Hello, Thank so much to the developers of dm-crypt for all your hard work, this stuff is great! I'm trying to build a root filesystem in a squashfs, that is then encrypted using cryptsetup, then verified with veritysetup. The goal is to create a container filesystem that is encrypted and verified. I'm able to do all this no problem, but I'm a bit confused on how the hash_dev[1] is supposed to be used. For my testing, I used a loopback device for my hash_dev. When I'm ready to distribute my encrypted squashfs to someone, I was expecting to give over the passphrase for cryptsetup, and the sha256 generated by veritysetup format. However, it looks like I also have to distribute my hash_dev as well. Is that the case? Does that mean I need to ship my main image, the hash_dev image, and sha256 that corresponds to both? Is there some clever way to do this that I am overlooking? Also, since squashfs is readonly already, is dm-verity overkill? I'm a bit lost on the advantage of the hash_dev over just checking the hash it before mounting. Any pointers/suggestions very much appreciated! Thank you again for all your support. Regards, -Alex [1]: https://code.google.com/p/cryptsetup/wiki/DMVerity _______________________________________________ dm-crypt mailing list dm-crypt@xxxxxxxx http://www.saout.de/mailman/listinfo/dm-crypt
