Re: dm-verity setup on loop device

From: Milan Broz <gmazyland@gmail.com>
To: cryptsetup@lists.linux.dev
Subject: Re: dm-verity setup on loop device
Date: Thu, 7 Apr 2022 14:15:00 +0200	[thread overview]
Message-ID: <6db5c4f2-4d86-05d5-bb04-557aed30a8c1@gmail.com> (raw)
In-Reply-To: <CAH4tiUtK_faaxTW72Z2Y56j2FG6-VCju9LJPm8JDEUuNjenBYg@mail.gmail.com>

On 07/04/2022 13:42, Jasper Surmont wrote:
> Hey,
> 
> Thanks, I didn't realise you also had to use the -r flag with dmsetup.
> 
> I've got a few more questions concerning dm-verity:
> 
> - dm-verity itself (not veritysetup or any userspace programs) expects
> a full merkle tree to be built and the corresponding root hash to be
> passed as an argument. I saw in the source code that the constructor
> will verify the root hash using the sig if enabled, but does it also
> check whether the root hash is correct concerning the hash tree? i.e.
> Does it traverse the tree to check if the given root hash is correct?
> I don't think so, but since there is quite a lot of code I might be
> missing something.

Best read Google design doc for Android, I think that is where you aiming
at anyway :)

DM mapping table need to receive a correct root hash, I think incorrect
format is the only situation when the device is marked invalid immediatelly
(see dmsetup status).

The verification is then run according to reads of the device - once a read
comes, the path in Merkle tree (up to the root) is verified.

And in normal situation reads come immediately after activation - because
udev initiates scan of the device for known signatures (blkid).

There are several optional performance optimizations, though, like ignoring
empty sectors (ignore_zero_blocks) or to cache verification (check_at_most_once)
see https://gitlab.com/cryptsetup/cryptsetup/-/wikis/DMVerity
(I do not like it, as it allows some attacks with switching underlying device
content, but Google apparently need it for Android.)

So it depends on configuration, but for default, everything should be
checked on every read up to the Merkle root hash.

> - The documentation states: After instantiation, all hashes will be
> verified on-demand during disk access. This means that the hashes will
> be verified on every read to any block on the data device right?

Yes, see above. There is page cache above the block device, so not
everything propagates to dm-verity repeatedly.

BTW there is one special case, when device is so small, that only root
hash is present (then the hash device contains only header).

> - If the previous answer is yes; where is the actual verification of
> the hashes done? I see a lot of functions with '_prefetch' and I know
> what prefetch is, but it's all a bit confusing to me.

In normal situation it is directly in kernel dm-verity kernel module.
And it *is* complex... You have read the code here.

You can also run test verification in userspace with veritysetup command
(good for testing injected data corruption).
Android has own tooling, but veritysetup should be compatible with images
created by Adnroid tools (including additional metadata areas we do not use).

Milan