~ [ source navigation ] ~ [ diff markup ] ~ [ identifier search ] ~

TOMOYO Linux Cross Reference
Linux/Documentation/filesystems/ext4/verity.rst

Version: ~ [ linux-6.12-rc7 ] ~ [ linux-6.11.7 ] ~ [ linux-6.10.14 ] ~ [ linux-6.9.12 ] ~ [ linux-6.8.12 ] ~ [ linux-6.7.12 ] ~ [ linux-6.6.60 ] ~ [ linux-6.5.13 ] ~ [ linux-6.4.16 ] ~ [ linux-6.3.13 ] ~ [ linux-6.2.16 ] ~ [ linux-6.1.116 ] ~ [ linux-6.0.19 ] ~ [ linux-5.19.17 ] ~ [ linux-5.18.19 ] ~ [ linux-5.17.15 ] ~ [ linux-5.16.20 ] ~ [ linux-5.15.171 ] ~ [ linux-5.14.21 ] ~ [ linux-5.13.19 ] ~ [ linux-5.12.19 ] ~ [ linux-5.11.22 ] ~ [ linux-5.10.229 ] ~ [ linux-5.9.16 ] ~ [ linux-5.8.18 ] ~ [ linux-5.7.19 ] ~ [ linux-5.6.19 ] ~ [ linux-5.5.19 ] ~ [ linux-5.4.285 ] ~ [ linux-5.3.18 ] ~ [ linux-5.2.21 ] ~ [ linux-5.1.21 ] ~ [ linux-5.0.21 ] ~ [ linux-4.20.17 ] ~ [ linux-4.19.323 ] ~ [ linux-4.18.20 ] ~ [ linux-4.17.19 ] ~ [ linux-4.16.18 ] ~ [ linux-4.15.18 ] ~ [ linux-4.14.336 ] ~ [ linux-4.13.16 ] ~ [ linux-4.12.14 ] ~ [ linux-4.11.12 ] ~ [ linux-4.10.17 ] ~ [ linux-4.9.337 ] ~ [ linux-4.4.302 ] ~ [ linux-3.10.108 ] ~ [ linux-2.6.32.71 ] ~ [ linux-2.6.0 ] ~ [ linux-2.4.37.11 ] ~ [ unix-v6-master ] ~ [ ccs-tools-1.8.12 ] ~ [ policy-sample ] ~
Architecture: ~ [ i386 ] ~ [ alpha ] ~ [ m68k ] ~ [ mips ] ~ [ ppc ] ~ [ sparc ] ~ [ sparc64 ] ~

Diff markup

Differences between /Documentation/filesystems/ext4/verity.rst (Version linux-6.12-rc7) and /Documentation/filesystems/ext4/verity.rst (Version linux-6.10.14)

  1 .. SPDX-License-Identifier: GPL-2.0                 1 .. SPDX-License-Identifier: GPL-2.0
  2                                                     2 
  3 Verity files                                        3 Verity files
  4 ------------                                        4 ------------
  5                                                     5 
  6 ext4 supports fs-verity, which is a filesystem      6 ext4 supports fs-verity, which is a filesystem feature that provides
  7 Merkle tree based hashing for individual reado      7 Merkle tree based hashing for individual readonly files.  Most of
  8 fs-verity is common to all filesystems that su      8 fs-verity is common to all filesystems that support it; see
  9 :ref:`Documentation/filesystems/fsverity.rst <      9 :ref:`Documentation/filesystems/fsverity.rst <fsverity>` for the
 10 fs-verity documentation.  However, the on-disk     10 fs-verity documentation.  However, the on-disk layout of the verity
 11 metadata is filesystem-specific.  On ext4, the     11 metadata is filesystem-specific.  On ext4, the verity metadata is
 12 stored after the end of the file data itself,      12 stored after the end of the file data itself, in the following format:
 13                                                    13 
 14 - Zero-padding to the next 65536-byte boundary     14 - Zero-padding to the next 65536-byte boundary.  This padding need not
 15   actually be allocated on-disk, i.e. it may b     15   actually be allocated on-disk, i.e. it may be a hole.
 16                                                    16 
 17 - The Merkle tree, as documented in                17 - The Merkle tree, as documented in
 18   :ref:`Documentation/filesystems/fsverity.rst     18   :ref:`Documentation/filesystems/fsverity.rst
 19   <fsverity_merkle_tree>`, with the tree level     19   <fsverity_merkle_tree>`, with the tree levels stored in order from
 20   root to leaf, and the tree blocks within eac     20   root to leaf, and the tree blocks within each level stored in their
 21   natural order.                                   21   natural order.
 22                                                    22 
 23 - Zero-padding to the next filesystem block bo     23 - Zero-padding to the next filesystem block boundary.
 24                                                    24 
 25 - The verity descriptor, as documented in          25 - The verity descriptor, as documented in
 26   :ref:`Documentation/filesystems/fsverity.rst     26   :ref:`Documentation/filesystems/fsverity.rst <fsverity_descriptor>`,
 27   with optionally appended signature blob.         27   with optionally appended signature blob.
 28                                                    28 
 29 - Zero-padding to the next offset that is 4 by     29 - Zero-padding to the next offset that is 4 bytes before a filesystem
 30   block boundary.                                  30   block boundary.
 31                                                    31 
 32 - The size of the verity descriptor in bytes,      32 - The size of the verity descriptor in bytes, as a 4-byte little
 33   endian integer.                                  33   endian integer.
 34                                                    34 
 35 Verity inodes have EXT4_VERITY_FL set, and the     35 Verity inodes have EXT4_VERITY_FL set, and they must use extents, i.e.
 36 EXT4_EXTENTS_FL must be set and EXT4_INLINE_DA     36 EXT4_EXTENTS_FL must be set and EXT4_INLINE_DATA_FL must be clear.
 37 They can have EXT4_ENCRYPT_FL set, in which ca     37 They can have EXT4_ENCRYPT_FL set, in which case the verity metadata
 38 is encrypted as well as the data itself.           38 is encrypted as well as the data itself.
 39                                                    39 
 40 Verity files cannot have blocks allocated past     40 Verity files cannot have blocks allocated past the end of the verity
 41 metadata.                                          41 metadata.
 42                                                    42 
 43 Verity and DAX are not compatible and attempts     43 Verity and DAX are not compatible and attempts to set both of these flags
 44 on a file will fail.                               44 on a file will fail.
~ [ source navigation ] ~ [ diff markup ] ~ [ identifier search ] ~
kernel.org | git.kernel.org | LWN.net | Project Home | SVN repository | Mail admin

Linux® is a registered trademark of Linus Torvalds in the United States and other countries.
TOMOYO® is a registered trademark of NTT DATA CORPORATION.

sflogo.php