# dm-verity

> device-mapper's "verity" feature, provides transparent integrity checking of block devices using a cryptographic digest provided by the kernel crypto API

**Wikidata**: [Q101208595](https://www.wikidata.org/wiki/Q101208595)  
**Source**: https://4ort.xyz/entity/dm-verity

## Summary
dm-verity is a feature of the Linux device-mapper that provides transparent integrity checking for block devices. It uses cryptographic digests generated by the kernel's crypto API to verify data integrity, ensuring that stored data has not been tampered with. This is commonly used in operating systems like ChromiumOS to enhance security.

## Key Facts
- Part of the Linux device-mapper framework
- Provides cryptographic integrity verification for block devices
- Uses the kernel crypto API to generate and verify digests
- Primarily used in ChromiumOS for secure boot and data integrity
- Enables forward error correction for resilience against minor corruption
- Documented in the Linux kernel's official admin guide
- Available in Arch Linux via the ArchWiki
- Aliases include "device-mapper verity"

## FAQs
### Q: What is dm-verity used for?
A: dm-verity is used to verify the integrity of block devices by comparing stored data against cryptographic hashes, ensuring that the data has not been altered.

### Q: Where is dm-verity commonly used?
A: It is commonly integrated into ChromiumOS and other Linux-based systems to enhance security and prevent unauthorized modifications.

### Q: How does dm-verity work?
A: It generates cryptographic digests of block device data and stores them separately. When the device is accessed, dm-verity checks the current data against the stored digests to ensure integrity.

### Q: Is dm-verity part of the Linux kernel?
A: Yes, dm-verity is a feature of the Linux device-mapper, which is part of the kernel's storage subsystem.

### Q: Can dm-verity detect corruption?
A: While its primary purpose is integrity verification, it can also help detect minor corruption through forward error correction.

## Why It Matters
dm-verity plays a critical role in modern Linux-based systems, particularly in secure environments like ChromiumOS. By providing transparent integrity checking, it helps prevent unauthorized modifications to critical system files, enhancing overall security. This is especially important in embedded and mobile systems where data integrity is paramount. The feature leverages the kernel's crypto API to ensure that stored data remains verifiable, making it a foundational component for secure boot and system integrity in Linux distributions.

## Notable For
- First integrated into ChromiumOS for secure boot verification
- Uses kernel crypto API for efficient digest generation
- Supports forward error correction for resilience
- Documented in the official Linux kernel admin guide
- Available in Arch Linux via the ArchWiki

## Body
### Overview
dm-verity is a component of the Linux device-mapper framework, designed to provide cryptographic integrity verification for block devices. It generates and stores cryptographic digests of data blocks, allowing the system to detect any unauthorized modifications.

### Technical Implementation
- Uses the kernel crypto API to compute and verify hashes
- Stores digests separately from the original data
- Supports forward error correction for minor corruption detection
- Operates transparently, requiring no user intervention

### Use Cases
- Primarily used in ChromiumOS for secure boot verification
- Ensures system integrity by detecting tampered files
- Helps prevent unauthorized modifications to critical system components

### Documentation and Resources
- Official documentation available at [kernel.org](https://www.kernel.org/doc/html/latest/admin-guide/device-mapper/verity.html)
- ArchWiki entry provides additional configuration details
- Part of the broader device-mapper framework in the Linux kernel

### Related Technologies
- Device-mapper, the framework that hosts dm-verity
- Kernel crypto API, used for generating cryptographic hashes
- Forward error correction, employed for resilience against minor corruption