INTEGRITYSETUP(8) | Maintenance Commands | INTEGRITYSETUP(8) |
integritysetup - manage dm-integrity (block level integrity) volumes
integritysetup <options> <action> <action args>
Integritysetup is used to configure dm-integrity managed device-mapper mappings.
Device-mapper integrity target provides read-write transparent integrity checking of block devices. The dm-integrity target emulates additional data integrity field per-sector. You can use this additional field directly with integritysetup utility, or indirectly (for authenticated encryption) through cryptsetup.
Integritysetup supports these operations:
format <device>
<options> can be [--data-device, --batch-mode, --no-wipe, --journal-size, --interleave-sectors, --tag-size, --integrity, --integrity-key-size, --integrity-key-file, --sector-size, --progress-frequency]
open <device> <name>
create <name> <device> (OBSOLETE syntax)
<options> can be [--data-device, --batch-mode, --journal-watermark, --journal-commit-time, --buffer-sectors, --integrity, --integrity-key-size, --integrity-key-file, --integrity-no-journal, --integrity-recalculate, --integrity-recovery-mode]
close <name>
For backward compatibility, there is remove command alias for the close command.
status <name>
dump <device>
NOTE: The size can be smaller that output size of the hash function, in that case only part of the hash will be stored.
The tag area is accessed using buffers, the large buffer size means that the I/O size will be larger, but there could be less I/Os issued.
For HMAC (hmac-sha256) you have also to specify an integrity key and its size.
WARNING: In case of a crash, it is possible that the data and integrity tag doesn't match if the journal is disabled.
Integritysetup returns 0 on success and a non-zero value on error.
Error codes are:
1 wrong parameters
2 no permission
3 out of memory
4 wrong device specified
5 device already exists, or device is busy.
Format the device with default standalone mode (CRC32C):
integritysetup format <device>
Open the device with default parameters:
integritysetup open <device> test
Format the device in standalone mode for use with HMAC(SHA256):
integritysetup format <device> --tag-size 32 --integrity hmac-sha256 --integrity-key-file <keyfile> --integrity-key-size <key_bytes>
Open (activate) the device with HMAC(SHA256) and HMAC key in file:
integritysetup open <device> test --integrity hmac-sha256 --integrity-key-file <keyfile> --integrity-key-size <key_bytes>
Dump dm-integrity superblock information:
integritysetup dump <device>
Report bugs, including ones in the documentation, on the cryptsetup mailing list at <dm-crypt@saout.de> or in the 'Issues' section on LUKS website. Please attach the output of the failed command with the --debug option added.
The integritysetup tool is written by Milan Broz <gmazyland@gmail.com> and is part of the cryptsetup project.
Copyright © 2016-2019 Red Hat, Inc.
Copyright © 2016-2019 Milan Broz
This is free software; see the source for copying conditions. There is NO warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
The project website at https://gitlab.com/cryptsetup/cryptsetup
The integrity on-disk format specification available at https://gitlab.com/cryptsetup/cryptsetup/wikis/DMIntegrity
January 2019 | integritysetup |