On Fr, 06.12.19 16:42, Marius Schwarz (fedoradev@xxxxxxxxxxxx) wrote: > Am 06.12.19 um 08:57 schrieb Lennart Poettering: > > If you know where stuff is located you can change individual blocks in > > files. You are not going to know what you are changing them to, but > > you can change it and traditional files will not detect that you did that. > > > > That is correct, but i did not see, how dm-integrity can help here, as > there is nothing to compare it to, > as dm-integrity was invented with raidsystems in mind, where it makes a > lot of sense. Nah, one of its primary usecases is to provide authenticated disk encryption in combination with dm-crypt. See here for example: https://gitlab.com/cryptsetup/cryptsetup/wikis/DMIntegrity > I found no evidence that it will autocorrect a "manipulated" sector, and > i guess, that it does not even know how to fix it. It will not. > Does it stop booting? > Does it send an alarm to the user? > When does it do this? > Does it do it at all? > What if the sector is not hit while booting? > How and when do we get a notice of the manipulation? When a sector protected by dm-integrity that has been manipulated is read dm-integrity will raise EIO to the layer above. If the layer above is a file system it's up the fs to decide what to do with that failure. Lennart -- Lennart Poettering, Berlin _______________________________________________ devel mailing list -- devel@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe send an email to devel-leave@xxxxxxxxxxxxxxxxxxxxxxx Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/devel@xxxxxxxxxxxxxxxxxxxxxxx
