• Milan Broz's avatar
    veritysetup: add support for --check-at-most-once option. · fef5121c
    Milan Broz authored
    The kernel 4.17 will include a new dm-verity flag that
    instructs kernel to verify data blocks only once.
    This patch adds support for it to libcryptsetup and veritysetup.
    This flag can be dangerous; if you can control underlying device
    (you can change its content after it was verified) it will no longer
    prevent reading tampered data and also it does not prevent to silent
    data corrruptions that appears after the block was once read.
veritysetup.8 7.98 KB