* DM_INTEGRITY Kconfig help (was: Re: dm: add integrity target)
@ 2017-05-04 6:03 Geert Uytterhoeven
2017-05-04 7:31 ` Milan Broz
2017-05-04 7:50 ` [PATCH] dm-integrity: Add proper description of module to KConfig Milan Broz
0 siblings, 2 replies; 4+ messages in thread
From: Geert Uytterhoeven @ 2017-05-04 6:03 UTC (permalink / raw)
To: Mikulas Patocka, Milan Broz, Mike Snitzer
Cc: Linux Kernel Mailing List, linux-raid
On Wed, May 3, 2017 at 7:43 PM, Linux Kernel Mailing List
<linux-kernel@vger.kernel.org> wrote:
> Web: https://git.kernel.org/torvalds/c/7eada909bfd7ac90a4522e56aa3179d1fd68cd14
> Commit: 7eada909bfd7ac90a4522e56aa3179d1fd68cd14
> Parent: 400a0befc96240f7bb2a53b9622deffd55d385fe
> Refname: refs/heads/master
> Author: Mikulas Patocka <mpatocka@redhat.com>
> AuthorDate: Wed Jan 4 20:23:53 2017 +0100
> Committer: Mike Snitzer <snitzer@redhat.com>
> CommitDate: Fri Mar 24 15:49:07 2017 -0400
>
> dm: add integrity target
>
> The dm-integrity target emulates a block device that has additional
> per-sector tags that can be used for storing integrity information.
>
> A general problem with storing integrity tags with every sector is that
> writing the sector and the integrity tag must be atomic - i.e. in case of
> crash, either both sector and integrity tag or none of them is written.
>
> To guarantee write atomicity the dm-integrity target uses a journal. It
> writes sector data and integrity tags into a journal, commits the journal
> and then copies the data and integrity tags to their respective location.
>
> The dm-integrity target can be used with the dm-crypt target - in this
> situation the dm-crypt target creates the integrity data and passes them
> to the dm-integrity target via bio_integrity_payload attached to the bio.
> In this mode, the dm-crypt and dm-integrity targets provide authenticated
> disk encryption - if the attacker modifies the encrypted device, an I/O
> error is returned instead of random data.
>
> The dm-integrity target can also be used as a standalone target, in this
> mode it calculates and verifies the integrity tag internally. In this
> mode, the dm-integrity target can be used to detect silent data
> corruption on the disk or in the I/O path.
>
> Signed-off-by: Mikulas Patocka <mpatocka@redhat.com>
> Signed-off-by: Milan Broz <gmazyland@gmail.com>
> Signed-off-by: Mike Snitzer <snitzer@redhat.com>
> --- a/drivers/md/Kconfig
> +++ b/drivers/md/Kconfig
> @@ -500,4 +500,14 @@ config DM_LOG_WRITES
>
> If unsure, say N.
>
> +config DM_INTEGRITY
> + tristate "Integrity target"
> + depends on BLK_DEV_DM
> + select BLK_DEV_INTEGRITY
> + select DM_BUFIO
> + select CRYPTO
> + select ASYNC_XOR
> + ---help---
> + This is the integrity target.
Which is...?
Can you please extend the help message for the uneducated?
Thanks!
Gr{oetje,eeting}s,
Geert
--
Geert Uytterhoeven -- There's lots of Linux beyond ia32 -- geert@linux-m68k.org
In personal conversations with technical people, I call myself a hacker. But
when I'm talking to journalists I just say "programmer" or something like that.
-- Linus Torvalds
^ permalink raw reply [flat|nested] 4+ messages in thread
* Re: DM_INTEGRITY Kconfig help (was: Re: dm: add integrity target)
2017-05-04 6:03 DM_INTEGRITY Kconfig help (was: Re: dm: add integrity target) Geert Uytterhoeven
@ 2017-05-04 7:31 ` Milan Broz
2017-05-04 7:39 ` Geert Uytterhoeven
2017-05-04 7:50 ` [PATCH] dm-integrity: Add proper description of module to KConfig Milan Broz
1 sibling, 1 reply; 4+ messages in thread
From: Milan Broz @ 2017-05-04 7:31 UTC (permalink / raw)
To: Geert Uytterhoeven, Mikulas Patocka, Mike Snitzer
Cc: Linux Kernel Mailing List, linux-raid
On 05/04/2017 08:03 AM, Geert Uytterhoeven wrote:
>> +config DM_INTEGRITY
>> + tristate "Integrity target"
>> + depends on BLK_DEV_DM
>> + select BLK_DEV_INTEGRITY
>> + select DM_BUFIO
>> + select CRYPTO
>> + select ASYNC_XOR
>> + ---help---
>> + This is the integrity target.
>
> Which is...?
>
> Can you please extend the help message for the uneducated?
Yes, sorry, this is our oversight.
Mike already promised that this text will be extended in the next patchset.
For now you can find the description in documentation
Documentation/device-mapper/dm-integrity.txt
"The dm-integrity target emulates a block device that has additional
per-sector tags that can be used for storing integrity information."
(The major designed use case is for providing metadata space for tags
for authenticated encryption in dm-crypt but it can be used also as
a standalone target.)
Thanks,
Milan
^ permalink raw reply [flat|nested] 4+ messages in thread
* Re: DM_INTEGRITY Kconfig help (was: Re: dm: add integrity target)
2017-05-04 7:31 ` Milan Broz
@ 2017-05-04 7:39 ` Geert Uytterhoeven
0 siblings, 0 replies; 4+ messages in thread
From: Geert Uytterhoeven @ 2017-05-04 7:39 UTC (permalink / raw)
To: Milan Broz
Cc: Mikulas Patocka, Mike Snitzer, Linux Kernel Mailing List, linux-raid
Hi Milan,
On Thu, May 4, 2017 at 9:31 AM, Milan Broz <gmazyland@gmail.com> wrote:
> On 05/04/2017 08:03 AM, Geert Uytterhoeven wrote:
>>> +config DM_INTEGRITY
>>> + tristate "Integrity target"
>>> + depends on BLK_DEV_DM
>>> + select BLK_DEV_INTEGRITY
>>> + select DM_BUFIO
>>> + select CRYPTO
>>> + select ASYNC_XOR
>>> + ---help---
>>> + This is the integrity target.
>>
>> Which is...?
>>
>> Can you please extend the help message for the uneducated?
>
> Yes, sorry, this is our oversight.
>
> Mike already promised that this text will be extended in the next patchset.
Thanks, good to know this is planned.
Gr{oetje,eeting}s,
Geert
--
Geert Uytterhoeven -- There's lots of Linux beyond ia32 -- geert@linux-m68k.org
In personal conversations with technical people, I call myself a hacker. But
when I'm talking to journalists I just say "programmer" or something like that.
-- Linus Torvalds
^ permalink raw reply [flat|nested] 4+ messages in thread
* [PATCH] dm-integrity: Add proper description of module to KConfig.
2017-05-04 6:03 DM_INTEGRITY Kconfig help (was: Re: dm: add integrity target) Geert Uytterhoeven
2017-05-04 7:31 ` Milan Broz
@ 2017-05-04 7:50 ` Milan Broz
1 sibling, 0 replies; 4+ messages in thread
From: Milan Broz @ 2017-05-04 7:50 UTC (permalink / raw)
To: dm-devel; +Cc: linux-kernel, Milan Broz
Add more descriptive text to explain what it the dm-integrity
when it should be enabled.
Signed-off-by: Milan Broz <gmazyland@gmail.com>
---
drivers/md/Kconfig | 16 +++++++++++++++-
1 file changed, 15 insertions(+), 1 deletion(-)
diff --git a/drivers/md/Kconfig b/drivers/md/Kconfig
index 7468a22f9d10..3e96fccbbdb2 100644
--- a/drivers/md/Kconfig
+++ b/drivers/md/Kconfig
@@ -509,6 +509,20 @@ config DM_INTEGRITY
select CRYPTO
select ASYNC_XOR
---help---
- This is the integrity target.
+ This device-mapper target emulates a block device that has additional
+ per-sector tags that can be used for storing integrity information.
+
+ The dm-integrity target is used with the dm-crypt target to provide
+ authenticated disk encryption or it can also be used as a standalone
+ target. In standalone mode it calculates and verifies the data integrity
+ internally.
+
+ You should enable this option if you plan to use dm-crypt target
+ in authenticated disk encryption mode.
+
+ To compile this code as a module, choose M here: the module will
+ be called dm-integrity.
+
+ If unsure, say N.
endif # MD
--
2.11.0
^ permalink raw reply related [flat|nested] 4+ messages in thread
end of thread, other threads:[~2017-05-04 7:51 UTC | newest]
Thread overview: 4+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2017-05-04 6:03 DM_INTEGRITY Kconfig help (was: Re: dm: add integrity target) Geert Uytterhoeven
2017-05-04 7:31 ` Milan Broz
2017-05-04 7:39 ` Geert Uytterhoeven
2017-05-04 7:50 ` [PATCH] dm-integrity: Add proper description of module to KConfig Milan Broz
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.