~ [ source navigation ] ~ [ diff markup ] ~ [ identifier search ] ~

TOMOYO Linux Cross Reference
Linux/include/uapi/linux/fsverity.h

Version: ~ [ linux-6.12-rc7 ] ~ [ linux-6.11.7 ] ~ [ linux-6.10.14 ] ~ [ linux-6.9.12 ] ~ [ linux-6.8.12 ] ~ [ linux-6.7.12 ] ~ [ linux-6.6.60 ] ~ [ linux-6.5.13 ] ~ [ linux-6.4.16 ] ~ [ linux-6.3.13 ] ~ [ linux-6.2.16 ] ~ [ linux-6.1.116 ] ~ [ linux-6.0.19 ] ~ [ linux-5.19.17 ] ~ [ linux-5.18.19 ] ~ [ linux-5.17.15 ] ~ [ linux-5.16.20 ] ~ [ linux-5.15.171 ] ~ [ linux-5.14.21 ] ~ [ linux-5.13.19 ] ~ [ linux-5.12.19 ] ~ [ linux-5.11.22 ] ~ [ linux-5.10.229 ] ~ [ linux-5.9.16 ] ~ [ linux-5.8.18 ] ~ [ linux-5.7.19 ] ~ [ linux-5.6.19 ] ~ [ linux-5.5.19 ] ~ [ linux-5.4.285 ] ~ [ linux-5.3.18 ] ~ [ linux-5.2.21 ] ~ [ linux-5.1.21 ] ~ [ linux-5.0.21 ] ~ [ linux-4.20.17 ] ~ [ linux-4.19.323 ] ~ [ linux-4.18.20 ] ~ [ linux-4.17.19 ] ~ [ linux-4.16.18 ] ~ [ linux-4.15.18 ] ~ [ linux-4.14.336 ] ~ [ linux-4.13.16 ] ~ [ linux-4.12.14 ] ~ [ linux-4.11.12 ] ~ [ linux-4.10.17 ] ~ [ linux-4.9.337 ] ~ [ linux-4.4.302 ] ~ [ linux-3.10.108 ] ~ [ linux-2.6.32.71 ] ~ [ linux-2.6.0 ] ~ [ linux-2.4.37.11 ] ~ [ unix-v6-master ] ~ [ ccs-tools-1.8.12 ] ~ [ policy-sample ] ~
Architecture: ~ [ i386 ] ~ [ alpha ] ~ [ m68k ] ~ [ mips ] ~ [ ppc ] ~ [ sparc ] ~ [ sparc64 ] ~

Diff markup

Differences between /include/uapi/linux/fsverity.h (Version linux-6.12-rc7) and /include/uapi/linux/fsverity.h (Version linux-5.13.19)


  1 /* SPDX-License-Identifier: GPL-2.0 WITH Linux      1 /* SPDX-License-Identifier: GPL-2.0 WITH Linux-syscall-note */
  2 /*                                                  2 /*
  3  * fs-verity user API                               3  * fs-verity user API
  4  *                                                  4  *
  5  * These ioctls can be used on filesystems tha      5  * These ioctls can be used on filesystems that support fs-verity.  See the
  6  * "User API" section of Documentation/filesys      6  * "User API" section of Documentation/filesystems/fsverity.rst.
  7  *                                                  7  *
  8  * Copyright 2019 Google LLC                        8  * Copyright 2019 Google LLC
  9  */                                                 9  */
 10 #ifndef _UAPI_LINUX_FSVERITY_H                     10 #ifndef _UAPI_LINUX_FSVERITY_H
 11 #define _UAPI_LINUX_FSVERITY_H                     11 #define _UAPI_LINUX_FSVERITY_H
 12                                                    12 
 13 #include <linux/ioctl.h>                           13 #include <linux/ioctl.h>
 14 #include <linux/types.h>                           14 #include <linux/types.h>
 15                                                    15 
 16 #define FS_VERITY_HASH_ALG_SHA256       1          16 #define FS_VERITY_HASH_ALG_SHA256       1
 17 #define FS_VERITY_HASH_ALG_SHA512       2          17 #define FS_VERITY_HASH_ALG_SHA512       2
 18                                                    18 
 19 struct fsverity_enable_arg {                       19 struct fsverity_enable_arg {
 20         __u32 version;                             20         __u32 version;
 21         __u32 hash_algorithm;                      21         __u32 hash_algorithm;
 22         __u32 block_size;                          22         __u32 block_size;
 23         __u32 salt_size;                           23         __u32 salt_size;
 24         __u64 salt_ptr;                            24         __u64 salt_ptr;
 25         __u32 sig_size;                            25         __u32 sig_size;
 26         __u32 __reserved1;                         26         __u32 __reserved1;
 27         __u64 sig_ptr;                             27         __u64 sig_ptr;
 28         __u64 __reserved2[11];                     28         __u64 __reserved2[11];
 29 };                                                 29 };
 30                                                    30 
 31 struct fsverity_digest {                           31 struct fsverity_digest {
 32         __u16 digest_algorithm;                    32         __u16 digest_algorithm;
 33         __u16 digest_size; /* input/output */      33         __u16 digest_size; /* input/output */
 34         __u8 digest[];                             34         __u8 digest[];
 35 };                                                 35 };
 36                                                    36 
 37 /*                                                 37 /*
 38  * Struct containing a file's Merkle tree prop     38  * Struct containing a file's Merkle tree properties.  The fs-verity file digest
 39  * is the hash of this struct.  A userspace pr     39  * is the hash of this struct.  A userspace program needs this struct only if it
 40  * needs to compute fs-verity file digests its     40  * needs to compute fs-verity file digests itself, e.g. in order to sign files.
 41  * It isn't needed just to enable fs-verity on     41  * It isn't needed just to enable fs-verity on a file.
 42  *                                                 42  *
 43  * Note: when computing the file digest, 'sig_     43  * Note: when computing the file digest, 'sig_size' and 'signature' must be left
 44  * zero and empty, respectively.  These fields     44  * zero and empty, respectively.  These fields are present only because some
 45  * filesystems reuse this struct as part of th     45  * filesystems reuse this struct as part of their on-disk format.
 46  */                                                46  */
 47 struct fsverity_descriptor {                       47 struct fsverity_descriptor {
 48         __u8 version;           /* must be 1 *     48         __u8 version;           /* must be 1 */
 49         __u8 hash_algorithm;    /* Merkle tree     49         __u8 hash_algorithm;    /* Merkle tree hash algorithm */
 50         __u8 log_blocksize;     /* log2 of siz     50         __u8 log_blocksize;     /* log2 of size of data and tree blocks */
 51         __u8 salt_size;         /* size of sal     51         __u8 salt_size;         /* size of salt in bytes; 0 if none */
 52 #ifdef __KERNEL__                                  52 #ifdef __KERNEL__
 53         __le32 sig_size;                           53         __le32 sig_size;
 54 #else                                              54 #else
 55         __le32 __reserved_0x04; /* must be 0 *     55         __le32 __reserved_0x04; /* must be 0 */
 56 #endif                                             56 #endif
 57         __le64 data_size;       /* size of fil     57         __le64 data_size;       /* size of file the Merkle tree is built over */
 58         __u8 root_hash[64];     /* Merkle tree     58         __u8 root_hash[64];     /* Merkle tree root hash */
 59         __u8 salt[32];          /* salt prepen     59         __u8 salt[32];          /* salt prepended to each hashed block */
 60         __u8 __reserved[144];   /* must be 0's     60         __u8 __reserved[144];   /* must be 0's */
 61 #ifdef __KERNEL__                                  61 #ifdef __KERNEL__
 62         __u8 signature[];                          62         __u8 signature[];
 63 #endif                                             63 #endif
 64 };                                                 64 };
 65                                                    65 
 66 /*                                                 66 /*
 67  * Format in which fs-verity file digests are      67  * Format in which fs-verity file digests are signed in built-in signatures.
 68  * This is the same as 'struct fsverity_digest     68  * This is the same as 'struct fsverity_digest', except here some magic bytes
 69  * are prepended to provide some context about     69  * are prepended to provide some context about what is being signed in case the
 70  * same key is used for non-fsverity purposes,     70  * same key is used for non-fsverity purposes, and here the fields have fixed
 71  * endianness.                                     71  * endianness.
 72  *                                                 72  *
 73  * This struct is specific to the built-in sig     73  * This struct is specific to the built-in signature verification support, which
 74  * is optional.  fs-verity users may also veri     74  * is optional.  fs-verity users may also verify signatures in userspace, in
 75  * which case userspace is responsible for dec     75  * which case userspace is responsible for deciding on what bytes are signed.
 76  * This struct may still be used, but it doesn     76  * This struct may still be used, but it doesn't have to be.  For example,
 77  * userspace could instead use a string like "     77  * userspace could instead use a string like "sha256:$digest_as_hex_string".
 78  */                                                78  */
 79 struct fsverity_formatted_digest {                 79 struct fsverity_formatted_digest {
 80         char magic[8];                  /* mus     80         char magic[8];                  /* must be "FSVerity" */
 81         __le16 digest_algorithm;                   81         __le16 digest_algorithm;
 82         __le16 digest_size;                        82         __le16 digest_size;
 83         __u8 digest[];                             83         __u8 digest[];
 84 };                                                 84 };
 85                                                    85 
 86 #define FS_VERITY_METADATA_TYPE_MERKLE_TREE        86 #define FS_VERITY_METADATA_TYPE_MERKLE_TREE     1
 87 #define FS_VERITY_METADATA_TYPE_DESCRIPTOR         87 #define FS_VERITY_METADATA_TYPE_DESCRIPTOR      2
 88 #define FS_VERITY_METADATA_TYPE_SIGNATURE          88 #define FS_VERITY_METADATA_TYPE_SIGNATURE       3
 89                                                    89 
 90 struct fsverity_read_metadata_arg {                90 struct fsverity_read_metadata_arg {
 91         __u64 metadata_type;                       91         __u64 metadata_type;
 92         __u64 offset;                              92         __u64 offset;
 93         __u64 length;                              93         __u64 length;
 94         __u64 buf_ptr;                             94         __u64 buf_ptr;
 95         __u64 __reserved;                          95         __u64 __reserved;
 96 };                                                 96 };
 97                                                    97 
 98 #define FS_IOC_ENABLE_VERITY    _IOW('f', 133,     98 #define FS_IOC_ENABLE_VERITY    _IOW('f', 133, struct fsverity_enable_arg)
 99 #define FS_IOC_MEASURE_VERITY   _IOWR('f', 134     99 #define FS_IOC_MEASURE_VERITY   _IOWR('f', 134, struct fsverity_digest)
100 #define FS_IOC_READ_VERITY_METADATA \             100 #define FS_IOC_READ_VERITY_METADATA \
101         _IOWR('f', 135, struct fsverity_read_m    101         _IOWR('f', 135, struct fsverity_read_metadata_arg)
102                                                   102 
103 #endif /* _UAPI_LINUX_FSVERITY_H */               103 #endif /* _UAPI_LINUX_FSVERITY_H */
104                                                   104 

~ [ source navigation ] ~ [ diff markup ] ~ [ identifier search ] ~

kernel.org | git.kernel.org | LWN.net | Project Home | SVN repository | Mail admin

Linux® is a registered trademark of Linus Torvalds in the United States and other countries.
TOMOYO® is a registered trademark of NTT DATA CORPORATION.

sflogo.php