• Mikulas Patocka's avatar
    dm: add integrity target · 7eada909
    Mikulas Patocka authored
    The dm-integrity target emulates a block device that has additional
    per-sector tags that can be used for storing integrity information.
    
    A general problem with storing integrity tags with every sector is that
    writing the sector and the integrity tag must be atomic - i.e. in case of
    crash, either both sector and integrity tag or none of them is written.
    
    To guarantee write atomicity the dm-integrity target uses a journal. It
    writes sector data and integrity tags into a journal, commits the journal
    and then copies the data and integrity tags to their respective location.
    
    The dm-integrity target can be used with the dm-crypt target - in this
    situation the dm-crypt target creates the integrity data and passes them
    to the dm-integrity target via bio_integrity_payload attached to the bio.
    In this mode, the dm-crypt and dm-integrity targets provide authenticated
    disk encryption - if the attacker modifies the encrypted device, an I/O
    error is returned instead of random data.
    
    The dm-integrity target can also be used as a standalone target, in this
    mode it calculates and verifies the integrity tag internally. In this
    mode, the dm-integrity target can be used to detect silent data
    corruption on the disk or in the I/O path.
    Signed-off-by: default avatarMikulas Patocka <mpatocka@redhat.com>
    Signed-off-by: default avatarMilan Broz <gmazyland@gmail.com>
    Signed-off-by: default avatarMike Snitzer <snitzer@redhat.com>
    7eada909
dm-integrity.txt 8.02 KB