Home | History | Annotate | Download | only in verifiedboot 
      1 <html devsite><head>
      2     <title> dm-verity</title>
      3     <meta name="project_path" value="/_project.yaml"/>
      4     <meta name="book_path" value="/_book.yaml"/>
      5   </head>
      6   <body>
      7   <!--
      8       Copyright 2017 The Android Open Source Project
      9 
     10       Licensed under the Apache License, Version 2.0 (the "License");
     11       you may not use this file except in compliance with the License.
     12       You may obtain a copy of the License at
     13 
     14           http://www.apache.org/licenses/LICENSE-2.0
     15 
     16       Unless required by applicable law or agreed to in writing, software
     17       distributed under the License is distributed on an "AS IS" BASIS,
     18       WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
     19       See the License for the specific language governing permissions and
     20       limitations under the License.
     21   -->
     22 
     23 <h2 id="operation"></h2>
     24 
     25 <p>dm-verity  Root </p>
     26 
     27 <p><a href="verified-boot.html"></a></p>
     28 
     29 <p></p>
     30 
     31 <p> dm-verity </p>
     32 
     33 <p> I/O </p>
     34 
     35 <p></p>
     36 
     37 <h2 id="implementation"></h2>
     38 
     39 <h3 id="summary"></h3>
     40 
     41 <ol>
     42 <li> EXT4 </li>
     43 <li><a href="#hash-tree"></a></li>
     44 <li><a href="#mapping-table"> dm-verity </a></li>
     45 <li><a href="#signing"> dm-verity </a></li>
     46 <li> dm-verity <a href="#metadata"></a> Verity </li>
     47 <li>Verity </li>
     48 </ol>
     49 
     50 <p> dm-verity  <a href="http://www.chromium.org/chromium-os/chromiumos-design-docs/verified-boot">Chromium  - </a></p>
     51 
     52 <h3 id="hash-tree"></h3>
     53 
     54 <p><a href="#introduction"></a> dm-verity <a href="https://gitlab.com/cryptsetup/cryptsetup/wikis/DMVerity">cryptsetup</a> </p>
     55 
     56 <pre>
     57 &lt;your block device name&gt; &lt;your block device name&gt; &lt;block size&gt; &lt;block size&gt; &lt;image size in blocks&gt; &lt;image size in blocks + 8&gt; &lt;root hash&gt; &lt;salt&gt;
     58 </pre>
     59 
     60 <p> 0  4k  SHA256  SHA256  4k  1  1  SHA256  2 </p>
     61 
     62 <p> SHA256  SHA256 </p>
     63 
     64 <p> 30 MB</p>
     65 
     66 <p> 0  4k </p>
     67 
     68 <p> 2  1  3  2  0 </p>
     69 
     70 <p></p>
     71 
     72 <ol>
     73 <li></li>
     74 <li> 4k </li>
     75 <li> SHA256 </li>
     76 <li></li>
     77 <li> 0 4k </li>
     78 <li></li>
     79 <li> 2-6 </li>
     80 </ol>
     81 
     82 <p> dm-verity </p>
     83 
     84 <h3 id="mapping-table"> dm-verity </h3>
     85 
     86 <p> dm-verity  <code>fstab</code>  hash_start 0 </p>
     87 
     88 <p> Verity  <a href="https://code.google.com/p/cryptsetup/wiki/DMVerity">cryptsetup</a></p>
     89 
     90 <h3 id="signing"> dm-verity </h3>
     91 
     92 <p> dm-verity </p>
     93 
     94 <p></p>
     95 
     96 <ol>
     97 <li> libmincrypt  RSA-2048  /boot  /verity_key </li>
     98 <li> fstab verify fs_mgr </li>
     99 </ol>
    100 
    101 <h3 id="metadata"></h3>
    102 
    103 <p> dm-verity  Verity </p>
    104 
    105 <p> EXT4 </p>
    106 
    107 <p><br />0xb001b001</p>
    108 
    109 <p></p>
    110 
    111 <ul>
    112 <li> = b0</li>
    113 <li> = 01</li>
    114 <li> = b0</li>
    115 <li> = 01</li>
    116 </ul>
    117 
    118 <p> Verity </p>
    119 
    120 <pre>&lt;magic number&gt;|&lt;version&gt;|&lt;signature&gt;|&lt;table length&gt;|&lt;table&gt;|&lt;padding&gt;
    121 \-------------------------------------------------------------------/
    122 \----------------------------------------------------------/   |
    123                             |                                  |
    124                             |                                 32K
    125                        block content
    126 </pre>
    127 
    128 <p></p>
    129 
    130 <p class="table-caption" id="table1">
    131   <strong> 1.</strong> Verity </p>
    132 
    133 <table>
    134 <tbody><tr>
    135 <th></th>
    136 <th></th>
    137 <th></th>
    138 <th></th>
    139 </tr>
    140 <tr>
    141 <td></td>
    142 <td> fs_mgr </td>
    143 <td>4 </td>
    144 <td>0xb001b001</td>
    145 </tr>
    146 <tr>
    147 <td></td>
    148 <td></td>
    149 <td>4 </td>
    150 <td> 0</td>
    151 </tr>
    152 <tr>
    153 <td></td>
    154 <td>PKCS1.5 </td>
    155 <td>256 </td>
    156 <td></td>
    157 </tr>
    158 <tr>
    159 <td></td>
    160 <td>dm-verity </td>
    161 <td>4 </td>
    162 <td></td>
    163 </tr>
    164 <tr>
    165 <td></td>
    166 <td> dm-verity </td>
    167 <td></td>
    168 <td></td>
    169 </tr>
    170 <tr>
    171 <td></td>
    172 <td> 0  32k </td>
    173 <td></td>
    174 <td>0</td>
    175 </tr>
    176 </tbody></table>
    177 
    178 <h3 id="optimize"> dm-verity</h3>
    179 
    180 <p> dm-verity </p>
    181   <ul>
    182     <li> NEON SHA-2 ARMv7 SHA-2  ARMv8
    183     </li><li> prefetch_cluster 
    184   </li></ul>
    185 
    186 </body></html>