[dm-crypt] Re: [DM-Verity] Corruption after activation during boot

From: Aditya Prakash <adiprakash@cs.stonybrook.edu>
To: Milan Broz <gmazyland@gmail.com>
Cc: Tom Eccles <tom.eccles@codethink.co.uk>, dm-crypt@saout.de
Subject: [dm-crypt] Re: [DM-Verity] Corruption after activation during boot
Date: Wed, 24 Mar 2021 18:24:53 -0700	[thread overview]
Message-ID: <CAA+CgzZHVn1KJ3kE6sFEZCSrz2y=6=5B0wU_8=aXRyu=A6bV0A@mail.gmail.com> (raw)
In-Reply-To: <dbd3a5fe-2223-859c-5460-f8e8e5c9cef1@gmail.com>

[-- Attachment #1.1: Type: text/plain, Size: 3063 bytes --]

Yeah When I format and run the verify, it works fine. However, it is just
the boot time when it gives the corruption after activation error.
I will try to use other systems to verify as per your suggestion.

Thanks

On Wed, Mar 24, 2021 at 5:10 PM Milan Broz <gmazyland@gmail.com> wrote:

> On 25/03/2021 00:51, Aditya Prakash wrote:
> > Hi Milan,
> > I tried getting the logs but not much help. I have included all the
> modules related to dm_crypt and dm_verity.
>
> It is not only about only dm-verity, you need perhaps some crypto modules.
>
> Do you have correct root hash and data offset there?
>
> Anyway, try verification in other system - not the cryptsetup userspace
> verify, but try to actually open
> the device in kernel and check it. (Cryptsetup verify doesn't to use
> kernel crypto at all.)
> If it works there, it should work with ther same parameters for boot too.
>
> Compare "dmsetup table --showkeys"  parameters with the boot you are using
> (root hash, offsets, ...).
>
> m.
>
>  Also, I see this error in dmesg:
> >
> > /device-mapper: verity: X:Y data block 0 is corrupted/
> > /EXT4-fs (dm-0): bad geometry: block count 1048567 exceeds size of
> device (796069 blocks)/
> >
> > Note that the verity target is loaded and is in a corrupt state. Since
> the data device is being used for storing a hash tree, the boot process is
> not able to identify the complete filesystem size.
> >
> >
> > Regards,
> > Aditya
> >
> > On Wed, Mar 24, 2021 at 2:48 AM Milan Broz <gmazyland@gmail.com <mailto:
> gmazyland@gmail.com>> wrote:
> >
> >
> >     On 24/03/2021 09:57, Tom Eccles wrote:
> >     > Hi Aditya,
> >     >
> >     > On 3/20/21 11:22 AM, Aditya Prakash wrote:
> >     >> Hi,
> >     >> I am using the same device (/dev/sda2) for data and hash with
> --hash-offset
> >     >> set. The hash offset is set to 4096 added to the total space used
> in
> >     >> /dev/sda. When I verify the verity target without activating, it
> succeeds
> >     >> and gives valid (V) status. However, when I try to load it during
> boot, it
> >     >> gives an error with corruption at 0 and 1 block and is stuck in
> the boot
> >     >> loop.
> >     >>
> >     >> Is there something wrong I am doing with the hash-offset? Any
> help or
> >     >> guidance would be really appreciated.
> >     >
> >     > This sounds similar to
> https://gitlab.com/cryptsetup/cryptsetup/-/issues/462 <
> https://gitlab.com/cryptsetup/cryptsetup/-/issues/462>
> >     >
> >     > That issue should be fixed with Linux 5.12.
> >
> >     That bug is for forward error correction only (that's optional), I
> think this is not the case here.
> >
> >     My guess is that kernel is missing some module (crypt hash or so) in
> the boot phase.
> >
> >     Please check syslog, there should be some error messasage.
> >
> >     Milan
> >     _______________________________________________
> >     dm-crypt mailing list -- dm-crypt@saout.de <mailto:dm-crypt@saout.de
> >
> >     To unsubscribe send an email to dm-crypt-leave@saout.de <mailto:
> dm-crypt-leave@saout.de>
> >
>

[-- Attachment #1.2: Type: text/html, Size: 4426 bytes --]

[-- Attachment #2: Type: text/plain, Size: 147 bytes --]

_______________________________________________
dm-crypt mailing list -- dm-crypt@saout.de
To unsubscribe send an email to dm-crypt-leave@saout.de