'\" t .\" Title: integritysetup .\" Author: [see the "AUTHOR(S)" section] .\" Generator: Asciidoctor 2.0.20 .\" Date: 2024-04-14 .\" Manual: Maintenance Commands .\" Source: integritysetup 2.7.2 .\" Language: English .\" .TH "INTEGRITYSETUP" "8" "2024-04-14" "integritysetup 2.7.2" "Maintenance Commands" .ie \n(.g .ds Aq \(aq .el .ds Aq ' .ss \n[.ss] 0 .nh .ad l .de URL \fI\\$2\fP <\\$1>\\$3 .. .als MTO URL .if \n[.g] \{\ . mso www.tmac . am URL . ad l . . . am MTO . ad l . . . LINKSTYLE blue R < > .\} .SH "NAME" integritysetup \- manage dm\-integrity (block level integrity) volumes .SH "SYNOPSIS" .sp \fBintegritysetup [] \fP .SH "DESCRIPTION" .sp Integritysetup is used to configure dm\-integrity managed device\-mapper mappings. .sp Device\-mapper integrity target provides read\-write transparent integrity checking of block devices. The dm\-integrity target emulates an additional data integrity field per\-sector. You can use this additional field directly with integritysetup utility, or indirectly (for authenticated encryption) through cryptsetup. .SH "BASIC ACTIONS" .sp Integritysetup supports these operations: .SS "FORMAT" .sp \fBformat \fP .sp Formats (calculates space and dm\-integrity superblock and wipes the device). .sp \fB\fP can be [\-\-data\-device, \-\-batch\-mode, \-\-no\-wipe, \-\-journal\-size, \-\-interleave\-sectors, \-\-tag\-size, \-\-integrity, \-\-integrity\-key\-size, \-\-integrity\-key\-file, \-\-sector\-size, \-\-progress\-frequency, \-\-progress\-json]. .SS "OPEN" .sp \fBopen \fP .br create (\fBOBSOLETE syntax\fP) .sp Open a mapping with backed by device . .sp If the integrity algorithm of the device is non\-default, then the algorithm should be specified with the \fB\-\-integrity\fP option. This will not be detected from the device. .sp \fB\fP can be [\-\-data\-device, \-\-batch\-mode, \-\-journal\-watermark, \-\-journal\-commit\-time, \-\-buffer\-sectors, \-\-integrity, \-\-integrity\-key\-size, \-\-integrity\-key\-file, \-\-integrity\-no\-journal, \-\-integrity\-recalculate, \-\-integrity\-recalculate\-reset,\-\-integrity\-recovery\-mode, \-\-allow\-discards]. .SS "CLOSE" .sp \fBclose \fP .br remove (\fBOBSOLETE syntax\fP) .sp Removes existing mapping . .sp \fB\fP can be [\-\-deferred] or [\-\-cancel\-deferred] .SS "STATUS" .sp \fBstatus \fP .sp Reports status for the active integrity mapping . .SS "DUMP" .sp \fBdump \fP .sp Reports parameters from on\-disk stored superblock. .SS "RESIZE" .sp \fBresize \fP .sp Resizes an active mapping . .sp If \-\-size (in 512\-bytes sectors) or \-\-device\-size are not specified, the size is computed from the underlying device. After resize, the \fBrecalculating\fP flag is set. If \-\-wipe flag is set and the size of the device is increased, the newly added section will be wiped. .sp Increasing the size of integrity volumes is available since the Linux kernel version 5.7, shrinking should work on older kernels too. .sp \fB\fP can be [\-\-size, \-\-device\-size, \-\-wipe]. .SH "OPTIONS" .sp \fB\-\-allow\-discards\fP .RS 4 Allow the use of discard (TRIM) requests for the device. This option is available since the Linux kernel version 5.7. .RE .sp \fB\-\-batch\-mode, \-q\fP .RS 4 Do not ask for confirmation. .RE .sp \fB\-\-bitmap\-flush\-time MS\fP .RS 4 Bitmap flush time in milliseconds. .sp \fBWARNING:\fP In case of a crash, it is possible that the data and integrity tag doesn\(cqt match if the journal is disabled. .RE .sp \fB\-\-bitmap\-sectors\-per\-bit SECTORS\fP .RS 4 Number of 512\-byte sectors per bitmap bit, the value must be power of two. .RE .sp \fB\-\-buffer\-sectors SECTORS\fP .RS 4 The number of sectors in one buffer. .sp The tag area is accessed using buffers, the large buffer size means that the I/O size will be larger, but there could be less I/Os issued. .RE .sp \fB\-\-cancel\-deferred\fP .RS 4 Removes a previously configured deferred device removal in \fBclose\fP command. .RE .sp \fB\-\-data\-device \fP .RS 4 Specify a separate data device that contains existing data. The then will contain calculated integrity tags and journal for data on . .sp \fBNOTE:\fP To not wipe the data device after initial format, also specify \-\-no\-wipe option and activate with \-\-integrity\-recalculate to automatically recalculate integrity tags. .RE .sp \fB\-\-debug\fP .RS 4 Run in debug mode with full diagnostic logs. Debug output lines are always prefixed by \fB#\fP. .RE .sp \fB\-\-deferred\fP .RS 4 Defers device removal in \fBclose\fP command until the last user closes it. .RE .sp \fB\-\-help, \-?\fP .RS 4 Show help text and default parameters. .RE .sp \fB\-\-integrity, \-I ALGORITHM\fP .RS 4 Use internal integrity calculation (standalone mode). The integrity algorithm can be CRC (crc32c/crc32), non\-cryptographic hash function (xxhash64) or hash function (sha1, sha256). .sp For HMAC (hmac\-sha256) you have also to specify an integrity key and its size. .RE .sp \fB\-\-integrity\-bitmap\-mode. \-B\fP .RS 4 Use alternate bitmap mode (available since Linux kernel 5.2) where dm\-integrity uses bitmap instead of a journal. If a bit in the bitmap is 1, the corresponding region\(cqs data and integrity tags are not synchronized \- if the machine crashes, the unsynchronized regions will be recalculated. The bitmap mode is faster than the journal mode, because we don\(cqt have to write the data twice, but it is also less reliable, because if data corruption happens when the machine crashes, it may not be detected. .RE .sp \fB\-\-integrity\-key\-file FILE\fP .RS 4 The file with the integrity key. .RE .sp \fB\-\-integrity\-key\-size BYTES\fP .RS 4 The size of the data integrity key. Maximum is 4096 bytes. .RE .sp \fB\-\-integrity\-no\-journal, \-D\fP .RS 4 Disable journal for integrity device. .RE .sp \fB\-\-integrity\-recalculate\fP .RS 4 Automatically recalculate integrity tags in kernel on activation. The device can be used during automatic integrity recalculation but becomes fully integrity protected only after the background operation is finished. This option is available since the Linux kernel version 4.19. .RE .sp \fB\-\-integrity\-recalculate\-reset\fP .RS 4 Restart recalculation from the beginning of the device. It can be used to change the integrity checksum function. Note it does not change the tag length. This option is available since the Linux kernel version 5.13. .RE .sp \fB\-\-integrity\-recovery\-mode. \-R\fP .RS 4 Recovery mode (no journal, no tag checking). .RE .sp \fB\-\-interleave\-sectors SECTORS\fP .RS 4 The number of interleaved sectors. .RE .sp \fB\-\-journal\-commit\-time MS\fP .RS 4 Commit time in milliseconds. When this time passes (and no explicit flush operation was issued), the journal is written. .RE .sp \fB\-\-journal\-crypt ALGORITHM\fP .RS 4 Encryption algorithm for journal data area. You can use a block cipher here such as cbc\-aes or a stream cipher, for example, chacha20 or ctr\-aes. .sp \fBNOTE:\fP The journal encryption options are only intended for testing. Using journal encryption does not make sense without encryption of the data. .RE .sp \fB\-\-journal\-crypt\-key\-file FILE\fP .RS 4 The file with the journal encryption key. .RE .sp \fB\-\-journal\-crypt\-key\-size BYTES\fP .RS 4 The size of the journal encryption key. Maximum is 4096 bytes. .RE .sp \fB\-\-journal\-integrity ALGORITHM\fP .RS 4 Integrity algorithm for journal area. See \-\-integrity option for detailed specification. .RE .sp \fB\-\-journal\-integrity\-key\-file FILE\fP .RS 4 The file with the integrity key. .RE .sp \fB\-\-journal\-integrity\-key\-size BYTES\fP .RS 4 The size of the journal integrity key. Maximum is 4096 bytes. .RE .sp \fB\-\-journal\-size, \-j BYTES\fP .RS 4 Size of the journal. .RE .sp \fB\-\-journal\-watermark PERCENT\fP .RS 4 Journal watermark in percents. When the size of the journal exceeds this watermark, the journal flush will be started. .RE .sp \fB\-\-no\-wipe\fP .RS 4 Do not wipe the device after format. A device that is not initially wiped will contain invalid checksums. .RE .sp \fB\-\-progress\-frequency \fP .RS 4 Print separate line every with wipe progress. .RE .sp \fB\-\-progress\-json\fP .RS 4 Prints wipe progress data in json format suitable mostly for machine processing. It prints separate line every half second (or based on \-\-progress\-frequency value). The JSON output looks as follows during wipe progress (except it\(cqs compact single line): .sp .if n .RS 4 .nf .fam C { "device":"/dev/sda", // backing device or file "device_bytes":"8192", // bytes wiped so far "device_size":"44040192", // total bytes to wipe "speed":"126877696", // calculated speed in bytes per second (based on progress so far) "eta_ms":"2520012", // estimated time to finish wipe in milliseconds "time_ms":"5561235" // total time spent wiping device in milliseconds } .fam .fi .if n .RE .sp Note on numbers in JSON output: Due to JSON parsers limitations all numbers are represented in a string format due to need of full 64bit unsigned integers. .RE .sp \fB\-\-sector\-size, \-s BYTES\fP .RS 4 Sector size (power of two: 512, 1024, 2048, 4096). .RE .sp \fB\-\-tag\-size, \-t BYTES\fP .RS 4 Size of the integrity tag per\-sector (here the integrity function will store authentication tag). .sp \fBNOTE:\fP The size can be smaller that output size of the hash function, in that case only part of the hash will be stored. .RE .sp \fB\-\-usage\fP .RS 4 Show short option help. .RE .sp \fB\-\-verbose, \-v\fP .RS 4 Print more information on command execution. .RE .sp \fB\-\-version, \-V\fP .RS 4 Show the program version. .RE .sp \fB\-\-wipe\fP .RS 4 Wipe the newly allocated area after resize to bigger size. If this flag is not set, checksums will be calculated for the data previously stored in the newly allocated area. .RE .SH "LEGACY COMPATIBILITY OPTIONS" .sp \fBWARNING:\fP .RS 4 Do not use these options until you need compatibility with specific old kernel. .RE .sp \fB\-\-integrity\-legacy\-padding\fP .RS 4 Use inefficient legacy padding. .RE .sp \fB\-\-integrity\-legacy\-hmac\fP .RS 4 Use old flawed HMAC calculation (also does not protect superblock). .RE .sp \fB\-\-integrity\-legacy\-recalculate\fP .RS 4 Allow insecure recalculating of volumes with HMAC keys (recalculation offset in superblock is not protected). .RE .SH "RETURN CODES" .sp Integritysetup returns \fB0\fP on success and a non\-zero value on error. .sp Error codes are: \fB1\fP wrong parameters, \fB2\fP no permission, \fB3\fP out of memory, \fB4\fP wrong device specified, \fB5\fP device already exists or device is busy. .SH "NOTES" .sp The dm\-integrity target is available since Linux kernel version 4.12. .sp Format and activation of an integrity device always require superuser privilege because the superblock is calculated and handled in dm\-integrity kernel target. .SH "EXAMPLES" .sp Format the device with default standalone mode (CRC32C): .sp \fBintegritysetup format \fP .sp Open the device with default parameters: .sp \fBintegritysetup open test\fP .sp Format the device in standalone mode for use with HMAC(SHA256): .sp \fBintegritysetup format \-\-tag\-size 32 \-\-integrity hmac\-sha256 \-\-integrity\-key\-file \-\-integrity\-key\-size \fP .sp Open (activate) the device with HMAC(SHA256) and HMAC key in file: .sp \fBintegritysetup open test \-\-integrity hmac\-sha256 \-\-integrity\-key\-file \-\-integrity\-key\-size \fP .sp Dump dm\-integrity superblock information: .sp \fBintegritysetup dump \fP .SH "DM\-INTEGRITY ON\-DISK FORMAT" .sp The on\-disk format specification available at .URL "https://gitlab.com/cryptsetup/cryptsetup/wikis/DMIntegrity" "\fBDMIntegrity\fP" "" page. .SH "AUTHORS" .sp The integritysetup tool is written by \c .MTO "gmazyland\(atgmail.com" "Milan Broz" "." .SH "REPORTING BUGS" .sp Report bugs at \c .MTO "cryptsetup\(atlists.linux.dev" "\fBcryptsetup mailing list\fP" or in \c .URL "https://gitlab.com/cryptsetup/cryptsetup/\-/issues/new" "\fBIssues project section\fP" "." .sp Please attach output of the failed command with \-\-debug option added. .SH "SEE ALSO" .sp .URL "https://gitlab.com/cryptsetup/cryptsetup/wikis/FrequentlyAskedQuestions" "\fBCryptsetup FAQ\fP" "" .sp \fBcryptsetup\fP(8), \fBintegritysetup\fP(8) and \fBveritysetup\fP(8) .SH "CRYPTSETUP" .sp Part of \c .URL "https://gitlab.com/cryptsetup/cryptsetup/" "\fBcryptsetup project\fP" "."