--allow-discards
Allow the use of discard (TRIM) requests for the device. This option is available since the Linux
kernel version 5.7.
--batch-mode,-q
Do not ask for confirmation.
--bitmap-flush-timeMS
Bitmap flush time in milliseconds.
WARNING: In case of a crash, it is possible that the data and integrity tag doesn’t match if the
journal is disabled.
--bitmap-sectors-per-bitSECTORS
Number of 512-byte sectors per bitmap bit, the value must be power of two.
--buffer-sectorsSECTORS
The number of sectors in one buffer.
The tag area is accessed using buffers, the large buffer size means that the I/O size will be larger,
but there could be less I/Os issued.
--cancel-deferred
Removes a previously configured deferred device removal in close command.
--data-device<data_device>
Specify a separate data device that contains existing data. The <device> then will contain calculated
integrity tags and journal for data on <data_device>.
NOTE: To not wipe the data device after initial format, also specify --no-wipe option and activate
with --integrity-recalculate to automatically recalculate integrity tags.
--debug
Run in debug mode with full diagnostic logs. Debug output lines are always prefixed by #.
--deferred
Defers device removal in close command until the last user closes it.
--help,-?
Show help text and default parameters.
--integrity,-IALGORITHM
Use internal integrity calculation (standalone mode). The integrity algorithm can be CRC
(crc32c/crc32), non-cryptographic hash function (xxhash64) or hash function (sha1, sha256).
For HMAC (hmac-sha256) you have also to specify an integrity key and its size.
--integrity-bitmap-mode.-B
Use alternate bitmap mode (available since Linux kernel 5.2) where dm-integrity uses bitmap instead
of a journal. If a bit in the bitmap is 1, the corresponding region’s data and integrity tags are not
synchronized - if the machine crashes, the unsynchronized regions will be recalculated. The bitmap
mode is faster than the journal mode, because we don’t have to write the data twice, but it is also
less reliable, because if data corruption happens when the machine crashes, it may not be detected.
--integrity-inline
Store integrity tags to hardware sector integrity fields. The device must support sectors with
additional protection information (PI, also known as DIF - data integrity field) of the requested
size. Another storage subsystem must not use the additional field (the device must present a "nop"
profile in the kernel). Note that some devices must be reformatted at a low level to support this
option; for NVMe devices, see nvme(1) id-ns LBA profiles.
No journal or bitmap is used in this mode. The device should operate with native speed (without any
overhead). This option is available since the Linux kernel version 6.11.
--integrity-key-fileFILE
The file with the integrity key.
--integrity-key-sizeBYTES
The size of the data integrity key. Maximum is 4096 bytes.
--integrity-no-journal,-D
Disable journal for integrity device.
--integrity-recalculate
Automatically recalculate integrity tags in kernel on activation. The device can be used during
automatic integrity recalculation but becomes fully integrity protected only after the background
operation is finished. This option is available since the Linux kernel version 4.19.
--integrity-recalculate-reset
Restart recalculation from the beginning of the device. It can be used to change the integrity
checksum function. Note it does not change the tag length. This option is available since the Linux
kernel version 5.13.
--integrity-recovery-mode.-R
Recovery mode (no journal, no tag checking).
--interleave-sectorsSECTORS
The number of interleaved sectors.
--journal-commit-timeMS
Commit time in milliseconds. When this time passes (and no explicit flush operation was issued), the
journal is written.
--journal-cryptALGORITHM
Encryption algorithm for journal data area. You can use a block cipher here such as cbc-aes or a
stream cipher, for example, chacha20 or ctr-aes.
NOTE: The journal encryption options are only intended for testing. Using journal encryption does not
make sense without encryption of the data.
--journal-crypt-key-fileFILE
The file with the journal encryption key.
--journal-crypt-key-sizeBYTES
The size of the journal encryption key. Maximum is 4096 bytes.
--journal-integrityALGORITHM
Integrity algorithm for journal area. See --integrity option for detailed specification.
--journal-integrity-key-fileFILE
The file with the integrity key.
--journal-integrity-key-sizeBYTES
The size of the journal integrity key. Maximum is 4096 bytes.
--journal-size,-jBYTES
Size of the journal.
--journal-watermarkPERCENT
Journal watermark in percents. When the size of the journal exceeds this watermark, the journal flush
will be started.
--no-wipe
Do not wipe the device after format. A device that is not initially wiped will contain invalid
checksums.
--progress-frequency<seconds>
Print separate line every <seconds> with wipe progress.
--progress-json
Prints wipe progress data in json format suitable mostly for machine processing. It prints separate
line every half second (or based on --progress-frequency value). The JSON output looks as follows
during wipe progress (except it’s compact single line):
{
"device":"/dev/sda", // backing device or file
"device_bytes":"8192", // bytes wiped so far
"device_size":"44040192", // total bytes to wipe
"speed":"126877696", // calculated speed in bytes per second (based on progress so far)
"eta_ms":"2520012", // estimated time to finish wipe in milliseconds
"time_ms":"5561235" // total time spent wiping device in milliseconds
}
Note on numbers in JSON output: Due to JSON parsers limitations all numbers are represented in a
string format due to need of full 64bit unsigned integers.
--sector-size,-sBYTES
Sector size (power of two: 512, 1024, 2048, 4096).
--tag-size,-tBYTES
Size of the integrity tag per-sector (here the integrity function will store authentication tag).
NOTE: The size can be smaller that output size of the hash function, in that case only part of the
hash will be stored.
--usage
Show short option help.
--verbose,-v
Print more information on command execution.
--version,-V
Show the program version.
--wipe
Wipe the newly allocated area after resize to bigger size. If this flag is not set, checksums will be
calculated for the data previously stored in the newly allocated area.
Install Now
PNG Icons
