This patch adds veritysetup support for these Linux kernel dm-verity options:
--ignore-corruption - dm-verity just logs detected corruption
--restart-on-corruption - dm-verity restarts the kernel if corruption is detected
If the options above are not specified, default behaviour for dm-verity remains.
Default is that I/O operation fails with I/O error if corrupted block is detected.
--ignore-zero-blocks - Instructs dm-verity to not verify blocks that are expected
to contain zeroes and always return zeroes directly instead.
NOTE that these options could have serious security or functional impacts,
do not use them without assessing the risks!
udev cookies should be set right in before the dm_task_run()
call otherwise we risk a hang while waiting for a cookie
associated with not yet executed dm task.
For example: failing to add table line (dm_task_add_target())
results in such hang.
The patch adds the two options
--perf-same_cpu_crypt
--perf-submit_from_crypt_cpus
that set the same named options inside dmcrypt
(available in Linux kernel 3.20 and later).
The dm_flags() call cannot be used if dmcrypt module is not present.
Better try to activate volume with dicard flags and if it is not possible,
try to activate device without the discard flag.
Previously, this code could incorrectly identify a version of crypt or
dm due to the way it compared versions. For example, if a feature was
gated on crypt version 1.5, it would disable the feature for crypt
version 2.2.
Allocate loop device late (only when real block device needed).
Rework underlying device/file access functions.
Move all device (and ioctl) access to utils_device.c.
Allows using file where appropriate without allocation loop device.
* Do not allow key retrieval while suspended (key could be wiped).
* Do not allow suspend for non-LUKS devices.
* Support retries and timeout parameters for luksSuspend.
Add luksSuspend/Resume test.
git-svn-id: https://cryptsetup.googlecode.com/svn/trunk@574 36d66b0a-2a48-0410-832c-cd162a569da5
* Add shared flag to libcryptsetup api.
* Fix plain crypt format parameters to include size option (API change).
git-svn-id: https://cryptsetup.googlecode.com/svn/trunk@559 36d66b0a-2a48-0410-832c-cd162a569da5
