简短答案

Question 1

我用这个作为例子

https://gist.github.com/MawKKe/caa2bbf7edcc072129d73b61ae7815fb

使用 luksFormat 格式化磁盘：

 dd if=/dev/urandom of=key.bin bs=512 count=1

 cryptsetup luksFormat -q --type luks2 --integrity hmac-sha256 disk1.img key.bin
 cryptsetup luksFormat -q --type luks2 --integrity hmac-sha256 disk2.img key.bin

打开/附加加密磁盘

cryptsetup luksOpen disk1.img disk1luks --key-file key.bin
cryptsetup luksOpen disk2.img disk2luks --key-file key.bin

创建raid1：

mdadm \
  --create \
  --verbose --level 1 \
  --metadata=1.2 \
  --raid-devices=2 \
  /dev/md/mdtest \
  /dev/mapper/disk1luks \
  /dev/mapper/disk2luks

创建文件系统，添加到 LVM 卷组等...

 mkfs.ext4 /dev/md/mdtest

Answer

我用这个作为例子

https://gist.github.com/MawKKe/caa2bbf7edcc072129d73b61ae7815fb

使用 luksFormat 格式化磁盘：

 dd if=/dev/urandom of=key.bin bs=512 count=1

 cryptsetup luksFormat -q --type luks2 --integrity hmac-sha256 disk1.img key.bin
 cryptsetup luksFormat -q --type luks2 --integrity hmac-sha256 disk2.img key.bin

打开/附加加密磁盘

cryptsetup luksOpen disk1.img disk1luks --key-file key.bin
cryptsetup luksOpen disk2.img disk2luks --key-file key.bin

创建raid1：

mdadm \
  --create \
  --verbose --level 1 \
  --metadata=1.2 \
  --raid-devices=2 \
  /dev/md/mdtest \
  /dev/mapper/disk1luks \
  /dev/mapper/disk2luks

创建文件系统，添加到 LVM 卷组等...

 mkfs.ext4 /dev/md/mdtest

Question 2

简短答案

创建设备后，使用：

integritysetup status <name>

长答案

在终端中，您可以使用它man dm-integrity来读取您的选项。其他人都可以在互联网上阅读相同的内容：

http://man7.org/linux/man-pages/man8/integritysetup.8.html

姓名

   integritysetup - manage dm-integrity (block level integrity) volumes

概要

   integritysetup <options> <action> <action args>

描述

   Integritysetup is used to configure dm-integrity managed device-
   mapper mappings.

   Device-mapper integrity target provides read-write transparent
   integrity checking of block devices. The dm-integrity target emulates
   additional data integrity field per-sector. You can use this
   additional field directly with integritysetup utility, or indirectly
   (for authenticated encryption) through cryptsetup.

   Integritysetup supports these operations:

   format <device>

          Formats <device> (calculates space and dm-integrity superblock
          and wipes the device).

          <options> can be [--data-device, --batch-mode, --no-wipe,
          --journal-size, --interleave-sectors, --tag-size, --integrity,
          --integrity-key-size, --integrity-key-file, --sector-size,
          --progress-frequency]

   open <device> <name>
   create <name> <device> (OBSOLETE syntax)

          Open a mapping with <name> backed by device <device>.

          <options> can be [--data-device, --batch-mode,
          --journal-watermark, --journal-commit-time, --buffer-sectors,
          --integrity, --integrity-key-size, --integrity-key-file,
          --integrity-no-journal, --integrity-recalculate,
          --integrity-recovery-mode]

   close <name>

          Removes existing mapping <name>.

          For backward compatibility, there is remove command alias for
          the close command.

   status <name>

          Reports status for the active integrity mapping <name>.

   dump <device>

          Reports parameters from on-disk stored superblock.

Answer

简短答案

创建设备后，使用：

integritysetup status <name>

长答案

在终端中，您可以使用它man dm-integrity来读取您的选项。其他人都可以在互联网上阅读相同的内容：

http://man7.org/linux/man-pages/man8/integritysetup.8.html

姓名

   integritysetup - manage dm-integrity (block level integrity) volumes

概要

   integritysetup <options> <action> <action args>

描述

   Integritysetup is used to configure dm-integrity managed device-
   mapper mappings.

   Device-mapper integrity target provides read-write transparent
   integrity checking of block devices. The dm-integrity target emulates
   additional data integrity field per-sector. You can use this
   additional field directly with integritysetup utility, or indirectly
   (for authenticated encryption) through cryptsetup.

   Integritysetup supports these operations:

   format <device>

          Formats <device> (calculates space and dm-integrity superblock
          and wipes the device).

          <options> can be [--data-device, --batch-mode, --no-wipe,
          --journal-size, --interleave-sectors, --tag-size, --integrity,
          --integrity-key-size, --integrity-key-file, --sector-size,
          --progress-frequency]

   open <device> <name>
   create <name> <device> (OBSOLETE syntax)

          Open a mapping with <name> backed by device <device>.

          <options> can be [--data-device, --batch-mode,
          --journal-watermark, --journal-commit-time, --buffer-sectors,
          --integrity, --integrity-key-size, --integrity-key-file,
          --integrity-no-journal, --integrity-recalculate,
          --integrity-recovery-mode]

   close <name>

          Removes existing mapping <name>.

          For backward compatibility, there is remove command alias for
          the close command.

   status <name>

          Reports status for the active integrity mapping <name>.

   dump <device>

          Reports parameters from on-disk stored superblock.

简短答案

答案1

答案2

简短答案

长答案

姓名

概要

描述

相关内容