{ "content": [ { "type": "text", "text": "# integritysetup(8) (man)\n\n**Summary:** integritysetup - manage dm-integrity (block level integrity) volumes\n\n## Flags\n\n| Flag | Long | Arg | Description |\n|------|------|-----|-------------|\n| -v | --verbose | — | Print more information on command execution. |\n| — | --debug | — | Run in debug mode with full diagnostic logs. Debug output lines are always prefixed by '#'. |\n| — | --version | — | Show the program version. |\n| — | --batch-mode | — | Do not ask for confirmation. |\n| — | --progress-frequency | | Print separate line every with wipe progress. |\n| — | --no-wipe | — | Do not wipe the device after format. A device that is not initially wiped will contain invalid checksums. |\n| -j | --journal-size | BYTES | Size of the journal. |\n| — | --interleave-sectors | SECTORS | The number of interleaved sectors. |\n| — | --integrity-recalculate | — | Automatically recalculate integrity tags in kernel on activation. The device can be used during automatic integrity reca |\n| — | --integrity-recalculate-reset | — | Restart recalculation from the beginning of the device. It can be used to change the integrity checksum function. Note i |\n| — | --journal-watermark | PERCENT | Journal watermark in percents. When the size of the journal exceeds this watermark, the journal flush will be started. |\n| — | --journal-commit-time | MS | Commit time in milliseconds. When this time passes (and no explicit flush operation was issued), the journal is written. |\n| -t | --tag-size | BYTES | Size of the integrity tag per-sector (here the integrity function will store authenti‐ cation tag). NOTE: The size can b |\n| — | --data-device | — | Specify a separate data device that contains existing data. The then will contain calculated integrity tags and |\n| -s | --sector-size | BYTES | Sector size (power of two: 512, 1024, 2048, 4096). |\n| — | --buffer-sectors | SECTORS | The number of sectors in one buffer. The tag area is accessed using buffers, the large buffer size means that the I/O si |\n| -I | --integrity | ALGORITHM | Use internal integrity calculation (standalone mode). The integrity algorithm can be CRC (crc32c/crc32) or hash function |\n| — | --integrity-key-size | BYTES | The size of the data integrity key. Maximum is 4096 bytes. |\n| — | --integrity-key-file | FILE | The file with the integrity key. |\n| -D | --integrity-no-journal | — | Disable journal for integrity device. |\n| -B | --integrity-bitmap-mode. | — | Use alternate bitmap mode (available since Linux kernel 5.2) where dm-integrity uses bitmap instead of a journal. If a b |\n| — | --bitmap-sectors-per-bit | SECTORS | Number of 512-byte sectors per bitmap bit, the value must be power of two. |\n| — | --bitmap-flush-time | MS | Bitmap flush time in milliseconds. |\n| -R | --integrity-recovery-mode. | — | Recovery mode (no journal, no tag checking). NOTE: The following options are intended for testing purposes only. Using j |\n| — | --journal-integrity | ALGORITHM | Integrity algorithm for journal area. See --integrity option for detailed specifica‐ tion. |\n| — | --journal-integrity-key-size | BYTES | The size of the journal integrity key. Maximum is 4096 bytes. |\n| — | --journal-integrity-key-file | FILE | The file with the integrity key. |\n| — | --journal-crypt | ALGORITHM | Encryption algorithm for journal data area. You can use a block cipher here such as cbc-aes or a stream cipher, for exam |\n| — | --journal-crypt-key-size | BYTES | The size of the journal encryption key. Maximum is 4096 bytes. |\n| — | --journal-crypt-key-file | FILE | The file with the journal encryption key. |\n| — | --allow-discards | — | Allow the use of discard (TRIM) requests for the device. This option is available since the Linux kernel version 5.7. |\n| — | --deferred | — | Defers device removal in close command until the last user closes it. |\n| — | --cancel-deferred | — | Removes a previously configured deferred device removal in close command. The dm-integrity target is available since Lin |\n\n## Examples\n\n- `Format the device with default standalone mode (CRC32C):`\n- `Open the device with default parameters:`\n- `Format the device in standalone mode for use with HMAC(SHA256):`\n- ` --integrity-key-size `\n- `Open (activate) the device with HMAC(SHA256) and HMAC key in file:`\n- `--integrity-key-size `\n- `Dump dm-integrity superblock information:`\n\n## Section Outline\n\n- **NAME** (2 lines)\n- **SYNOPSIS** (1 lines) — 1 subsections\n - integritysetup (1 lines)\n- **DESCRIPTION** (47 lines)\n- **OPTIONS** (1 lines) — 34 subsections\n - --verbose, -v (2 lines)\n - --debug (3 lines)\n - --version (2 lines)\n - --batch-mode (2 lines)\n - --progress-frequency (2 lines)\n - --no-wipe (3 lines)\n - --journal-size, -j BYTES (2 lines)\n - --interleave-sectors SECTORS (2 lines)\n - --integrity-recalculate (5 lines)\n - --integrity-recalculate-reset (4 lines)\n - --journal-watermark PERCENT (3 lines)\n - --journal-commit-time MS (3 lines)\n - --tag-size, -t BYTES (6 lines)\n - --data-device (3 lines)\n - --sector-size, -s BYTES (2 lines)\n - --buffer-sectors SECTORS (5 lines)\n - --integrity, -I ALGORITHM (5 lines)\n - --integrity-key-size BYTES (2 lines)\n - --integrity-key-file FILE (2 lines)\n - --integrity-no-journal, -D (2 lines)\n - --integrity-bitmap-mode. -B (7 lines)\n - --bitmap-sectors-per-bit SECTORS (2 lines)\n - --bitmap-flush-time MS (3 lines)\n - WARNING: (3 lines)\n - --integrity-recovery-mode. -R (7 lines)\n - --journal-integrity ALGORITHM (3 lines)\n - --journal-integrity-key-size BYTES (2 lines)\n - --journal-integrity-key-file FILE (2 lines)\n - --journal-crypt ALGORITHM (3 lines)\n - --journal-crypt-key-size BYTES (2 lines)\n - --journal-crypt-key-file FILE (2 lines)\n - --allow-discards (3 lines)\n - --deferred (2 lines)\n - --cancel-deferred (8 lines)\n- **LEGACY COMPATIBILITY OPTIONS** (1 lines) — 4 subsections\n - WARNING: (2 lines)\n - --integrity-legacy-padding (2 lines)\n - --integrity-legacy-hmac (2 lines)\n - --integrity-legacy-recalculate (4 lines)\n- **RETURN CODES** (10 lines)\n- **EXAMPLES** (2 lines) — 5 subsections\n - integritysetup format (2 lines)\n - integritysetup open test (2 lines)\n - integritysetup format --tag-size 32 --integrity (4 lines)\n - integritysetup open test --integrity hmac-sha256 (4 lines)\n - integritysetup dump (1 lines)\n- **REPORTING BUGS** (4 lines)\n- **AUTHORS** (3 lines)\n- **COPYRIGHT** (6 lines)\n- **SEE ALSO** (3 lines) — 1 subsections\n - setup/wikis/DMIntegrity (1 lines)\n\n## Full Content\n\n### NAME\n\nintegritysetup - manage dm-integrity (block level integrity) volumes\n\n### SYNOPSIS\n\n#### integritysetup \n\n### DESCRIPTION\n\nIntegritysetup is used to configure dm-integrity managed device-mapper mappings.\n\nDevice-mapper integrity target provides read-write transparent integrity checking of block\ndevices. The dm-integrity target emulates additional data integrity field per-sector. You can\nuse this additional field directly with integritysetup utility, or indirectly (for authenti‐\ncated encryption) through cryptsetup.\n\nIntegritysetup supports these operations:\n\nformat \n\nFormats (calculates space and dm-integrity superblock and wipes the device).\n\n can be [--data-device, --batch-mode, --no-wipe, --journal-size, --inter‐\nleave-sectors, --tag-size, --integrity, --integrity-key-size, --integrity-key-file,\n--sector-size, --progress-frequency]\n\n\nopen \ncreate (OBSOLETE syntax)\n\nOpen a mapping with backed by device .\n\n can be [--data-device, --batch-mode, --journal-watermark, --journal-com‐\nmit-time, --buffer-sectors, --integrity, --integrity-key-size, --integrity-key-file,\n--integrity-no-journal, --integrity-recalculate, --integrity-recalculate-reset,--in‐\ntegrity-recovery-mode, --allow-discards]\n\n\nclose \n\nRemoves existing mapping .\n\nFor backward compatibility, there is remove command alias for the close command.\n\n can be [--deferred] or [--cancel-deferred]\n\n\nstatus \n\nReports status for the active integrity mapping .\n\ndump \n\nReports parameters from on-disk stored superblock.\n\n### OPTIONS\n\n#### --verbose, -v\n\nPrint more information on command execution.\n\n#### --debug\n\nRun in debug mode with full diagnostic logs. Debug output lines are always prefixed by\n'#'.\n\n#### --version\n\nShow the program version.\n\n#### --batch-mode\n\nDo not ask for confirmation.\n\n#### --progress-frequency \n\nPrint separate line every with wipe progress.\n\n#### --no-wipe\n\nDo not wipe the device after format. A device that is not initially wiped will contain\ninvalid checksums.\n\n#### --journal-size, -j BYTES\n\nSize of the journal.\n\n#### --interleave-sectors SECTORS\n\nThe number of interleaved sectors.\n\n#### --integrity-recalculate\n\nAutomatically recalculate integrity tags in kernel on activation. The device can be\nused during automatic integrity recalculation but becomes fully integrity protected\nonly after the background operation is finished. This option is available since the\nLinux kernel version 4.19.\n\n#### --integrity-recalculate-reset\n\nRestart recalculation from the beginning of the device. It can be used to change the\nintegrity checksum function. Note it does not change the tag length. This option is\navailable since the Linux kernel version 5.13.\n\n#### --journal-watermark PERCENT\n\nJournal watermark in percents. When the size of the journal exceeds this watermark,\nthe journal flush will be started.\n\n#### --journal-commit-time MS\n\nCommit time in milliseconds. When this time passes (and no explicit flush operation\nwas issued), the journal is written.\n\n#### --tag-size, -t BYTES\n\nSize of the integrity tag per-sector (here the integrity function will store authenti‐\ncation tag).\n\nNOTE: The size can be smaller that output size of the hash function, in that case only\npart of the hash will be stored.\n\n#### --data-device\n\nSpecify a separate data device that contains existing data. The then will\ncontain calculated integrity tags and journal for this data device.\n\n#### --sector-size, -s BYTES\n\nSector size (power of two: 512, 1024, 2048, 4096).\n\n#### --buffer-sectors SECTORS\n\nThe number of sectors in one buffer.\n\nThe tag area is accessed using buffers, the large buffer size means that the I/O size\nwill be larger, but there could be less I/Os issued.\n\n#### --integrity, -I ALGORITHM\n\nUse internal integrity calculation (standalone mode). The integrity algorithm can be\nCRC (crc32c/crc32) or hash function (sha1, sha256).\n\nFor HMAC (hmac-sha256) you have also to specify an integrity key and its size.\n\n#### --integrity-key-size BYTES\n\nThe size of the data integrity key. Maximum is 4096 bytes.\n\n#### --integrity-key-file FILE\n\nThe file with the integrity key.\n\n#### --integrity-no-journal, -D\n\nDisable journal for integrity device.\n\n#### --integrity-bitmap-mode. -B\n\nUse alternate bitmap mode (available since Linux kernel 5.2) where dm-integrity uses\nbitmap instead of a journal. If a bit in the bitmap is 1, the corresponding region's\ndata and integrity tags are not synchronized - if the machine crashes, the unsynchro‐\nnized regions will be recalculated. The bitmap mode is faster than the journal mode,\nbecause we don't have to write the data twice, but it is also less reliable, because\nif data corruption happens when the machine crashes, it may not be detected.\n\n#### --bitmap-sectors-per-bit SECTORS\n\nNumber of 512-byte sectors per bitmap bit, the value must be power of two.\n\n#### --bitmap-flush-time MS\n\nBitmap flush time in milliseconds.\n\n#### WARNING:\n\nIn case of a crash, it is possible that the data and integrity tag doesn't match if\nthe journal is disabled.\n\n#### --integrity-recovery-mode. -R\n\nRecovery mode (no journal, no tag checking).\n\n\nNOTE: The following options are intended for testing purposes only.\nUsing journal encryption does not make sense without encryption the data, these op‐\ntions are internally used in authenticated disk encryption with cryptsetup(8).\n\n#### --journal-integrity ALGORITHM\n\nIntegrity algorithm for journal area. See --integrity option for detailed specifica‐\ntion.\n\n#### --journal-integrity-key-size BYTES\n\nThe size of the journal integrity key. Maximum is 4096 bytes.\n\n#### --journal-integrity-key-file FILE\n\nThe file with the integrity key.\n\n#### --journal-crypt ALGORITHM\n\nEncryption algorithm for journal data area. You can use a block cipher here such as\ncbc-aes or a stream cipher, for example, chacha20 or ctr-aes.\n\n#### --journal-crypt-key-size BYTES\n\nThe size of the journal encryption key. Maximum is 4096 bytes.\n\n#### --journal-crypt-key-file FILE\n\nThe file with the journal encryption key.\n\n#### --allow-discards\n\nAllow the use of discard (TRIM) requests for the device. This option is available\nsince the Linux kernel version 5.7.\n\n#### --deferred\n\nDefers device removal in close command until the last user closes it.\n\n#### --cancel-deferred\n\nRemoves a previously configured deferred device removal in close command.\n\nThe dm-integrity target is available since Linux kernel version 4.12.\n\nNOTE: Format and activation of an integrity device always require superuser privilege be‐\ncause the superblock is calculated and handled in dm-integrity kernel target.\n\n### LEGACY COMPATIBILITY OPTIONS\n\n#### WARNING:\n\nDo not use these options until you need compatibility with specific old kernel.\n\n#### --integrity-legacy-padding\n\nUse inefficient legacy padding.\n\n#### --integrity-legacy-hmac\n\nUse old flawed HMAC calclation (also does not protect superblock).\n\n#### --integrity-legacy-recalculate\n\nAllow insecure recalculating of volumes with HMAC keys (recalcualtion offset in su‐\nperblock is not protected).\n\n### RETURN CODES\n\nIntegritysetup returns 0 on success and a non-zero value on error.\n\nError codes are:\n1 wrong parameters\n2 no permission\n3 out of memory\n4 wrong device specified\n5 device already exists, or device is busy.\n\n### EXAMPLES\n\nFormat the device with default standalone mode (CRC32C):\n\n#### integritysetup format \n\nOpen the device with default parameters:\n\n#### integritysetup open test\n\nFormat the device in standalone mode for use with HMAC(SHA256):\n\n#### integritysetup format --tag-size 32 --integrity hmac-sha256 --integrity-key-file\n\n --integrity-key-size \n\nOpen (activate) the device with HMAC(SHA256) and HMAC key in file:\n\n#### integritysetup open test --integrity hmac-sha256 --integrity-key-file \n\n--integrity-key-size \n\nDump dm-integrity superblock information:\n\n#### integritysetup dump \n\n### REPORTING BUGS\n\nReport bugs, including ones in the documentation, on the cryptsetup mailing list at or in the 'Issues' section on LUKS website. Please attach the output of the\nfailed command with the --debug option added.\n\n### AUTHORS\n\nThe integritysetup tool is written by Milan Broz and is part of the\ncryptsetup project.\n\n### COPYRIGHT\n\nCopyright © 2016-2021 Red Hat, Inc.\nCopyright © 2016-2021 Milan Broz\n\nThis is free software; see the source for copying conditions. There is NO warranty; not even\nfor MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.\n\n### SEE ALSO\n\nThe project website at https://gitlab.com/cryptsetup/cryptsetup\n\nThe integrity on-disk format specification available at https://gitlab.com/cryptsetup/crypt‐‐\n\n#### setup/wikis/DMIntegrity\n\nintegritysetup January 2021 INTEGRITYSETUP(8)\n\n" } ], "structuredContent": { "command": "integritysetup", "section": "8", "mode": "man", "summary": "integritysetup - manage dm-integrity (block level integrity) volumes", "synopsis": "", "tldr_summary": null, "tldr_examples": [], "tldr_source": null, "flags": [ { "flag": "-v", "long": "--verbose", "arg": null, "description": "Print more information on command execution." }, { "flag": "", "long": "--debug", "arg": null, "description": "Run in debug mode with full diagnostic logs. Debug output lines are always prefixed by '#'." }, { "flag": "", "long": "--version", "arg": null, "description": "Show the program version." }, { "flag": "", "long": "--batch-mode", "arg": null, "description": "Do not ask for confirmation." }, { "flag": "", "long": "--progress-frequency", "arg": "", "description": "Print separate line every with wipe progress." }, { "flag": "", "long": "--no-wipe", "arg": null, "description": "Do not wipe the device after format. A device that is not initially wiped will contain invalid checksums." }, { "flag": "-j", "long": "--journal-size", "arg": "BYTES", "description": "Size of the journal." }, { "flag": "", "long": "--interleave-sectors", "arg": "SECTORS", "description": "The number of interleaved sectors." }, { "flag": "", "long": "--integrity-recalculate", "arg": null, "description": "Automatically recalculate integrity tags in kernel on activation. The device can be used during automatic integrity recalculation but becomes fully integrity protected only after the background operation is finished. This option is available since the Linux kernel version 4.19." }, { "flag": "", "long": "--integrity-recalculate-reset", "arg": null, "description": "Restart recalculation from the beginning of the device. It can be used to change the integrity checksum function. Note it does not change the tag length. This option is available since the Linux kernel version 5.13." }, { "flag": "", "long": "--journal-watermark", "arg": "PERCENT", "description": "Journal watermark in percents. When the size of the journal exceeds this watermark, the journal flush will be started." }, { "flag": "", "long": "--journal-commit-time", "arg": "MS", "description": "Commit time in milliseconds. When this time passes (and no explicit flush operation was issued), the journal is written." }, { "flag": "-t", "long": "--tag-size", "arg": "BYTES", "description": "Size of the integrity tag per-sector (here the integrity function will store authenti‐ cation tag). NOTE: The size can be smaller that output size of the hash function, in that case only part of the hash will be stored." }, { "flag": "", "long": "--data-device", "arg": null, "description": "Specify a separate data device that contains existing data. The then will contain calculated integrity tags and journal for this data device." }, { "flag": "-s", "long": "--sector-size", "arg": "BYTES", "description": "Sector size (power of two: 512, 1024, 2048, 4096)." }, { "flag": "", "long": "--buffer-sectors", "arg": "SECTORS", "description": "The number of sectors in one buffer. The tag area is accessed using buffers, the large buffer size means that the I/O size will be larger, but there could be less I/Os issued." }, { "flag": "-I", "long": "--integrity", "arg": "ALGORITHM", "description": "Use internal integrity calculation (standalone mode). The integrity algorithm can be CRC (crc32c/crc32) or hash function (sha1, sha256). For HMAC (hmac-sha256) you have also to specify an integrity key and its size." }, { "flag": "", "long": "--integrity-key-size", "arg": "BYTES", "description": "The size of the data integrity key. Maximum is 4096 bytes." }, { "flag": "", "long": "--integrity-key-file", "arg": "FILE", "description": "The file with the integrity key." }, { "flag": "-D", "long": "--integrity-no-journal", "arg": null, "description": "Disable journal for integrity device." }, { "flag": "-B", "long": "--integrity-bitmap-mode.", "arg": null, "description": "Use alternate bitmap mode (available since Linux kernel 5.2) where dm-integrity uses bitmap instead of a journal. If a bit in the bitmap is 1, the corresponding region's data and integrity tags are not synchronized - if the machine crashes, the unsynchro‐ nized regions will be recalculated. The bitmap mode is faster than the journal mode, because we don't have to write the data twice, but it is also less reliable, because if data corruption happens when the machine crashes, it may not be detected." }, { "flag": "", "long": "--bitmap-sectors-per-bit", "arg": "SECTORS", "description": "Number of 512-byte sectors per bitmap bit, the value must be power of two." }, { "flag": "", "long": "--bitmap-flush-time", "arg": "MS", "description": "Bitmap flush time in milliseconds." }, { "flag": "-R", "long": "--integrity-recovery-mode.", "arg": null, "description": "Recovery mode (no journal, no tag checking). NOTE: The following options are intended for testing purposes only. Using journal encryption does not make sense without encryption the data, these op‐ tions are internally used in authenticated disk encryption with cryptsetup(8)." }, { "flag": "", "long": "--journal-integrity", "arg": "ALGORITHM", "description": "Integrity algorithm for journal area. See --integrity option for detailed specifica‐ tion." }, { "flag": "", "long": "--journal-integrity-key-size", "arg": "BYTES", "description": "The size of the journal integrity key. Maximum is 4096 bytes." }, { "flag": "", "long": "--journal-integrity-key-file", "arg": "FILE", "description": "The file with the integrity key." }, { "flag": "", "long": "--journal-crypt", "arg": "ALGORITHM", "description": "Encryption algorithm for journal data area. You can use a block cipher here such as cbc-aes or a stream cipher, for example, chacha20 or ctr-aes." }, { "flag": "", "long": "--journal-crypt-key-size", "arg": "BYTES", "description": "The size of the journal encryption key. Maximum is 4096 bytes." }, { "flag": "", "long": "--journal-crypt-key-file", "arg": "FILE", "description": "The file with the journal encryption key." }, { "flag": "", "long": "--allow-discards", "arg": null, "description": "Allow the use of discard (TRIM) requests for the device. This option is available since the Linux kernel version 5.7." }, { "flag": "", "long": "--deferred", "arg": null, "description": "Defers device removal in close command until the last user closes it." }, { "flag": "", "long": "--cancel-deferred", "arg": null, "description": "Removes a previously configured deferred device removal in close command. The dm-integrity target is available since Linux kernel version 4.12. NOTE: Format and activation of an integrity device always require superuser privilege be‐ cause the superblock is calculated and handled in dm-integrity kernel target." } ], "examples": [ "Format the device with default standalone mode (CRC32C):", "Open the device with default parameters:", "Format the device in standalone mode for use with HMAC(SHA256):", " --integrity-key-size ", "Open (activate) the device with HMAC(SHA256) and HMAC key in file:", "--integrity-key-size ", "Dump dm-integrity superblock information:" ], "see_also": [], "section_outline": [ { "name": "NAME", "lines": 2, "subsections": [] }, { "name": "SYNOPSIS", "lines": 1, "subsections": [ { "name": "integritysetup ", "lines": 1 } ] }, { "name": "DESCRIPTION", "lines": 47, "subsections": [] }, { "name": "OPTIONS", "lines": 1, "subsections": [ { "name": "--verbose, -v", "lines": 2, "flag": "-v", "long": "--verbose" }, { "name": "--debug", "lines": 3, "long": "--debug" }, { "name": "--version", "lines": 2, "long": "--version" }, { "name": "--batch-mode", "lines": 2, "long": "--batch-mode" }, { "name": "--progress-frequency ", "lines": 2, "long": "--progress-frequency", "arg": "" }, { "name": "--no-wipe", "lines": 3, "long": "--no-wipe" }, { "name": "--journal-size, -j BYTES", "lines": 2, "flag": "-j", "long": "--journal-size", "arg": "BYTES" }, { "name": "--interleave-sectors SECTORS", "lines": 2, "long": "--interleave-sectors", "arg": "SECTORS" }, { "name": "--integrity-recalculate", "lines": 5, "long": "--integrity-recalculate" }, { "name": "--integrity-recalculate-reset", "lines": 4, "long": "--integrity-recalculate-reset" }, { "name": "--journal-watermark PERCENT", "lines": 3, "long": "--journal-watermark", "arg": "PERCENT" }, { "name": "--journal-commit-time MS", "lines": 3, "long": "--journal-commit-time", "arg": "MS" }, { "name": "--tag-size, -t BYTES", "lines": 6, "flag": "-t", "long": "--tag-size", "arg": "BYTES" }, { "name": "--data-device", "lines": 3, "long": "--data-device" }, { "name": "--sector-size, -s BYTES", "lines": 2, "flag": "-s", "long": "--sector-size", "arg": "BYTES" }, { "name": "--buffer-sectors SECTORS", "lines": 5, "long": "--buffer-sectors", "arg": "SECTORS" }, { "name": "--integrity, -I ALGORITHM", "lines": 5, "flag": "-I", "long": "--integrity", "arg": "ALGORITHM" }, { "name": "--integrity-key-size BYTES", "lines": 2, "long": "--integrity-key-size", "arg": "BYTES" }, { "name": "--integrity-key-file FILE", "lines": 2, "long": "--integrity-key-file", "arg": "FILE" }, { "name": "--integrity-no-journal, -D", "lines": 2, "flag": "-D", "long": "--integrity-no-journal" }, { "name": "--integrity-bitmap-mode. -B", "lines": 7, "flag": "-B", "long": "--integrity-bitmap-mode." }, { "name": "--bitmap-sectors-per-bit SECTORS", "lines": 2, "long": "--bitmap-sectors-per-bit", "arg": "SECTORS" }, { "name": "--bitmap-flush-time MS", "lines": 3, "long": "--bitmap-flush-time", "arg": "MS" }, { "name": "WARNING:", "lines": 3 }, { "name": "--integrity-recovery-mode. -R", "lines": 7, "flag": "-R", "long": "--integrity-recovery-mode." }, { "name": "--journal-integrity ALGORITHM", "lines": 3, "long": "--journal-integrity", "arg": "ALGORITHM" }, { "name": "--journal-integrity-key-size BYTES", "lines": 2, "long": "--journal-integrity-key-size", "arg": "BYTES" }, { "name": "--journal-integrity-key-file FILE", "lines": 2, "long": "--journal-integrity-key-file", "arg": "FILE" }, { "name": "--journal-crypt ALGORITHM", "lines": 3, "long": "--journal-crypt", "arg": "ALGORITHM" }, { "name": "--journal-crypt-key-size BYTES", "lines": 2, "long": "--journal-crypt-key-size", "arg": "BYTES" }, { "name": "--journal-crypt-key-file FILE", "lines": 2, "long": "--journal-crypt-key-file", "arg": "FILE" }, { "name": "--allow-discards", "lines": 3, "long": "--allow-discards" }, { "name": "--deferred", "lines": 2, "long": "--deferred" }, { "name": "--cancel-deferred", "lines": 8, "long": "--cancel-deferred" } ] }, { "name": "LEGACY COMPATIBILITY OPTIONS", "lines": 1, "subsections": [ { "name": "WARNING:", "lines": 2 }, { "name": "--integrity-legacy-padding", "lines": 2, "long": "--integrity-legacy-padding" }, { "name": "--integrity-legacy-hmac", "lines": 2, "long": "--integrity-legacy-hmac" }, { "name": "--integrity-legacy-recalculate", "lines": 4, "long": "--integrity-legacy-recalculate" } ] }, { "name": "RETURN CODES", "lines": 10, "subsections": [] }, { "name": "EXAMPLES", "lines": 2, "subsections": [ { "name": "integritysetup format ", "lines": 2 }, { "name": "integritysetup open test", "lines": 2 }, { "name": "integritysetup format --tag-size 32 --integrity hmac-sha256 --integrity-key-file", "lines": 4 }, { "name": "integritysetup open test --integrity hmac-sha256 --integrity-key-file ", "lines": 4 }, { "name": "integritysetup dump ", "lines": 1 } ] }, { "name": "REPORTING BUGS", "lines": 4, "subsections": [] }, { "name": "AUTHORS", "lines": 3, "subsections": [] }, { "name": "COPYRIGHT", "lines": 6, "subsections": [] }, { "name": "SEE ALSO", "lines": 3, "subsections": [ { "name": "setup/wikis/DMIntegrity", "lines": 1 } ] } ], "sections": { "NAME": { "content": "integritysetup - manage dm-integrity (block level integrity) volumes\n", "subsections": [] }, "SYNOPSIS": { "content": "", "subsections": [ { "name": "integritysetup ", "content": "" } ] }, "DESCRIPTION": { "content": "Integritysetup is used to configure dm-integrity managed device-mapper mappings.\n\nDevice-mapper integrity target provides read-write transparent integrity checking of block\ndevices. The dm-integrity target emulates additional data integrity field per-sector. You can\nuse this additional field directly with integritysetup utility, or indirectly (for authenti‐\ncated encryption) through cryptsetup.\n\nIntegritysetup supports these operations:\n\nformat \n\nFormats (calculates space and dm-integrity superblock and wipes the device).\n\n can be [--data-device, --batch-mode, --no-wipe, --journal-size, --inter‐\nleave-sectors, --tag-size, --integrity, --integrity-key-size, --integrity-key-file,\n--sector-size, --progress-frequency]\n\n\nopen \ncreate (OBSOLETE syntax)\n\nOpen a mapping with backed by device .\n\n can be [--data-device, --batch-mode, --journal-watermark, --journal-com‐\nmit-time, --buffer-sectors, --integrity, --integrity-key-size, --integrity-key-file,\n--integrity-no-journal, --integrity-recalculate, --integrity-recalculate-reset,--in‐\ntegrity-recovery-mode, --allow-discards]\n\n\nclose \n\nRemoves existing mapping .\n\nFor backward compatibility, there is remove command alias for the close command.\n\n can be [--deferred] or [--cancel-deferred]\n\n\nstatus \n\nReports status for the active integrity mapping .\n\ndump \n\nReports parameters from on-disk stored superblock.\n\n", "subsections": [] }, "OPTIONS": { "content": "", "subsections": [ { "name": "--verbose, -v", "content": "Print more information on command execution.\n", "flag": "-v", "long": "--verbose" }, { "name": "--debug", "content": "Run in debug mode with full diagnostic logs. Debug output lines are always prefixed by\n'#'.\n", "long": "--debug" }, { "name": "--version", "content": "Show the program version.\n", "long": "--version" }, { "name": "--batch-mode", "content": "Do not ask for confirmation.\n", "long": "--batch-mode" }, { "name": "--progress-frequency ", "content": "Print separate line every with wipe progress.\n", "long": "--progress-frequency", "arg": "" }, { "name": "--no-wipe", "content": "Do not wipe the device after format. A device that is not initially wiped will contain\ninvalid checksums.\n", "long": "--no-wipe" }, { "name": "--journal-size, -j BYTES", "content": "Size of the journal.\n", "flag": "-j", "long": "--journal-size", "arg": "BYTES" }, { "name": "--interleave-sectors SECTORS", "content": "The number of interleaved sectors.\n", "long": "--interleave-sectors", "arg": "SECTORS" }, { "name": "--integrity-recalculate", "content": "Automatically recalculate integrity tags in kernel on activation. The device can be\nused during automatic integrity recalculation but becomes fully integrity protected\nonly after the background operation is finished. This option is available since the\nLinux kernel version 4.19.\n", "long": "--integrity-recalculate" }, { "name": "--integrity-recalculate-reset", "content": "Restart recalculation from the beginning of the device. It can be used to change the\nintegrity checksum function. Note it does not change the tag length. This option is\navailable since the Linux kernel version 5.13.\n", "long": "--integrity-recalculate-reset" }, { "name": "--journal-watermark PERCENT", "content": "Journal watermark in percents. When the size of the journal exceeds this watermark,\nthe journal flush will be started.\n", "long": "--journal-watermark", "arg": "PERCENT" }, { "name": "--journal-commit-time MS", "content": "Commit time in milliseconds. When this time passes (and no explicit flush operation\nwas issued), the journal is written.\n", "long": "--journal-commit-time", "arg": "MS" }, { "name": "--tag-size, -t BYTES", "content": "Size of the integrity tag per-sector (here the integrity function will store authenti‐\ncation tag).\n\nNOTE: The size can be smaller that output size of the hash function, in that case only\npart of the hash will be stored.\n", "flag": "-t", "long": "--tag-size", "arg": "BYTES" }, { "name": "--data-device", "content": "Specify a separate data device that contains existing data. The then will\ncontain calculated integrity tags and journal for this data device.\n", "long": "--data-device" }, { "name": "--sector-size, -s BYTES", "content": "Sector size (power of two: 512, 1024, 2048, 4096).\n", "flag": "-s", "long": "--sector-size", "arg": "BYTES" }, { "name": "--buffer-sectors SECTORS", "content": "The number of sectors in one buffer.\n\nThe tag area is accessed using buffers, the large buffer size means that the I/O size\nwill be larger, but there could be less I/Os issued.\n", "long": "--buffer-sectors", "arg": "SECTORS" }, { "name": "--integrity, -I ALGORITHM", "content": "Use internal integrity calculation (standalone mode). The integrity algorithm can be\nCRC (crc32c/crc32) or hash function (sha1, sha256).\n\nFor HMAC (hmac-sha256) you have also to specify an integrity key and its size.\n", "flag": "-I", "long": "--integrity", "arg": "ALGORITHM" }, { "name": "--integrity-key-size BYTES", "content": "The size of the data integrity key. Maximum is 4096 bytes.\n", "long": "--integrity-key-size", "arg": "BYTES" }, { "name": "--integrity-key-file FILE", "content": "The file with the integrity key.\n", "long": "--integrity-key-file", "arg": "FILE" }, { "name": "--integrity-no-journal, -D", "content": "Disable journal for integrity device.\n", "flag": "-D", "long": "--integrity-no-journal" }, { "name": "--integrity-bitmap-mode. -B", "content": "Use alternate bitmap mode (available since Linux kernel 5.2) where dm-integrity uses\nbitmap instead of a journal. If a bit in the bitmap is 1, the corresponding region's\ndata and integrity tags are not synchronized - if the machine crashes, the unsynchro‐\nnized regions will be recalculated. The bitmap mode is faster than the journal mode,\nbecause we don't have to write the data twice, but it is also less reliable, because\nif data corruption happens when the machine crashes, it may not be detected.\n", "flag": "-B", "long": "--integrity-bitmap-mode." }, { "name": "--bitmap-sectors-per-bit SECTORS", "content": "Number of 512-byte sectors per bitmap bit, the value must be power of two.\n", "long": "--bitmap-sectors-per-bit", "arg": "SECTORS" }, { "name": "--bitmap-flush-time MS", "content": "Bitmap flush time in milliseconds.\n\n", "long": "--bitmap-flush-time", "arg": "MS" }, { "name": "WARNING:", "content": "In case of a crash, it is possible that the data and integrity tag doesn't match if\nthe journal is disabled.\n" }, { "name": "--integrity-recovery-mode. -R", "content": "Recovery mode (no journal, no tag checking).\n\n\nNOTE: The following options are intended for testing purposes only.\nUsing journal encryption does not make sense without encryption the data, these op‐\ntions are internally used in authenticated disk encryption with cryptsetup(8).\n", "flag": "-R", "long": "--integrity-recovery-mode." }, { "name": "--journal-integrity ALGORITHM", "content": "Integrity algorithm for journal area. See --integrity option for detailed specifica‐\ntion.\n", "long": "--journal-integrity", "arg": "ALGORITHM" }, { "name": "--journal-integrity-key-size BYTES", "content": "The size of the journal integrity key. Maximum is 4096 bytes.\n", "long": "--journal-integrity-key-size", "arg": "BYTES" }, { "name": "--journal-integrity-key-file FILE", "content": "The file with the integrity key.\n", "long": "--journal-integrity-key-file", "arg": "FILE" }, { "name": "--journal-crypt ALGORITHM", "content": "Encryption algorithm for journal data area. You can use a block cipher here such as\ncbc-aes or a stream cipher, for example, chacha20 or ctr-aes.\n", "long": "--journal-crypt", "arg": "ALGORITHM" }, { "name": "--journal-crypt-key-size BYTES", "content": "The size of the journal encryption key. Maximum is 4096 bytes.\n", "long": "--journal-crypt-key-size", "arg": "BYTES" }, { "name": "--journal-crypt-key-file FILE", "content": "The file with the journal encryption key.\n", "long": "--journal-crypt-key-file", "arg": "FILE" }, { "name": "--allow-discards", "content": "Allow the use of discard (TRIM) requests for the device. This option is available\nsince the Linux kernel version 5.7.\n", "long": "--allow-discards" }, { "name": "--deferred", "content": "Defers device removal in close command until the last user closes it.\n", "long": "--deferred" }, { "name": "--cancel-deferred", "content": "Removes a previously configured deferred device removal in close command.\n\nThe dm-integrity target is available since Linux kernel version 4.12.\n\nNOTE: Format and activation of an integrity device always require superuser privilege be‐\ncause the superblock is calculated and handled in dm-integrity kernel target.\n\n", "long": "--cancel-deferred" } ] }, "LEGACY COMPATIBILITY OPTIONS": { "content": "", "subsections": [ { "name": "WARNING:", "content": "Do not use these options until you need compatibility with specific old kernel.\n" }, { "name": "--integrity-legacy-padding", "content": "Use inefficient legacy padding.\n", "long": "--integrity-legacy-padding" }, { "name": "--integrity-legacy-hmac", "content": "Use old flawed HMAC calclation (also does not protect superblock).\n", "long": "--integrity-legacy-hmac" }, { "name": "--integrity-legacy-recalculate", "content": "Allow insecure recalculating of volumes with HMAC keys (recalcualtion offset in su‐\nperblock is not protected).\n\n", "long": "--integrity-legacy-recalculate" } ] }, "RETURN CODES": { "content": "Integritysetup returns 0 on success and a non-zero value on error.\n\nError codes are:\n1 wrong parameters\n2 no permission\n3 out of memory\n4 wrong device specified\n5 device already exists, or device is busy.\n\n", "subsections": [] }, "EXAMPLES": { "content": "Format the device with default standalone mode (CRC32C):\n", "subsections": [ { "name": "integritysetup format ", "content": "Open the device with default parameters:\n" }, { "name": "integritysetup open test", "content": "Format the device in standalone mode for use with HMAC(SHA256):\n" }, { "name": "integritysetup format --tag-size 32 --integrity hmac-sha256 --integrity-key-file", "content": " --integrity-key-size \n\nOpen (activate) the device with HMAC(SHA256) and HMAC key in file:\n" }, { "name": "integritysetup open test --integrity hmac-sha256 --integrity-key-file ", "content": "--integrity-key-size \n\nDump dm-integrity superblock information:\n" }, { "name": "integritysetup dump ", "content": "" } ] }, "REPORTING BUGS": { "content": "Report bugs, including ones in the documentation, on the cryptsetup mailing list at or in the 'Issues' section on LUKS website. Please attach the output of the\nfailed command with the --debug option added.\n", "subsections": [] }, "AUTHORS": { "content": "The integritysetup tool is written by Milan Broz and is part of the\ncryptsetup project.\n", "subsections": [] }, "COPYRIGHT": { "content": "Copyright © 2016-2021 Red Hat, Inc.\nCopyright © 2016-2021 Milan Broz\n\nThis is free software; see the source for copying conditions. There is NO warranty; not even\nfor MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.\n", "subsections": [] }, "SEE ALSO": { "content": "The project website at https://gitlab.com/cryptsetup/cryptsetup\n\nThe integrity on-disk format specification available at https://gitlab.com/cryptsetup/crypt‐‐", "subsections": [ { "name": "setup/wikis/DMIntegrity", "content": "integritysetup January 2021 INTEGRITYSETUP(8)" } ] } } } }