integritysetup(8) — Linux manual page


INTEGRITYSETUP(8)         Maintenance Commands         INTEGRITYSETUP(8)

NAME         top

       integritysetup - manage dm-integrity (block level integrity)

SYNOPSIS         top

       integritysetup <action> [<options>] <action args>

DESCRIPTION         top

       Integritysetup is used to configure dm-integrity managed
       device-mapper mappings.

       Device-mapper integrity target provides read-write transparent
       integrity checking of block devices. The dm-integrity target
       emulates an additional data integrity field per-sector. You can
       use this additional field directly with integritysetup utility,
       or indirectly (for authenticated encryption) through cryptsetup.

BASIC ACTIONS         top

       Integritysetup supports these operations:

       format <device>

       Formats <device> (calculates space and dm-integrity superblock
       and wipes the device).

       <options> can be [--data-device, --batch-mode, --no-wipe,
       --journal-size, --interleave-sectors, --tag-size, --integrity,
       --integrity-key-size, --integrity-key-file, --sector-size,
       --progress-frequency, --progress-json].

       open <device> <name>
       create <name> <device> (OBSOLETE syntax)

       Open a mapping with <name> backed by device <device>.

       <options> can be [--data-device, --batch-mode,
       --journal-watermark, --journal-commit-time, --buffer-sectors,
       --integrity, --integrity-key-size, --integrity-key-file,
       --integrity-no-journal, --integrity-recalculate,

       close <name>
       remove <name> (OBSOLETE syntax)

       Removes existing mapping <name>.

       <options> can be [--deferred] or [--cancel-deferred]

       status <name>

       Reports status for the active integrity mapping <name>.

       dump <device>

       Reports parameters from on-disk stored superblock.

       resize <name>

       Resizes an active mapping <name>.

       If --size (in 512-bytes sectors) or --device-size are not
       specified, the size is computed from the underlying device. After
       resize, the recalculating flag is set. If --wipe flag is set and
       the size of the device is increased, the newly added section will
       be wiped.

       Increasing the size of integrity volumes is available since the
       Linux kernel version 5.7, shrinking should work on older kernels

       <options> can be [--size, --device-size, --wipe].

OPTIONS         top

       --progress-frequency <seconds>
           Print separate line every <seconds> with wipe progress.

           Prints wipe progress data in json format suitable mostly for
           machine processing. It prints separate line every half second
           (or based on --progress-frequency value). The JSON output
           looks as follows during wipe progress (except it’s compact
           single line):

                 "device":"/dev/sda"       // backing device or file
                 "device_bytes":"8192",    // bytes wiped so far
                 "device_size":"44040192", // total bytes to wipe
                 "speed":"126877696",      // calculated speed in bytes per second (based on progress so far)
                 "eta_ms":"2520012"        // estimated time to finish wipe in milliseconds
                 "time_ms":"5561235"       // total time spent wiping device in milliseconds

           Note on numbers in JSON output: Due to JSON parsers
           limitations all numbers are represented in a string format
           due to need of full 64bit unsigned integers.

           Do not wipe the device after format. A device that is not
           initially wiped will contain invalid checksums.

           Wipe the newly allocated area after resize to bigger size. If
           this flag is not set, checksums will be calculated for the
           data previously stored in the newly allocated area.

       --journal-size, -j BYTES
           Size of the journal.

       --interleave-sectors SECTORS
           The number of interleaved sectors.

           Automatically recalculate integrity tags in kernel on
           activation. The device can be used during automatic integrity
           recalculation but becomes fully integrity protected only
           after the background operation is finished. This option is
           available since the Linux kernel version 4.19.

           Restart recalculation from the beginning of the device. It
           can be used to change the integrity checksum function. Note
           it does not change the tag length. This option is available
           since the Linux kernel version 5.13.

       --journal-watermark PERCENT
           Journal watermark in percents. When the size of the journal
           exceeds this watermark, the journal flush will be started.

       --journal-commit-time MS
           Commit time in milliseconds. When this time passes (and no
           explicit flush operation was issued), the journal is written.

       --tag-size, -t BYTES
           Size of the integrity tag per-sector (here the integrity
           function will store authentication tag).

           NOTE: The size can be smaller that output size of the hash
           function, in that case only part of the hash will be stored.

       --data-device <data_device>
           Specify a separate data device that contains existing data.
           The <device> then will contain calculated integrity tags and
           journal for data on <data_device>.

           NOTE: To not wipe the data device after initial format, also
           specify --no-wipe option and activate with
           --integrity-recalculate to automatically recalculate
           integrity tags.

       --sector-size, -s BYTES
           Sector size (power of two: 512, 1024, 2048, 4096).

       --buffer-sectors SECTORS
           The number of sectors in one buffer.

           The tag area is accessed using buffers, the large buffer size
           means that the I/O size will be larger, but there could be
           less I/Os issued.

       --integrity, -I ALGORITHM
           Use internal integrity calculation (standalone mode). The
           integrity algorithm can be CRC (crc32c/crc32),
           non-cryptographic hash function (xxhash64) or hash function
           (sha1, sha256).

           For HMAC (hmac-sha256) you have also to specify an integrity
           key and its size.

       --integrity-key-size BYTES
           The size of the data integrity key. Maximum is 4096 bytes.

       --integrity-key-file FILE
           The file with the integrity key.

       --integrity-no-journal, -D
           Disable journal for integrity device.

       --integrity-bitmap-mode. -B
           Use alternate bitmap mode (available since Linux kernel 5.2)
           where dm-integrity uses bitmap instead of a journal. If a bit
           in the bitmap is 1, the corresponding region’s data and
           integrity tags are not synchronized - if the machine crashes,
           the unsynchronized regions will be recalculated. The bitmap
           mode is faster than the journal mode, because we don’t have
           to write the data twice, but it is also less reliable,
           because if data corruption happens when the machine crashes,
           it may not be detected.

       --bitmap-sectors-per-bit SECTORS
           Number of 512-byte sectors per bitmap bit, the value must be
           power of two.

       --bitmap-flush-time MS
           Bitmap flush time in milliseconds.

           In case of a crash, it is possible that the data and
           integrity tag doesn’t match if the journal is disabled.

       --integrity-recovery-mode. -R
           Recovery mode (no journal, no tag checking).

       NOTE: The following options are intended for testing purposes
       only.: Using journal encryption does not make sense without
       encryption the data, these options are internally used in
       authenticated disk encryption with cryptsetup(8).

       --journal-integrity ALGORITHM
           Integrity algorithm for journal area. See --integrity option
           for detailed specification.

       --journal-integrity-key-size BYTES
           The size of the journal integrity key. Maximum is 4096 bytes.

       --journal-integrity-key-file FILE
           The file with the integrity key.

       --journal-crypt ALGORITHM
           Encryption algorithm for journal data area. You can use a
           block cipher here such as cbc-aes or a stream cipher, for
           example, chacha20 or ctr-aes.

       --journal-crypt-key-size BYTES
           The size of the journal encryption key. Maximum is 4096

       --journal-crypt-key-file FILE
           The file with the journal encryption key.

           Allow the use of discard (TRIM) requests for the device. This
           option is available since the Linux kernel version 5.7.

           Defers device removal in close command until the last user
           closes it.

           Removes a previously configured deferred device removal in
           close command.

       --verbose, -v
           Print more information on command execution.

           Run in debug mode with full diagnostic logs. Debug output
           lines are always prefixed by #.

       --version, -V
           Show the program version.

       --batch-mode, -q
           Do not ask for confirmation.

           Show short option help.

       --help, -?
           Show help text and default parameters.


           Do not use these options until you need compatibility with
           specific old kernel.

           Use inefficient legacy padding.

           Use old flawed HMAC calculation (also does not protect

           Allow insecure recalculating of volumes with HMAC keys
           (recalculation offset in superblock is not protected).

RETURN CODES         top

       Integritysetup returns 0 on success and a non-zero value on

       Error codes are: 1 wrong parameters, 2 no permission, 3 out of
       memory, 4 wrong device specified, 5 device already exists or
       device is busy.

NOTES         top

       The dm-integrity target is available since Linux kernel version

       Format and activation of an integrity device always require
       superuser privilege because the superblock is calculated and
       handled in dm-integrity kernel target.

EXAMPLES         top

       Format the device with default standalone mode (CRC32C):

       integritysetup format <device>

       Open the device with default parameters:

       integritysetup open <device> test

       Format the device in standalone mode for use with HMAC(SHA256):

       integritysetup format <device> --tag-size 32 --integrity
       hmac-sha256 --integrity-key-file <keyfile> --integrity-key-size

       Open (activate) the device with HMAC(SHA256) and HMAC key in

       integritysetup open <device> test --integrity hmac-sha256
       --integrity-key-file <keyfile> --integrity-key-size <key_bytes>

       Dump dm-integrity superblock information:

       integritysetup dump <device>


       The on-disk format specification available at DMIntegrity

AUTHORS         top

       The integritysetup tool is written by Milan Broz

REPORTING BUGS         top

       Report bugs at cryptsetup mailing list
       <> or in Issues project section

       Please attach output of the failed command with --debug option

SEE ALSO         top

       Cryptsetup FAQ

       cryptsetup(8), integritysetup(8) and veritysetup(8)

CRYPTSETUP         top

       Part of cryptsetup project
       <>. This page is part of
       the Cryptsetup ((open-source disk encryption)) project.
       Information about the project can be found at 
       ⟨⟩. If you have a bug
       report for this manual page, send it to This
       page was obtained from the project's upstream Git repository
       ⟨⟩ on 2023-12-22. (At
       that time, the date of the most recent commit that was found in
       the repository was 2023-12-20.) If you discover any rendering
       problems in this HTML version of the page, or you believe there
       is a better or more up-to-date source for the page, or you have
       corrections or improvements to the information in this COLOPHON
       (which is not part of the original manual page), send a mail to

integritysetup 2.6.1-git       2022-12-14              INTEGRITYSETUP(8)

Pages that refer to this page: integritytab(5)cryptsetup(8)cryptsetup-benchmark(8)cryptsetup-bitlkDump(8)cryptsetup-close(8)cryptsetup-config(8)cryptsetup-convert(8)cryptsetup-erase(8)cryptsetup-fvault2Dump(8)cryptsetup-isLuks(8)cryptsetup-luksAddKey(8)cryptsetup-luksChangeKey(8)cryptsetup-luksConvertKey(8)cryptsetup-luksDump(8)cryptsetup-luksFormat(8)cryptsetup-luksHeaderBackup(8)cryptsetup-luksHeaderRestore(8)cryptsetup-luksKillSlot(8)cryptsetup-luksRemoveKey(8)cryptsetup-luksResume(8)cryptsetup-luksSuspend(8)cryptsetup-luksUUID(8)cryptsetup-open(8)cryptsetup-reencrypt(8)cryptsetup-refresh(8)cryptsetup-repair(8)cryptsetup-resize(8)cryptsetup-ssh(8)cryptsetup-status(8)cryptsetup-tcryptDump(8)cryptsetup-token(8)integritysetup(8)systemd-integritysetup-generator(8)systemd-integritysetup@.service(8)veritysetup(8)