possibly support an alternative initialisation method for integrity devices
Hi.
Right now, integritysetup/cryptsetup zero a device (per default) in order to get the data matching the integrity data. That's obviously a good thing to do and should be the default (just as it is).
Alternatively, it could be interesting to allow another method of initialisation, where the payload data isn't zeroed but rather just read and only new integrity data written. I haven't tested it, but would assume that it could be faster, as read is faster for many storage devices than write... also one saves some wear out for example on SSDs.
The drawback of this method is obviously that it means whatever is on the device during initialisation is "trusted". For filesystems (i.e. when a fs is placed on top) this shouldn't be that much of a problem, at least under normal circumstances, I think. But if such option is implemented, there should be some big warnings about the security implications.
Cheers, Chris.