Hi Patrik,
On Tue, Mar 06, 2018 at 03:14:56PM -0800, Patrik Torstensson wrote:
> Add an option to dm-verity to validate hashes at most once
> to allow platforms that is CPU/memory contraint to be
> protected by dm-verity against offline attacks.
>
> The option introduces a bitset that is used to
Hi Milan,
Yes, that is correct that the attacks it protects against is when the
underlying storage is offline. We have discussed if we should reset the
bitmap at certain events but decided against it.
Cheers,
Patrik
On Thu, Mar 8, 2018 at 4:35 AM Milan Broz wrote:
> On 03/07/2018 12:14 AM,
Hi Milan,
Yes, that is correct that the attacks it protects against is when the
underlying storage is offline. We have discussed if we should reset the bitmap
at certain events but decided against it.
Cheers,
Patrik
On Thu, Mar 08, 2018 at 01:35:05PM +0100, Milan Broz wrote:
> On 03/07/2018 1
On 03/07/2018 12:14 AM, Patrik Torstensson wrote:
> Add an option to dm-verity to validate hashes at most once
> to allow platforms that is CPU/memory contraint to be
> protected by dm-verity against offline attacks.
>
> The option introduces a bitset that is used to check if
> a block has been va
Add an option to dm-verity to validate hashes at most once
to allow platforms that is CPU/memory contraint to be
protected by dm-verity against offline attacks.
The option introduces a bitset that is used to check if
a block has been validated before or not. A block can
be validated more than once
