@sjw @EdBoatConnoisseur I ... no? I don't know where you got that idea but it's wrong. dm-integrity is an offshoot of luks to cryptographically guarantee authenticity. but you can use it standalone in a less secure mode to provide only basic checksums instead of full cryptographic authentication

bit flips will absolutely be detected by it as that's the entire point of the thing. what the higher layers do with that information is up to them

mdadm for its part will attempt to reconstruct any data for which it receives an IO error. so if you run it on top of dm-integrity it will either manage to silently reconstruct the corrupted sector at read time or else it will in turn feed an error to the filesystem driver that tried to read it