Detect dm-verity in kernel.

lib/libdevmapper.c

@@ -127,6 +127,16 @@ static void _dm_set_crypt_compat(const char *dm_version, unsigned crypt_maj,
 		_dm_crypt_checked = 1;
 }
 
+static void _dm_set_verity_compat(const char *dm_version, unsigned verity_maj,
+				   unsigned verity_min, unsigned verity_patch)
+{
+	if (verity_maj > 0)
+		_dm_crypt_flags |= DM_VERITY_SUPPORTED;
+
+	log_dbg("Detected dm-verity version %i.%i.%i.",
+		verity_maj, verity_min, verity_patch);
+}
+
 static int _dm_check_versions(void)
 {
 	struct dm_task *dmt;
@@ -158,6 +168,11 @@ static int _dm_check_versions(void)
 					     (unsigned)target->version[0],
 					     (unsigned)target->version[1],
 					     (unsigned)target->version[2]);
+		} else if (!strcmp(DM_VERITY_TARGET, target->name)) {
+			_dm_set_verity_compat(dm_version,
+					     (unsigned)target->version[0],
+					     (unsigned)target->version[1],
+					     (unsigned)target->version[2]);
 		}
 		target = (struct dm_versions *)((char *) target + target->next);
 	} while (last_target != target);

lib/utils_dm.h

@@ -35,6 +35,7 @@ struct crypt_params_verity;
 #define DM_SECURE_SUPPORTED   (1 << 2)	/* wipe (secure) buffer flag */
 #define DM_PLAIN64_SUPPORTED  (1 << 3)	/* plain64 IV */
 #define DM_DISCARDS_SUPPORTED (1 << 4)	/* discards/TRIM option is supported */
+#define DM_VERITY_SUPPORTED   (1 << 5)	/* dm-verity target supported */
 uint32_t dm_flags(void);
 
 #define DM_ACTIVE_DEVICE	(1 << 0)

lib/verity/verity.c

@@ -190,6 +190,10 @@ int VERITY_activate(struct crypt_device *cd,
 		return r;
 
 	r = dm_create_verity(name, verity_hdr, &dmd);
+	if (!r && !(dm_flags() & DM_VERITY_SUPPORTED)) {
+		log_err(cd, _("Kernel doesn't support dm-verity mapping.\n"));
+		return -ENOTSUP;
+	}
 	if (r < 0)
 		return r;
 

src/veritysetup.c

@@ -18,7 +18,6 @@
  */
 
 /* TODO:
- * - detect dm-verity (devmapper)
  * - init_by_name()
  * - unify units / uint64 etc
  * - check translations