diff options
| author | Mikulas Patocka <mpatocka@redhat.com> | 2017-01-04 20:23:53 +0100 |
|---|---|---|
| committer | Mike Snitzer <snitzer@redhat.com> | 2017-03-24 15:49:07 -0400 |
| commit | 7eada909bfd7ac90a4522e56aa3179d1fd68cd14 (patch) | |
| tree | c39c6f09604428e790a9fe8946431830c75bb790 /Makefile | |
| parent | 400a0befc96240f7bb2a53b9622deffd55d385fe (diff) | |
| download | linux-7eada909bfd7ac90a4522e56aa3179d1fd68cd14.tar.gz linux-7eada909bfd7ac90a4522e56aa3179d1fd68cd14.tar.bz2 linux-7eada909bfd7ac90a4522e56aa3179d1fd68cd14.zip | |
dm: add integrity target
The dm-integrity target emulates a block device that has additional
per-sector tags that can be used for storing integrity information.
A general problem with storing integrity tags with every sector is that
writing the sector and the integrity tag must be atomic - i.e. in case of
crash, either both sector and integrity tag or none of them is written.
To guarantee write atomicity the dm-integrity target uses a journal. It
writes sector data and integrity tags into a journal, commits the journal
and then copies the data and integrity tags to their respective location.
The dm-integrity target can be used with the dm-crypt target - in this
situation the dm-crypt target creates the integrity data and passes them
to the dm-integrity target via bio_integrity_payload attached to the bio.
In this mode, the dm-crypt and dm-integrity targets provide authenticated
disk encryption - if the attacker modifies the encrypted device, an I/O
error is returned instead of random data.
The dm-integrity target can also be used as a standalone target, in this
mode it calculates and verifies the integrity tag internally. In this
mode, the dm-integrity target can be used to detect silent data
corruption on the disk or in the I/O path.
Signed-off-by: Mikulas Patocka <mpatocka@redhat.com>
Signed-off-by: Milan Broz <gmazyland@gmail.com>
Signed-off-by: Mike Snitzer <snitzer@redhat.com>
Diffstat (limited to 'Makefile')
0 files changed, 0 insertions, 0 deletions