* [dm-crypt] [DM-Verity] Corruption after activation during boot @ 2021-03-20 11:22 Aditya Prakash 2021-03-24 8:57 ` [dm-crypt] " Tom Eccles 0 siblings, 1 reply; 6+ messages in thread From: Aditya Prakash @ 2021-03-20 11:22 UTC (permalink / raw) To: dm-crypt [-- Attachment #1.1: Type: text/plain, Size: 503 bytes --] Hi, I am using the same device (/dev/sda2) for data and hash with --hash-offset set. The hash offset is set to 4096 added to the total space used in /dev/sda. When I verify the verity target without activating, it succeeds and gives valid (V) status. However, when I try to load it during boot, it gives an error with corruption at 0 and 1 block and is stuck in the boot loop. Is there something wrong I am doing with the hash-offset? Any help or guidance would be really appreciated. Thanks, Aditya [-- Attachment #1.2: Type: text/html, Size: 609 bytes --] [-- Attachment #2: Type: text/plain, Size: 147 bytes --] _______________________________________________ dm-crypt mailing list -- dm-crypt@saout.de To unsubscribe send an email to dm-crypt-leave@saout.de ^ permalink raw reply [flat|nested] 6+ messages in thread
* [dm-crypt] Re: [DM-Verity] Corruption after activation during boot 2021-03-20 11:22 [dm-crypt] [DM-Verity] Corruption after activation during boot Aditya Prakash @ 2021-03-24 8:57 ` Tom Eccles 2021-03-24 9:45 ` Milan Broz 0 siblings, 1 reply; 6+ messages in thread From: Tom Eccles @ 2021-03-24 8:57 UTC (permalink / raw) To: dm-crypt Hi Aditya, On 3/20/21 11:22 AM, Aditya Prakash wrote: > Hi, > I am using the same device (/dev/sda2) for data and hash with --hash-offset > set. The hash offset is set to 4096 added to the total space used in > /dev/sda. When I verify the verity target without activating, it succeeds > and gives valid (V) status. However, when I try to load it during boot, it > gives an error with corruption at 0 and 1 block and is stuck in the boot > loop. > > Is there something wrong I am doing with the hash-offset? Any help or > guidance would be really appreciated. This sounds similar to https://gitlab.com/cryptsetup/cryptsetup/-/issues/462 That issue should be fixed with Linux 5.12. Tom > > Thanks, > Aditya > > > _______________________________________________ > dm-crypt mailing list -- dm-crypt@saout.de > To unsubscribe send an email to dm-crypt-leave@saout.de > _______________________________________________ dm-crypt mailing list -- dm-crypt@saout.de To unsubscribe send an email to dm-crypt-leave@saout.de ^ permalink raw reply [flat|nested] 6+ messages in thread
* [dm-crypt] Re: [DM-Verity] Corruption after activation during boot 2021-03-24 8:57 ` [dm-crypt] " Tom Eccles @ 2021-03-24 9:45 ` Milan Broz 2021-03-24 23:51 ` Aditya Prakash 0 siblings, 1 reply; 6+ messages in thread From: Milan Broz @ 2021-03-24 9:45 UTC (permalink / raw) To: Tom Eccles, dm-crypt On 24/03/2021 09:57, Tom Eccles wrote: > Hi Aditya, > > On 3/20/21 11:22 AM, Aditya Prakash wrote: >> Hi, >> I am using the same device (/dev/sda2) for data and hash with --hash-offset >> set. The hash offset is set to 4096 added to the total space used in >> /dev/sda. When I verify the verity target without activating, it succeeds >> and gives valid (V) status. However, when I try to load it during boot, it >> gives an error with corruption at 0 and 1 block and is stuck in the boot >> loop. >> >> Is there something wrong I am doing with the hash-offset? Any help or >> guidance would be really appreciated. > > This sounds similar to https://gitlab.com/cryptsetup/cryptsetup/-/issues/462 > > That issue should be fixed with Linux 5.12. That bug is for forward error correction only (that's optional), I think this is not the case here. My guess is that kernel is missing some module (crypt hash or so) in the boot phase. Please check syslog, there should be some error messasage. Milan _______________________________________________ dm-crypt mailing list -- dm-crypt@saout.de To unsubscribe send an email to dm-crypt-leave@saout.de ^ permalink raw reply [flat|nested] 6+ messages in thread
* [dm-crypt] Re: [DM-Verity] Corruption after activation during boot 2021-03-24 9:45 ` Milan Broz @ 2021-03-24 23:51 ` Aditya Prakash 2021-03-25 0:10 ` Milan Broz 0 siblings, 1 reply; 6+ messages in thread From: Aditya Prakash @ 2021-03-24 23:51 UTC (permalink / raw) To: Milan Broz; +Cc: Tom Eccles, dm-crypt [-- Attachment #1.1: Type: text/plain, Size: 1805 bytes --] Hi Milan, I tried getting the logs but not much help. I have included all the modules related to dm_crypt and dm_verity. Also, I see this error in dmesg: *device-mapper: verity: X:Y data block 0 is corrupted* *EXT4-fs (dm-0): bad geometry: block count 1048567 exceeds size of device (796069 blocks)* Note that the verity target is loaded and is in a corrupt state. Since the data device is being used for storing a hash tree, the boot process is not able to identify the complete filesystem size. Regards, Aditya On Wed, Mar 24, 2021 at 2:48 AM Milan Broz <gmazyland@gmail.com> wrote: > > On 24/03/2021 09:57, Tom Eccles wrote: > > Hi Aditya, > > > > On 3/20/21 11:22 AM, Aditya Prakash wrote: > >> Hi, > >> I am using the same device (/dev/sda2) for data and hash with > --hash-offset > >> set. The hash offset is set to 4096 added to the total space used in > >> /dev/sda. When I verify the verity target without activating, it > succeeds > >> and gives valid (V) status. However, when I try to load it during boot, > it > >> gives an error with corruption at 0 and 1 block and is stuck in the boot > >> loop. > >> > >> Is there something wrong I am doing with the hash-offset? Any help or > >> guidance would be really appreciated. > > > > This sounds similar to > https://gitlab.com/cryptsetup/cryptsetup/-/issues/462 > > > > That issue should be fixed with Linux 5.12. > > That bug is for forward error correction only (that's optional), I think > this is not the case here. > > My guess is that kernel is missing some module (crypt hash or so) in the > boot phase. > > Please check syslog, there should be some error messasage. > > Milan > _______________________________________________ > dm-crypt mailing list -- dm-crypt@saout.de > To unsubscribe send an email to dm-crypt-leave@saout.de > [-- Attachment #1.2: Type: text/html, Size: 2971 bytes --] [-- Attachment #2: Type: text/plain, Size: 147 bytes --] _______________________________________________ dm-crypt mailing list -- dm-crypt@saout.de To unsubscribe send an email to dm-crypt-leave@saout.de ^ permalink raw reply [flat|nested] 6+ messages in thread
* [dm-crypt] Re: [DM-Verity] Corruption after activation during boot 2021-03-24 23:51 ` Aditya Prakash @ 2021-03-25 0:10 ` Milan Broz 2021-03-25 1:24 ` Aditya Prakash 0 siblings, 1 reply; 6+ messages in thread From: Milan Broz @ 2021-03-25 0:10 UTC (permalink / raw) To: Aditya Prakash; +Cc: Tom Eccles, dm-crypt On 25/03/2021 00:51, Aditya Prakash wrote: > Hi Milan, > I tried getting the logs but not much help. I have included all the modules related to dm_crypt and dm_verity. It is not only about only dm-verity, you need perhaps some crypto modules. Do you have correct root hash and data offset there? Anyway, try verification in other system - not the cryptsetup userspace verify, but try to actually open the device in kernel and check it. (Cryptsetup verify doesn't to use kernel crypto at all.) If it works there, it should work with ther same parameters for boot too. Compare "dmsetup table --showkeys" parameters with the boot you are using (root hash, offsets, ...). m. Also, I see this error in dmesg: > > /device-mapper: verity: X:Y data block 0 is corrupted/ > /EXT4-fs (dm-0): bad geometry: block count 1048567 exceeds size of device (796069 blocks)/ > > Note that the verity target is loaded and is in a corrupt state. Since the data device is being used for storing a hash tree, the boot process is not able to identify the complete filesystem size. > > > Regards, > Aditya > > On Wed, Mar 24, 2021 at 2:48 AM Milan Broz <gmazyland@gmail.com <mailto:gmazyland@gmail.com>> wrote: > > > On 24/03/2021 09:57, Tom Eccles wrote: > > Hi Aditya, > > > > On 3/20/21 11:22 AM, Aditya Prakash wrote: > >> Hi, > >> I am using the same device (/dev/sda2) for data and hash with --hash-offset > >> set. The hash offset is set to 4096 added to the total space used in > >> /dev/sda. When I verify the verity target without activating, it succeeds > >> and gives valid (V) status. However, when I try to load it during boot, it > >> gives an error with corruption at 0 and 1 block and is stuck in the boot > >> loop. > >> > >> Is there something wrong I am doing with the hash-offset? Any help or > >> guidance would be really appreciated. > > > > This sounds similar to https://gitlab.com/cryptsetup/cryptsetup/-/issues/462 <https://gitlab.com/cryptsetup/cryptsetup/-/issues/462> > > > > That issue should be fixed with Linux 5.12. > > That bug is for forward error correction only (that's optional), I think this is not the case here. > > My guess is that kernel is missing some module (crypt hash or so) in the boot phase. > > Please check syslog, there should be some error messasage. > > Milan > _______________________________________________ > dm-crypt mailing list -- dm-crypt@saout.de <mailto:dm-crypt@saout.de> > To unsubscribe send an email to dm-crypt-leave@saout.de <mailto:dm-crypt-leave@saout.de> > _______________________________________________ dm-crypt mailing list -- dm-crypt@saout.de To unsubscribe send an email to dm-crypt-leave@saout.de ^ permalink raw reply [flat|nested] 6+ messages in thread
* [dm-crypt] Re: [DM-Verity] Corruption after activation during boot 2021-03-25 0:10 ` Milan Broz @ 2021-03-25 1:24 ` Aditya Prakash 0 siblings, 0 replies; 6+ messages in thread From: Aditya Prakash @ 2021-03-25 1:24 UTC (permalink / raw) To: Milan Broz; +Cc: Tom Eccles, dm-crypt [-- Attachment #1.1: Type: text/plain, Size: 3063 bytes --] Yeah When I format and run the verify, it works fine. However, it is just the boot time when it gives the corruption after activation error. I will try to use other systems to verify as per your suggestion. Thanks On Wed, Mar 24, 2021 at 5:10 PM Milan Broz <gmazyland@gmail.com> wrote: > On 25/03/2021 00:51, Aditya Prakash wrote: > > Hi Milan, > > I tried getting the logs but not much help. I have included all the > modules related to dm_crypt and dm_verity. > > It is not only about only dm-verity, you need perhaps some crypto modules. > > Do you have correct root hash and data offset there? > > Anyway, try verification in other system - not the cryptsetup userspace > verify, but try to actually open > the device in kernel and check it. (Cryptsetup verify doesn't to use > kernel crypto at all.) > If it works there, it should work with ther same parameters for boot too. > > Compare "dmsetup table --showkeys" parameters with the boot you are using > (root hash, offsets, ...). > > m. > > Also, I see this error in dmesg: > > > > /device-mapper: verity: X:Y data block 0 is corrupted/ > > /EXT4-fs (dm-0): bad geometry: block count 1048567 exceeds size of > device (796069 blocks)/ > > > > Note that the verity target is loaded and is in a corrupt state. Since > the data device is being used for storing a hash tree, the boot process is > not able to identify the complete filesystem size. > > > > > > Regards, > > Aditya > > > > On Wed, Mar 24, 2021 at 2:48 AM Milan Broz <gmazyland@gmail.com <mailto: > gmazyland@gmail.com>> wrote: > > > > > > On 24/03/2021 09:57, Tom Eccles wrote: > > > Hi Aditya, > > > > > > On 3/20/21 11:22 AM, Aditya Prakash wrote: > > >> Hi, > > >> I am using the same device (/dev/sda2) for data and hash with > --hash-offset > > >> set. The hash offset is set to 4096 added to the total space used > in > > >> /dev/sda. When I verify the verity target without activating, it > succeeds > > >> and gives valid (V) status. However, when I try to load it during > boot, it > > >> gives an error with corruption at 0 and 1 block and is stuck in > the boot > > >> loop. > > >> > > >> Is there something wrong I am doing with the hash-offset? Any > help or > > >> guidance would be really appreciated. > > > > > > This sounds similar to > https://gitlab.com/cryptsetup/cryptsetup/-/issues/462 < > https://gitlab.com/cryptsetup/cryptsetup/-/issues/462> > > > > > > That issue should be fixed with Linux 5.12. > > > > That bug is for forward error correction only (that's optional), I > think this is not the case here. > > > > My guess is that kernel is missing some module (crypt hash or so) in > the boot phase. > > > > Please check syslog, there should be some error messasage. > > > > Milan > > _______________________________________________ > > dm-crypt mailing list -- dm-crypt@saout.de <mailto:dm-crypt@saout.de > > > > To unsubscribe send an email to dm-crypt-leave@saout.de <mailto: > dm-crypt-leave@saout.de> > > > [-- Attachment #1.2: Type: text/html, Size: 4426 bytes --] [-- Attachment #2: Type: text/plain, Size: 147 bytes --] _______________________________________________ dm-crypt mailing list -- dm-crypt@saout.de To unsubscribe send an email to dm-crypt-leave@saout.de ^ permalink raw reply [flat|nested] 6+ messages in thread
end of thread, other threads:[~2021-03-25 1:27 UTC | newest] Thread overview: 6+ messages (download: mbox.gz / follow: Atom feed) -- links below jump to the message on this page -- 2021-03-20 11:22 [dm-crypt] [DM-Verity] Corruption after activation during boot Aditya Prakash 2021-03-24 8:57 ` [dm-crypt] " Tom Eccles 2021-03-24 9:45 ` Milan Broz 2021-03-24 23:51 ` Aditya Prakash 2021-03-25 0:10 ` Milan Broz 2021-03-25 1:24 ` Aditya Prakash
This is a public inbox, see mirroring instructions for how to clone and mirror all data and code used for this inbox; as well as URLs for NNTP newsgroup(s).