2). Optional.

       verity.roothashsig=path
           Path to pkcs7(1ssl) signature of root hash hex string. Requires
           crypt_activate_by_signed_key() from cryptsetup and kernel built with
           CONFIG_DM_VERITY_VERIFY_ROOTHASH_SIG. For device reuse, signatures
           have to be either used by all mounts of a device or by none.
           Optional.

       verity.oncorruption=ignore|restart|panic
           Instruct the kernel to ignore, reboot or panic when corruption is
           detected. By default the I/O operation simply fails. Requires Linux
           4.1 or newer, and libcrypsetup 2.3.4 or newer. Optional.

       Supported since util-linux v2.35.

       For example commands:

           mksquashfs /etc /tmp/etc.squashfs
           dd if=/dev/zero of=/tmp/etc.hash bs=1M count=10
           veritysetup format /tmp/etc.squashfs /tmp/etc.hash
           openssl smime -sign -in <hash> -nocerts -inkey private.key \
           -signer private.crt -noattr -binary -outform der -out /tmp/etc.roothash.p7s
           mount -o verity.hashdevice=/tmp/etc.hash,verity.roothash=<hash>,\
           verity.roothashsig=/tmp/etc.roothash.p7s /tmp/etc.squashfs /mnt

       create squashfs image from /etc directory, verity hash device and mount
       verified filesystem image to /mnt. The kernel will verify that the root
       hash is signed by a key from the kernel keyring if roothashsig is used.

LOOP-DEVICE SUPPORT
       One further possible type is a mount via the loop device. For example,
       the command

          mount /tmp/disk.img /mnt -t vfat -o loop=/dev/loop3

       will set up the loop device /dev/loop3 to correspond to the file
       /tmp/disk.img, and then mount this device on /mnt.

       If no explicit loop device is mentioned (but just an option '-o loop' is
       given), then mount will try to find some unused loop device and use
       that, for example

          mount /tmp/disk.img /mnt -o loop

       The mount command automatically creates a loop device from a regular
       file if a filesystem type is not specified or the filesystem is known
       for libblkid, for example:

          mount /tmp/disk.img /mnt

          mount -t ext4 /tmp/disk.img /mnt

       This type of mount knows about three options, namely loop, offset and
       sizelimit, that are really options to losetup(8). (These options can be
       used in addition to those specific to the filesystem type.)

       Since Linux 2.6.25 auto-destruction of loop devices is supported,
       meaning that any loop device allocated by mount will be freed by umount
       independently of /etc/mtab.

       You can also free a loop device by hand, using losetup -d or umount -d.

       Since util-linux v2.29, mount re-uses the loop device rather than
       initializing a new device if the same backing file is already used for
       some loop device with the same offset and sizelimit. This is necessary
       to avoid a filesystem corruption.

EXIT STATUS
       mount has the following exit status values (the bits can be ORed):

       0
           success

       1
           incorrect invocation or permissions

       2
           system error (out of memory, cannot fork, no more loop devices)

       4
           internal mount bug

       8
           user interrupt

       16
           problems writing or locking /etc/mtab

       32
           mount failure

       64
           some mount succeeded

           The command mount -a returns 0 (all succeeded), 32 (all failed), or
           64 (some failed, some succeeded).

EXTERNAL HELPERS
       The syntax of external mount helpers is:

       /sbin/mount.suffix spec dir [-sfnv] [-N namespace] [-o options] [-t
       type.subtype]

       where the suffix is the filesystem type and the -sfnvoN options have the
       same meaning as the normal mount options. The -t option is used for
       filesystems with subtypes support (for example /sbin/mount.fuse -t
       fuse.sshfs).