** Description changed:
On an 18.04 amd64 system dm-verity reports:
device-mapper: table: 253:20: verity: Invalid number of feature args
device-mapper: ioctl: error adding target to table
when trying to use "veritysetup" to create a previously formatted verity
device that uses FEC. Without FEC it succeeds.
+
+ After writing this report I thought to check the kernel compilation
+ options and discovered the cause:
+
+ $ sudo grep VERITY /boot/config-$(uname -r)
+ CONFIG_DM_VERITY=m
+ # CONFIG_DM_VERITY_FEC is not set
+
+ It would be very useful to enable this unless there's a specific reason
+ not to.
+
+ I'm working (with the Lubuntu team) on introducing verity/FEC for the
+ live-build tooling so that all Ubuntu ISO images can have integral
+ verification with FEC available.
+
+ --- additional data ---
$ uname -r
4.15.0-56-lowlatency
$ sudo dmsetup targets | grep verity
verity v1.3.0
$ lsmod | grep verity
dm_verity 20480 0
dm_bufio 28672 1 dm_verity
$ modinfo dm-verity
filename:
/lib/modules/4.15.0-56-lowlatency/kernel/drivers/md/dm-verity.ko
...
depends: dm-bufio
retpoline: Y
intree: Y
name: dm_verity
vermagic: 4.15.0-56-lowlatency SMP preempt mod_unload
signat: PKCS#7
...
sig_hashalgo: md4
parm: prefetch_cluster:uint
$ sudo losetup /dev/loop3 Downloads/lubuntu-desktop-amd64.1910.iso
$ sudo mkdir -p /mnt/live/verity
$ sudo veritysetup format --fec-device=/mnt/live/verity/iso-fec.verity
/dev/loop3 /mnt/live/verity/iso-hash.verity
VERITY header information for /mnt/live/verity/iso-hash.verity
UUID: fa07efe8-e4a6-4968-abce-779f2d5674ce
Hash type: 1
Data blocks: 412080
Data block size: 4096
Hash block size: 4096
Hash algorithm:
sha256
Salt:
fa93e8fdeb55acf548adf8812d6748c789b620c22338579def0bc01e65726a7b
Root hash:
500f659e52b62e0efabe1eae2b2fac34c12522acc372e80e5d375be252c51931
$ ls -la /mnt/live/verity/
total 26136
drwxr-xr-x 2 root root 4096 Aug 3 13:21 .
drwxr-xr-x 5 root root 4096 Aug 3 13:19 ..
-rw------- 1 root root 13451264 Aug 3 13:23 iso-fec.verity
-rw------- 1 root root 13303808 Aug 3 13:23 iso-hash.verity
Using strace I'm able to capture the table definition veritysetup is
trying to use:
$ sudo strace -v -s 256 -f -o /tmp/veritysetup.strace veritysetup -v
--fec-device=/mnt/live/verity/iso-fec.verity create live-iso /
dev/loop3 /mnt/live/verity/iso-hash.verity
500f659e52b62e0efabe1eae2b2fac34c12522acc372e80e5d375be252c51931
device-mapper: reload ioctl on failed: Invalid argument
Command failed with code -1 (wrong or missing parameters).
28809 ioctl(5, DM_DEV_CREATE, {version=4.0.0, data_size=16384,
name="live-iso", uuid="CRYPT-VERITY-fa07efe8e4a64968abce779f2d5674ce-live-iso
", flags=DM_EXISTS_FLAG} => {version=4.37.0, data_size=305, dev=makedev(253,
20), name="live-iso", uuid="CRYPT-VERITY-fa07efe8e4a64968abce77
9f2d5674ce-live-iso", target_count=0, open_count=0, event_nr=0,
flags=DM_EXISTS_FLAG}) = 0
28809 ioctl(5, DM_TABLE_LOAD, {version=4.0.0, data_size=16384,
data_start=312, name="live-iso", target_count=1, flags=DM_READONLY_FLAG|DM_EX
ISTS_FLAG|DM_SECURE_DATA_FLAG, {sector_start=0, length=3296640,
target_type="verity", string="1 /dev/loop3 /dev/loop4 4096 4096 412080 1 sha256
500f659e52b62e0efabe1eae2b2fac34c12522acc372e80e5d375be252c51931
fa93e8fdeb55acf548adf8812d6748c789b620c22338579def0bc01e65726a7b 8
use_fec_from_device /dev/loop5 fec_start 0 fec_blocks 415327 fec_roots 2"}},
0x560977ffe210) = -1 EINVAL (Invalid argument)
So the table is:
1 /dev/loop3 /dev/loop4 4096 4096 412080 1 sha256
500f659e52b62e0efabe1eae2b2fac34c12522acc372e80e5d375be252c51931
fa93e8fdeb55acf548adf8812d6748c789b620c22338579def0bc01e65726a7b 8
use_fec_from_device /dev/loop5 fec_start 0 fec_blocks 415327 fec_roots 2
Manually attempting the command also fails (/dev/loop3 remains):
$ SIZE=$(blockdev --getsz /dev/loop3)
$ sudo losetup /dev/loop4 /mnt/live/verity/iso-hash.verity
$ sudo losetup /dev/loop5 /mnt/live/verity/iso-fec.verity
$ sudo dmsetup -vv create live-iso -r --table "0 $SIZE verity 1
/dev/loop3 /dev/loop4 4096 4096 412080 1 sha256
500f659e52b62e0efabe1eae2b2fac34c12522acc372e80e5d375be252c51931
fa93e8fdeb55acf548adf8812d6748c789b620c22338579def0bc01e65726a7b 8
use_fec_from_device /dev/loop5 fec_start 0 fec_blocks 415327 fec_roots
2"
dm version [ opencount flush ] [16384] (*1)
Udev cookie 0xd4d119f (semid 819203) created
Udev cookie 0xd4d119f (semid 819203) incremented to 1
Udev cookie 0xd4d119f (semid 819203) incremented to 2
Udev cookie 0xd4d119f (semid 819203) assigned to CREATE task(0) with flags
DISABLE_LIBRARY_FALLBACK (0x20)
dm create live-iso [ opencount flush ] [16384] (*1)
dm reload live-iso [ opencount flush readonly ] [16384] (*1)
device-mapper: reload ioctl on live-iso failed: Invalid argument
<backtrace>
Udev cookie 0xd4d119f (semid 819203) decremented to 1
Udev cookie 0xd4d119f (semid 819203) incremented to 2
Udev cookie 0xd4d119f (semid 819203) assigned to REMOVE task(2) with flags
DISABLE_LIBRARY_FALLBACK (0x20)
dm remove live-iso [ opencount flush readonly ] [16384] (*1)
<backtrace>
Udev cookie 0xd4d119f (semid 819203) decremented to 1
Udev cookie 0xd4d119f (semid 819203) waiting for zero
Udev cookie 0xd4d119f (semid 819203) destroyed
Command failed
<backtrace>
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1838844
Title:
"dm-verity: Invalid number of feature arg" with FEC due to "#
CONFIG_DM_VERITY_FEC is not set"
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1838844/+subscriptions
--
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
