1<?xml version="1.0"?>
2<!--*-nxml-*-->
3<!DOCTYPE refentry PUBLIC "-//OASIS//DTD DocBook XML V4.5//EN"
4  "http://www.oasis-open.org/docbook/xml/4.2/docbookx.dtd">
5<!-- SPDX-License-Identifier: LGPL-2.1-or-later -->
6<refentry id="systemd-veritysetup@.service" conditional='HAVE_LIBCRYPTSETUP'>
7
8  <refentryinfo>
9    <title>systemd-veritysetup@.service</title>
10    <productname>systemd</productname>
11  </refentryinfo>
12
13  <refmeta>
14    <refentrytitle>systemd-veritysetup@.service</refentrytitle>
15    <manvolnum>8</manvolnum>
16  </refmeta>
17
18  <refnamediv>
19    <refname>systemd-veritysetup@.service</refname>
20    <refname>systemd-veritysetup</refname>
21    <refpurpose>Disk verity protection logic</refpurpose>
22  </refnamediv>
23
24  <refsynopsisdiv>
25    <para><filename>systemd-veritysetup@.service</filename></para>
26    <para><filename>/usr/lib/systemd/systemd-veritysetup</filename></para>
27  </refsynopsisdiv>
28
29  <refsect1>
30    <title>Description</title>
31
32    <para><filename>systemd-veritysetup@.service</filename> is a service responsible for setting up verity
33    protection block devices. It should be instantiated for each device that requires verity
34    protection.</para>
35
36    <para>At early boot and when the system manager configuration is reloaded kernel command line configuration for
37    verity protected block devices is translated into <filename>systemd-veritysetup@.service</filename> units by
38    <citerefentry><refentrytitle>systemd-veritysetup-generator</refentrytitle><manvolnum>8</manvolnum></citerefentry>.</para>
39
40    <para><filename>systemd-veritysetup@.service</filename> calls <command>systemd-veritysetup</command>.</para>
41  </refsect1>
42
43  <refsect1>
44    <title>Commands</title>
45
46    <para>The following commands are understood by <command>systemd-veritysetup</command>:</para>
47
48    <variablelist>
49      <varlistentry>
50        <term>
51          <option>attach</option>
52          <replaceable>volume</replaceable>
53          <replaceable>datadevice</replaceable>
54          <replaceable>hashdevice</replaceable>
55          <replaceable>roothash</replaceable>
56          [<replaceable>option</replaceable>...]
57        </term>
58
59        <listitem><para>Create a block device <replaceable>volume</replaceable> using
60        <replaceable>datadevice</replaceable> and <replaceable>hashdevice</replaceable> as the backing
61        devices. <replaceable>roothash</replaceable> forms the root of the tree of hashes stored on
62        <replaceable>hashdevice</replaceable>. See
63        <ulink url="https://www.kernel.org/doc/html/latest/admin-guide/device-mapper/verity.html">
64          Kernel dm-verity</ulink> documentation for details.
65        </para></listitem>
66      </varlistentry>
67
68      <varlistentry>
69        <term>
70          <option>detach</option>
71          <replaceable>volume</replaceable>
72        </term>
73
74        <listitem><para>Detach (destroy) the block device
75        <replaceable>volume</replaceable>.</para></listitem>
76      </varlistentry>
77
78      <varlistentry>
79        <term>
80          <option>help</option>
81        </term>
82
83        <listitem><para>Print short information about command syntax.</para></listitem>
84      </varlistentry>
85    </variablelist>
86  </refsect1>
87
88  <refsect1>
89    <title>See Also</title>
90    <para>
91      <citerefentry><refentrytitle>systemd</refentrytitle><manvolnum>1</manvolnum></citerefentry>,
92      <citerefentry><refentrytitle>systemd-veritysetup-generator</refentrytitle><manvolnum>8</manvolnum></citerefentry>,
93      <citerefentry project='die-net'><refentrytitle>veritysetup</refentrytitle><manvolnum>8</manvolnum></citerefentry>
94     </para>
95  </refsect1>
96
97</refentry>
98