From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mail-we0-x232.google.com (mail-we0-x232.google.com [IPv6:2a00:1450:400c:c03::232]) (using TLSv1 with cipher ECDHE-RSA-RC4-SHA (128/128 bits)) (No client certificate requested) by mail.saout.de (Postfix) with ESMTPS for ; Sun, 6 Apr 2014 09:53:41 +0200 (CEST) Received: by mail-we0-f178.google.com with SMTP id u56so5216428wes.23 for ; Sun, 06 Apr 2014 00:53:40 -0700 (PDT) Message-ID: <53410802.3050309@gmail.com> Date: Sun, 06 Apr 2014 09:53:38 +0200 From: Milan Broz MIME-Version: 1.0 References: <53404DD9.2020101@gmail.com> In-Reply-To: Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 7bit Subject: Re: [dm-crypt] verity setup on active device. List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , To: Shivaramakrishnan Vaidyanathan Cc: dm-crypt@saout.de On 04/06/2014 12:26 AM, Shivaramakrishnan Vaidyanathan wrote: > Also, > http://lwn.net/Articles/533558/ tells that > "The key advantage over dm-verity is that the target supports read-write and requires less hash calculation operations.Device-mapper "integrity" target provides transparent cryptographic integrity protection of underlying read-write block device using hash-based message authentication codes (HMACs), which can be stored on the same or different block device." > > I dont understand or get the main purpose of this tool. Could you please explain in a bit more elaborate way.Thanks DM-integrity is completely different tool, I just know it was proposed on dm-devel but never merged to mainline. The main difference from dm-verity is obviously it provides read-write functionality. Please read dmdevel archive and use Google, there is nice presentation by author of dm-integrity on LinuxCon Europe (2013) "Integrity protection solutions in Linux" which shortly mentions both verity and integrity targets. (And it is big question if this integrity checking should be on block or filesystem level.) Milan