Hello again, To put this question another way: How do you calculate the required size of the hash_dev? By observation, it appears to be just under 1% of the disk size. Thank you for your help, -Alex On Sun, Mar 2, 2014 at 6:54 PM, Alex Polvi <alex@xxxxxxxxx> wrote: > Hello, > > Thank so much to the developers of dm-crypt for all your hard work, > this stuff is great! > > I'm trying to build a root filesystem in a squashfs, that is then > encrypted using cryptsetup, then verified with veritysetup. The goal > is to create a container filesystem that is encrypted and verified. > > I'm able to do all this no problem, but I'm a bit confused on how the > hash_dev[1] is supposed to be used. For my testing, I used a loopback > device for my hash_dev. When I'm ready to distribute my encrypted > squashfs to someone, I was expecting to give over the passphrase for > cryptsetup, and the sha256 generated by veritysetup format. However, > it looks like I also have to distribute my hash_dev as well. Is that > the case? Does that mean I need to ship my main image, the hash_dev > image, and sha256 that corresponds to both? Is there some clever way > to do this that I am overlooking? > > Also, since squashfs is readonly already, is dm-verity overkill? I'm a > bit lost on the advantage of the hash_dev over just checking the hash > it before mounting. > > Any pointers/suggestions very much appreciated! Thank you again for > all your support. > > Regards, > > -Alex > > [1]: https://code.google.com/p/cryptsetup/wiki/DMVerity _______________________________________________ dm-crypt mailing list dm-crypt@xxxxxxxx http://www.saout.de/mailman/listinfo/dm-crypt
