From mboxrd@z Thu Jan  1 00:00:00 1970
From: Will Drewry <redpig@dataspill.org>
Subject: Re: DM-Verity
Date: Thu, 6 Jun 2013 09:41:38 -0500
Message-ID: <CABmXcB-eN+iB+HdMn7MegJdGuxnRE5j5g+RPi9YTcxbQmCBenQ@mail.gmail.com>
References: <62980.192.168.200.1.1370006888.squirrel@gesmail.globaledgesoft.com>
	<Pine.LNX.4.64.1306031027440.8171@file.rdu.redhat.com>
	<45934.192.168.200.1.1370447997.squirrel@gesmail.globaledgesoft.com>
Reply-To: device-mapper development <dm-devel@redhat.com>
Mime-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Return-path: <dm-devel-bounces@redhat.com>
In-Reply-To: <45934.192.168.200.1.1370447997.squirrel@gesmail.globaledgesoft.com>
List-Unsubscribe: <https://www.redhat.com/mailman/options/dm-devel>,
	<mailto:dm-devel-request@redhat.com?subject=unsubscribe>
List-Archive: <https://www.redhat.com/archives/dm-devel>
List-Post: <mailto:dm-devel@redhat.com>
List-Help: <mailto:dm-devel-request@redhat.com?subject=help>
List-Subscribe: <https://www.redhat.com/mailman/listinfo/dm-devel>,
	<mailto:dm-devel-request@redhat.com?subject=subscribe>
Sender: dm-devel-bounces@redhat.com
Errors-To: dm-devel-bounces@redhat.com
To: device-mapper development <dm-devel@redhat.com>
Cc: Marian Csontos <mcsontos@redhat.com>, Mikulas Patocka <mpatocka@redhat.com>, Milan Broz <gmazyland@gmail.com>
List-Id: dm-devel.ids

Hi Pavan,

I think there's a bit of a mismatch in the terminology that you're
using.  I'll try to help:

On Wed, Jun 5, 2013 at 10:59 AM,  <pavankumar.p@globaledgesoft.com> wrote:
> Hi All,
>    I understand that hash generated by "sha256" is encrypted,

sha256 is a type of cryptographic hash algorithm.  It is a one-way
transformation of some data.  In this case, the hash isn't encrypted,
it just has desirable properties when acting as a strong checksum over
some dataset.

The hash passed in during setup (for the table) is the root hash of a
hash tree (also called Merkle Trees).  It is a checksum over the depth
below it in the tree which in turn is a checksum over the depth below
it, until the leaf nodes on the tree are the blocks-on-disk
themselves.  The self-checked tree structure provides transitive
integrity assurances verifiable at any time if you have the full data
set and the root hash.  It is possible to allow partial verification
of any path through the tree if the nodes along the path from the leaf
to the root are precomputed and made available.  dm-verity takes
advantage of this property to provide high performance integrity
assurances.

> but is there any way to corrupt hash value stored in hash device?

The hash tree that lives on the hash device is completely untrusted.
The hash tree can easily be corrupted with 'dd' just like with the
data device. If the hash tree is corrupted, dm-verity will fail to
verify the data because it will be unable to create a verifiable path
through the hash tree from the block to the root hash that was passed
in at device setup.

> Can the hash device be protected by a signature?

Generally, you will want to protect the dm-verity table line with a
signature and not the hash device itself.  At any point you can
recompute the hash device with veritysetup.  However, the "root of
trust" for a dm-verity device is always the hash passed in during
device mapper setup.  It is ideal, then, to ensure that the hash value
and device settings are always what was expected when the dm-verity
device was created or last updated.


I hope that helps,
will