From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mail-qa0-x232.google.com (mail-qa0-x232.google.com [IPv6:2607:f8b0:400d:c00::232]) (using TLSv1 with cipher ECDHE-RSA-RC4-SHA (128/128 bits)) (No client certificate requested) by mail.saout.de (Postfix) with ESMTPS for ; Mon, 7 Apr 2014 01:13:17 +0200 (CEST) Received: by mail-qa0-f50.google.com with SMTP id o15so5202881qap.37 for ; Sun, 06 Apr 2014 16:13:15 -0700 (PDT) MIME-Version: 1.0 In-Reply-To: <53410802.3050309@gmail.com> References: <53404DD9.2020101@gmail.com> <53410802.3050309@gmail.com> Date: Sun, 6 Apr 2014 19:13:15 -0400 Message-ID: From: Shivaramakrishnan Vaidyanathan Content-Type: multipart/alternative; boundary=001a113a78e64349f704f667e565 Subject: Re: [dm-crypt] verity setup on active device. List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , To: Milan Broz Cc: dm-crypt@saout.de --001a113a78e64349f704f667e565 Content-Type: text/plain; charset=ISO-8859-1 I don't see the downloadable version for dm-integrity .Is there a link to it.I see just dm-verity https://code.google.com/p/cryptsetup/w/list?can=2&q=dm-integrity&colspec=PageName+Summary+Changed+ChangedBy Can you please let me know the link? On Sun, Apr 6, 2014 at 3:53 AM, Milan Broz wrote: > On 04/06/2014 12:26 AM, Shivaramakrishnan Vaidyanathan wrote: > > Also, > > http://lwn.net/Articles/533558/ tells that > > "The key advantage over dm-verity is that the target supports > read-write and requires less hash calculation operations.Device-mapper > "integrity" target provides transparent cryptographic integrity protection > of underlying read-write block device using hash-based message > authentication codes (HMACs), which can be stored on the same or different > block device." > > > > I dont understand or get the main purpose of this tool. Could you please > explain in a bit more elaborate way.Thanks > > DM-integrity is completely different tool, I just know it was > proposed on dm-devel but never merged to mainline. > > The main difference from dm-verity is obviously it provides read-write > functionality. > > Please read dmdevel archive and use Google, there is nice presentation > by author of dm-integrity on LinuxCon Europe (2013) > "Integrity protection solutions in Linux" which shortly mentions both > verity and integrity targets. > > (And it is big question if this integrity checking should be on block or > filesystem level.) > > Milan > --001a113a78e64349f704f667e565 Content-Type: text/html; charset=ISO-8859-1 Content-Transfer-Encoding: quoted-printable
I don't see the downloadable version for dm-integrity = .Is there a link to it.I see just dm-verity=A0

Can you please let me know the link?
<= div class=3D"gmail_extra">

On Sun, Apr 6,= 2014 at 3:53 AM, Milan Broz <gmazyland@gmail.com> wrote:<= br>
On 04/06/2014 12:26 AM, Shiv= aramakrishnan Vaidyanathan wrote:
> Also,
> http://l= wn.net/Articles/533558/ tells that
> =A0"The key advantage over dm-verity is that the target supports = read-write and requires less hash calculation operations.Device-mapper &quo= t;integrity" target provides transparent cryptographic integrity prote= ction of underlying read-write block device using hash-based message authen= tication codes (HMACs), which can be stored on the same or different block = device."
>
> I dont understand or get the main purpose of this tool. Could you plea= se explain in a bit more elaborate way.Thanks

DM-integrity is completely different tool, I just know it was
proposed on dm-devel but never merged to mainline.

The main difference from dm-verity is obviously it provides read-write
functionality.

Please read dmdevel archive and use Google, there is nice presentation
by author of dm-integrity on LinuxCon Europe (2013)
"Integrity protection solutions in Linux" which shortly mentions = both
verity and integrity targets.

(And it is big question if this integrity checking should be on block or fi= lesystem level.)

Milan

--001a113a78e64349f704f667e565--