1 # SPDX-License-Identifier: GPL-2.0 1 # SPDX-License-Identifier: GPL-2.0
2 2
3 config FS_VERITY 3 config FS_VERITY
4 bool "FS Verity (read-only file-based 4 bool "FS Verity (read-only file-based authenticity protection)"
5 select CRYPTO 5 select CRYPTO
6 select CRYPTO_HASH_INFO 6 select CRYPTO_HASH_INFO
7 # SHA-256 is implied as it's intended 7 # SHA-256 is implied as it's intended to be the default hash algorithm.
8 # To avoid bloat, other wanted algorit 8 # To avoid bloat, other wanted algorithms must be selected explicitly.
9 # Note that CRYPTO_SHA256 denotes the 9 # Note that CRYPTO_SHA256 denotes the generic C implementation, but
10 # some architectures provided optimize 10 # some architectures provided optimized implementations of the same
11 # algorithm that may be used instead. 11 # algorithm that may be used instead. In this case, CRYPTO_SHA256 may
12 # be omitted even if SHA-256 is being 12 # be omitted even if SHA-256 is being used.
13 imply CRYPTO_SHA256 13 imply CRYPTO_SHA256
14 help 14 help
15 This option enables fs-verity. fs-v 15 This option enables fs-verity. fs-verity is the dm-verity
16 mechanism implemented at the file le 16 mechanism implemented at the file level. On supported
17 filesystems (currently ext4, f2fs, a 17 filesystems (currently ext4, f2fs, and btrfs), userspace can
18 use an ioctl to enable verity for a 18 use an ioctl to enable verity for a file, which causes the
19 filesystem to build a Merkle tree fo 19 filesystem to build a Merkle tree for the file. The filesystem
20 will then transparently verify any d 20 will then transparently verify any data read from the file
21 against the Merkle tree. The file i 21 against the Merkle tree. The file is also made read-only.
22 22
23 This serves as an integrity check, b 23 This serves as an integrity check, but the availability of the
24 Merkle tree root hash also allows ef 24 Merkle tree root hash also allows efficiently supporting
25 various use cases where normally the 25 various use cases where normally the whole file would need to
26 be hashed at once, such as: (a) audi 26 be hashed at once, such as: (a) auditing (logging the file's
27 hash), or (b) authenticity verificat 27 hash), or (b) authenticity verification (comparing the hash
28 against a known good value, e.g. fro 28 against a known good value, e.g. from a digital signature).
29 29
30 fs-verity is especially useful on la 30 fs-verity is especially useful on large files where not all
31 the contents may actually be needed. 31 the contents may actually be needed. Also, fs-verity verifies
32 data each time it is paged back in, 32 data each time it is paged back in, which provides better
33 protection against malicious disks v 33 protection against malicious disks vs. an ahead-of-time hash.
34 34
35 If unsure, say N. 35 If unsure, say N.
36 36
37 config FS_VERITY_BUILTIN_SIGNATURES 37 config FS_VERITY_BUILTIN_SIGNATURES
38 bool "FS Verity builtin signature supp 38 bool "FS Verity builtin signature support"
39 depends on FS_VERITY 39 depends on FS_VERITY
40 select SYSTEM_DATA_VERIFICATION 40 select SYSTEM_DATA_VERIFICATION
41 help 41 help
42 This option adds support for in-kern 42 This option adds support for in-kernel verification of
43 fs-verity builtin signatures. 43 fs-verity builtin signatures.
44 44
45 Please take great care before using 45 Please take great care before using this feature. It is not
46 the only way to do signatures with f 46 the only way to do signatures with fs-verity, and the
47 alternatives (such as userspace sign 47 alternatives (such as userspace signature verification, and
48 IMA appraisal) can be much better. 48 IMA appraisal) can be much better. For details about the
49 limitations of this feature, see 49 limitations of this feature, see
50 Documentation/filesystems/fsverity.r 50 Documentation/filesystems/fsverity.rst.
51 51
52 If unsure, say N. 52 If unsure, say N.
Linux® is a registered trademark of Linus Torvalds in the United States and other countries.
TOMOYO® is a registered trademark of NTT DATA CORPORATION.