMP +*dump <device>* + +Reports parameters from on-disk stored superblock. + +=== RESIZE +*resize <name>* + +Resizes an active mapping <name>. + +If --size (in 512-bytes sectors) or --device-size are not specified, the +size is computed from the underlying device. After resize, the +*recalculating* flag is set. If --wipe flag is set and the size of the +device is increased, the newly added section will be wiped. + +Increasing the size of integrity volumes is available since the Linux +kernel version 5.7, shrinking should work on older kernels too. + +*<options>* can be [--size, --device-size, --wipe]. + +== OPTIONS +*--progress-frequency <seconds>*:: +Print separate line every <seconds> with wipe progress. + +*--progress-json*:: +Prints wipe progress data in json format suitable mostly for machine +processing. It prints separate line every half second (or based on +--progress-frequency value). The JSON output looks as follows during +wipe progress (except it's compact single line): ++ +.... +{ + "device":"/dev/sda" // backing device or file + "device_bytes":"8192", // bytes wiped so far + "device_size":"44040192", // total bytes to wipe + "speed":"126877696", // calculated speed in bytes per second (based on progress so far) + "eta_ms":"2520012" // estimated time to finish wipe in milliseconds + "time_ms":"5561235" // total time spent wiping device in milliseconds +} +.... ++ +Note on numbers in JSON output: Due to JSON parsers limitations all +numbers are represented in a string format due to need of full 64bit +unsigned integers. + +*--no-wipe*:: +Do not wipe the device after format. A device that is not initially +wiped will contain invalid checksums. + +*--wipe*:: +Wipe the newly allocated area after resize to bigger size. If this +flag is not set, checksums will be calculated for the data previously +stored in the newly allocated area. + +*--journal-size, -j BYTES*:: +Size of the journal. + +*--interleave-sectors SECTORS*:: +The number of interleaved sectors. + +*--integrity-recalculate*:: +Automatically recalculate integrity tags in kernel on activation. The +device can be used during automatic integrity recalculation but +becomes fully integrity protected only after the background operation +is finished. This option is available since the Linux kernel version +4.19. + +*--integrity-recalculate-reset*:: +Restart recalculation from the beginning of the device. It can be used +to change the integrity checksum function. Note it does not change the +tag length. This option is available since the Linux kernel version +5.13. + +*--journal-watermark PERCENT*:: +Journal watermark in percents. When the size of the journal exceeds +this watermark, the journal flush will be started. + +*--journal-commit-time MS*:: +Commit time in milliseconds. When this time passes (and no explicit +flush operation was issued), the journal is written. + +*--tag-size, -t BYTES*:: +Size of the integrity tag per-sector (here the integrity function will +store authentication tag). ++ +*NOTE:* The size can be smaller that output size of the hash function, +in that case only part of the hash will be stored. + +*--data-device <data_device>*:: +Specify a separate data device that contains existing data. The +<device> then will contain calculated integrity tags and journal for +data on <data_device>. ++ +*NOTE:* To not wipe the data device after initial format, also specify +--no-wipe option and activate with --integrity-recalculate to +automatically recalculate integrity tags. + +*--sector-size, -s BYTES*:: +Sector size (power of two: 512, 1024, 2048, 4096). + +*--buffer-sectors SECTORS*:: +The number of sectors in one buffer. ++ +The tag area is accessed using buffers, the large buffer size means that +the I/O size will be larger, but there could be less I/Os issued. + +*--integrity, -I ALGORITHM*:: +Use internal integrity calculation (standalone mode). The integrity +algorithm can be CRC (crc32c/crc32), non-cryptographic hash function +(xxhash64) or hash function (sha1, sha256). ++ +For HMAC (hmac-sha256) you have also to specify an integrity key and its +size. + +*--integrity-key-size BYTES*:: +The size of the data integrity key. Maximum is 4096 bytes. + +*--integrity-key-file FILE*:: +The file with the integrity key. + +*--integrity-no-journal, -D*:: +Disable journal for integrity device. + +*--integrity-bitmap-mode. -B*:: +Use alternate bitmap mode (available since Linux kernel 5.2) where +dm-integrity uses bitmap instead of a journal. If a bit in the bitmap +is 1, the corresponding region's data and integrity tags are not +synchronized - if the machine crashes, the unsynchronized regions will +be recalculated. The bitmap mode is faster than the journal mode, +because we don't have to write the data twice, but it is also less +reliable, because if data corruption happens when the machine crashes, +it may not be detected. + +*--bitmap-sectors-per-bit SECTORS*:: +Number of 512-byte sectors per bitmap bit, the value must be power of +two. + +*--bitmap-flush-time MS*:: +Bitmap flush time in milliseconds. ++ +*WARNING:*:: +In case of a crash, it is possible that the data and integrity tag +doesn't match if the journal is disabled. + +*--integrity-recovery-mode. -R*:: +Recovery mode (no journal, no tag checking). + +*NOTE:* The following options are intended for testing purposes only.: +Using journal encryption does not make sense without encryption the +data, these options are internally used in authenticated disk +encryption with *cryptsetup(8)*. + +*--journal-integrity ALGORITHM*:: +Integrity algorithm for journal area. See --integrity option for +detailed specification. + +*--journal-integrity-key-size BYTES*:: +The size of the journal integrity key. Maximum is 4096 bytes. + +*--journal-integrity-key-file FILE*:: +The file with the integrity key. + +*--journal-crypt ALGORITHM*:: +Encryption algorithm for journal data area. You can use a block cipher +here such as cbc-aes or a stream cipher, for example, chacha20 or +ctr-aes. + +*--journal-crypt-key-size BYTES*:: +The size of the journal encryption key. Maximum is 4096 bytes. + +*--journal-crypt-key-file FILE*:: +The file with the journal encryption key. + +*--allow-discards*:: +Allow the use of discard (TRIM) requests for the device. This option +is available since the Linux kernel version 5.7. + +*--deferred*:: +Defers device removal in *close* command until the last user closes +it. + +*--cancel-deferred*:: +Removes a previously configured deferred device removal in *close* +command. + +*--verbose, -v*:: +Print more information on command execution. + +*--debug*:: +Run in debug mode with full diagnostic logs. Debug output lines are +always prefixed by *#*. + +*--version, -V*:: +Show the program version. + +*--batch-mode, -q*:: +Do not ask for confirmation. + +*--usage*:: +Show short option help. + +*--help, -?*:: +Show help text and default parameters. + +== LEGACY COMPATIBILITY OPTIONS + +*WARNING:*:: +Do not use these options until you need compatibility with specific +old kernel. + +*--integrity-legacy-padding*:: +Use inefficient legacy padding. + +*--integrity-legacy-hmac*:: +Use old flawed HMAC calculation (also does not protect superblock). + +*--integrity-legacy-recalculate*:: +Allow insecure recalculating of volumes with HMAC keys (recalculation +offset in superblock is not protected). + +== RETURN CODES + +Integritysetup returns *0* on success and a non-zero value on error. + +Error codes are: *1* wrong parameters, *2* no permission, *3* out of memory, +*4* wrong device specified, *5* device already exists or device is busy. + +== NOTES +The dm-integrity target is available since Linux kernel version 4.12. + +Format and activation of an integrity device always require superuser +privilege because the superblock is calculated and handled in +dm-integrity kernel target. + +== EXAMPLES + +Format the device with default standalone mode (CRC32C): + +*integritysetup format <device>* + +Open the device with default parameters: + +*integritysetup open <device> test* + +Format the device in standalone mode for use with HMAC(SHA256): + +*integritysetup format <device> --tag-size 32 --integrity hmac-sha256 +--integrity-key-file <keyfile> --integrity-key-size <key_bytes>* + +Open (activate) the device with HMAC(SHA256) and HMAC key in file: + +*integritysetup open <device> test --integrity hmac-sha256 +--integrity-key-file <keyfile> --integrity-key-size <key_bytes>* + +Dump dm-integrity superblock information: + +*integritysetup dump <device>* + +== DM-INTEGRITY ON-DISK FORMAT + +The on-disk format specification available at +https://gitlab.com/cryptsetup/cryptsetup/wikis/DMIntegrity[*DMIntegrity*] page. + +== AUTHORS + +The integritysetup tool is written by mailto:gmazyland@gmail.com[Milan Broz]. + +include::man/common_footer.adoc[] |