| /kernel/linux/linux-5.10/Documentation/filesystems/ |
| D | fsverity.rst | 6 fs-verity: read-only file-based authenticity protection
12 fs-verity (``fs/verity/``) is a support layer that filesystems can
16 needed to support fs-verity.
18 fs-verity is similar to `dm-verity
19 <https://www.kernel.org/doc/Documentation/device-mapper/verity.txt>`_
21 filesystems supporting fs-verity, userspace can execute an ioctl that
31 that fs-verity is enforcing for the file. This ioctl executes in
34 fs-verity is essentially a way to hash a file in constant time,
41 By itself, the base fs-verity feature only provides integrity
44 However, because fs-verity makes retrieving the file hash extremely
[all …]
|
| D | ubifs-authentication.rst | 32 layer, the dm-integrity or dm-verity subsystems [DM-INTEGRITY, DM-VERITY]
444 [DM-VERITY] https://www.kernel.org/doc/Documentation/device-mapper/verity.rst
|
| /kernel/linux/linux-5.10/fs/verity/ |
| D | Kconfig | 10 This option enables fs-verity. fs-verity is the dm-verity
13 ioctl to enable verity for a file, which causes the filesystem
25 fs-verity is especially useful on large files where not all
26 the contents may actually be needed. Also, fs-verity verifies
36 Enable debugging messages related to fs-verity by default.
38 Say N unless you are an fs-verity developer.
45 Support verifying signatures of verity files against the X.509
46 certificates that have been loaded into the ".fs-verity"
50 used to provide an authenticity guarantee for verity files, as
52 need to check that the verity bit is set in order to get an
|
| /kernel/linux/common_modules/xpm/validator/ |
| D | exec_signature_info.c | 447 static int get_verity_info(int type, struct verity_info *verity) in get_verity_info() argument
450 verity->root = &dm_verity_tree; in get_verity_info()
451 verity->lock = &dm_verity_tree_lock; in get_verity_info()
452 verity->node_count = &dm_verity_node_count; in get_verity_info()
457 verity->lock = &fs_verity_tree_lock; in get_verity_info()
458 verity->root = &fs_verity_tree; in get_verity_info()
459 verity->node_count = &fs_verity_node_count; in get_verity_info()
467 …struct verity_info *verity, struct exec_file_signature_info *new_info, struct exec_file_signature_… in insert_new_signature_info() argument
473 write_lock(verity->lock); in insert_new_signature_info()
474 rb_erase_node(verity->root, verity->node_count, *old_info); in insert_new_signature_info()
[all …]
|
| /kernel/linux/linux-5.10/Documentation/filesystems/ext4/ |
| D | verity.rst | 6 ext4 supports fs-verity, which is a filesystem feature that provides
8 fs-verity is common to all filesystems that support it; see
10 fs-verity documentation. However, the on-disk layout of the verity
11 metadata is filesystem-specific. On ext4, the verity metadata is
25 - The verity descriptor, as documented in
32 - The size of the verity descriptor in bytes, as a 4-byte little
37 They can have EXT4_ENCRYPT_FL set, in which case the verity metadata
40 Verity files cannot have blocks allocated past the end of the verity
|
| D | overview.rst | 27 .. include:: verity.rst
|
| /kernel/linux/linux-5.10/drivers/md/ |
| D | Makefile | 23 dm-verity-y += dm-verity-target.o
70 obj-$(CONFIG_DM_VERITY) += dm-verity.o
90 dm-verity-objs += dm-verity-fec.o
94 dm-verity-objs += dm-verity-verify-sig.o
|
| D | Kconfig | 524 be called dm-verity.
534 Add ability for dm-verity device to be validated if the
546 Add forward error correction support to dm-verity. This option
|
| /kernel/linux/linux-5.10/Documentation/admin-guide/device-mapper/ |
| D | dm-init.rst | 32 <target_type> ::= "verity" | "linear" | ... (see list below)
61 `verity` allowed
85 dm-verity,,3,ro,
86 0 1638400 verity 1 /dev/sdc1 /dev/sdc2 4096 4096 204800 1 sha256
120 "verity"::
122 dm-verity,,4,ro,
123 0 1638400 verity 1 8:1 8:2 4096 4096 204800 1 sha256
|
| D | verity.rst | 2 dm-verity
5 Device-Mapper's "verity" target provides transparent integrity checking of
40 dm-verity device.
105 verity <dev> is encrypted the <fec_dev> should be too.
122 rather than every time. This reduces the overhead of dm-verity so that it
142 dm-verity is meant to be set up as part of a verified boot path. This
146 When a dm-verity device is configured, it is expected that the caller
194 The verity kernel code does not read the verity metadata on-disk header.
197 verity header.
222 "0 2097152 verity 1 /dev/sda1 /dev/sda2 4096 4096 262144 1 sha256 "\
|
| D | index.rst | 36 verity
|
| /kernel/linux/linux-5.10/fs/f2fs/ |
| D | Makefile | 11 f2fs-$(CONFIG_FS_VERITY) += verity.o
|
| D | compress.c | 705 void f2fs_decompress_pages(struct bio *bio, struct page *page, bool verity) in f2fs_decompress_pages() argument
788 if (!verity) in f2fs_decompress_pages()
794 if (!verity) in f2fs_decompress_pages()
1543 unsigned int cluster_size, bool err, bool verity) in f2fs_decompress_end_io() argument
1556 if (!verity || fsverity_verify_page(rpage)) { in f2fs_decompress_end_io()
|
| D | data.c | 131 static void __read_end_io(struct bio *bio, bool compr, bool verity) in __read_end_io() argument
142 f2fs_decompress_pages(bio, page, verity); in __read_end_io()
145 if (verity) in __read_end_io()
163 static void __f2fs_read_end_io(struct bio *bio, bool compr, bool verity) in __f2fs_read_end_io() argument
166 __read_end_io(bio, false, verity); in __f2fs_read_end_io()
170 static void f2fs_decompress_bio(struct bio *bio, bool verity) in f2fs_decompress_bio() argument
172 __read_end_io(bio, true, verity); in f2fs_decompress_bio()
|
| D | sysfs.c | 642 F2FS_FEATURE_RO_ATTR(verity, FEAT_VERITY);
744 ATTR_LIST(verity),
|
| D | f2fs.h | 3930 void f2fs_decompress_pages(struct bio *bio, struct page *page, bool verity);
3945 unsigned int cluster_size, bool err, bool verity);
4022 F2FS_FEATURE_FUNCS(verity, VERITY);
|
| /kernel/linux/linux-5.10/fs/ext4/ |
| D | Makefile | 19 ext4-$(CONFIG_FS_VERITY) += verity.o
|
| D | sysfs.c | 318 EXT4_ATTR_FEATURE(verity);
335 ATTR_LIST(verity),
|
| D | inode.c | 1302 bool verity = ext4_verity_in_progress(inode); in ext4_write_end() local
1318 if (!verity) in ext4_write_end()
1323 if (old_size < pos && !verity) in ext4_write_end()
1334 if (pos + len > inode->i_size && !verity && ext4_can_truncate(inode)) in ext4_write_end()
1345 if (pos + len > inode->i_size && !verity) { in ext4_write_end()
1405 bool verity = ext4_verity_in_progress(inode); in ext4_journalled_write_end() local
1429 if (!verity) in ext4_journalled_write_end()
1436 if (old_size < pos && !verity) in ext4_journalled_write_end()
1445 if (pos + len > inode->i_size && !verity && ext4_can_truncate(inode)) in ext4_journalled_write_end()
1455 if (pos + len > inode->i_size && !verity) { in ext4_journalled_write_end()
|
| D | ext4.h | 2023 EXT4_FEATURE_RO_COMPAT_FUNCS(verity, VERITY) in EXT4_FEATURE_COMPAT_FUNCS()
|
| /kernel/linux/linux-5.10/security/loadpin/ |
| D | Kconfig | 12 dm-verity or a CDROM.
|
| /kernel/linux/linux-5.10/Documentation/admin-guide/LSM/ |
| D | LoadPin.rst | 8 such as dm-verity or CDROM. This allows systems that have a verified
|
| /kernel/linux/linux-5.10/fs/ |
| D | Makefile | 37 obj-$(CONFIG_FS_VERITY) += verity/
|
| D | Kconfig | 118 source "fs/verity/Kconfig"
|
| /kernel/linux/linux-5.10/Documentation/admin-guide/ |
| D | ext4.rst | 96 * file-based verity support (fsverity)
|