1 # SPDX-License-Identifier: GPL-2.0 1 # SPDX-License-Identifier: GPL-2.0 2 2 3 config FS_VERITY 3 config FS_VERITY 4 bool "FS Verity (read-only file-based 4 bool "FS Verity (read-only file-based authenticity protection)" 5 select CRYPTO 5 select CRYPTO 6 select CRYPTO_HASH_INFO << 7 # SHA-256 is implied as it's intended 6 # SHA-256 is implied as it's intended to be the default hash algorithm. 8 # To avoid bloat, other wanted algorit 7 # To avoid bloat, other wanted algorithms must be selected explicitly. 9 # Note that CRYPTO_SHA256 denotes the 8 # Note that CRYPTO_SHA256 denotes the generic C implementation, but 10 # some architectures provided optimize 9 # some architectures provided optimized implementations of the same 11 # algorithm that may be used instead. 10 # algorithm that may be used instead. In this case, CRYPTO_SHA256 may 12 # be omitted even if SHA-256 is being 11 # be omitted even if SHA-256 is being used. 13 imply CRYPTO_SHA256 12 imply CRYPTO_SHA256 14 help 13 help 15 This option enables fs-verity. fs-v 14 This option enables fs-verity. fs-verity is the dm-verity 16 mechanism implemented at the file le 15 mechanism implemented at the file level. On supported 17 filesystems (currently ext4, f2fs, a !! 16 filesystems (currently EXT4 and F2FS), userspace can use an 18 use an ioctl to enable verity for a !! 17 ioctl to enable verity for a file, which causes the filesystem 19 filesystem to build a Merkle tree fo !! 18 to build a Merkle tree for the file. The filesystem will then 20 will then transparently verify any d !! 19 transparently verify any data read from the file against the 21 against the Merkle tree. The file i !! 20 Merkle tree. The file is also made read-only. 22 21 23 This serves as an integrity check, b 22 This serves as an integrity check, but the availability of the 24 Merkle tree root hash also allows ef 23 Merkle tree root hash also allows efficiently supporting 25 various use cases where normally the 24 various use cases where normally the whole file would need to 26 be hashed at once, such as: (a) audi 25 be hashed at once, such as: (a) auditing (logging the file's 27 hash), or (b) authenticity verificat 26 hash), or (b) authenticity verification (comparing the hash 28 against a known good value, e.g. fro 27 against a known good value, e.g. from a digital signature). 29 28 30 fs-verity is especially useful on la 29 fs-verity is especially useful on large files where not all 31 the contents may actually be needed. 30 the contents may actually be needed. Also, fs-verity verifies 32 data each time it is paged back in, 31 data each time it is paged back in, which provides better 33 protection against malicious disks v 32 protection against malicious disks vs. an ahead-of-time hash. 34 33 35 If unsure, say N. 34 If unsure, say N. 36 35 >> 36 config FS_VERITY_DEBUG >> 37 bool "FS Verity debugging" >> 38 depends on FS_VERITY >> 39 help >> 40 Enable debugging messages related to fs-verity by default. >> 41 >> 42 Say N unless you are an fs-verity developer. >> 43 37 config FS_VERITY_BUILTIN_SIGNATURES 44 config FS_VERITY_BUILTIN_SIGNATURES 38 bool "FS Verity builtin signature supp 45 bool "FS Verity builtin signature support" 39 depends on FS_VERITY 46 depends on FS_VERITY 40 select SYSTEM_DATA_VERIFICATION 47 select SYSTEM_DATA_VERIFICATION 41 help 48 help 42 This option adds support for in-kern !! 49 Support verifying signatures of verity files against the X.509 43 fs-verity builtin signatures. !! 50 certificates that have been loaded into the ".fs-verity" >> 51 kernel keyring. 44 52 45 Please take great care before using !! 53 This is meant as a relatively simple mechanism that can be 46 the only way to do signatures with f !! 54 used to provide an authenticity guarantee for verity files, as 47 alternatives (such as userspace sign !! 55 an alternative to IMA appraisal. Userspace programs still 48 IMA appraisal) can be much better. !! 56 need to check that the verity bit is set in order to get an 49 limitations of this feature, see !! 57 authenticity guarantee. 50 Documentation/filesystems/fsverity.r << 51 58 52 If unsure, say N. 59 If unsure, say N.
Linux® is a registered trademark of Linus Torvalds in the United States and other countries.
TOMOYO® is a registered trademark of NTT DATA CORPORATION.