1 /* SPDX-License-Identifier: GPL-2.0 WITH Linux-syscall-note */ 2 /* 3 * fs-verity (file-based verity) support 4 * 5 * Copyright (C) 2018 Google LLC 6 */ 7 #ifndef _UAPI_LINUX_FSVERITY_H 8 #define _UAPI_LINUX_FSVERITY_H 9 10 #include <linux/limits.h> 11 #include <linux/ioctl.h> 12 #include <linux/types.h> 13 14 /* ========== Ioctls ========== */ 15 16 struct fsverity_digest { 17 __u16 digest_algorithm; 18 __u16 digest_size; /* input/output */ 19 __u8 digest[]; 20 }; 21 22 #define FS_IOC_ENABLE_VERITY _IO('f', 133) 23 #define FS_IOC_MEASURE_VERITY _IOWR('f', 134, struct fsverity_digest) 24 25 /* ========== On-disk format ========== */ 26 27 #define FS_VERITY_MAGIC "FSVerity" 28 29 /* Supported hash algorithms */ 30 #define FS_VERITY_ALG_SHA256 1 31 #define FS_VERITY_ALG_SHA512 2 32 #define FS_VERITY_ALG_CRC32C 3 /* for integrity only */ 33 34 /* Metadata stored near the end of fs-verity files, after the Merkle tree */ 35 /* This structure is 64 bytes long */ 36 struct fsverity_descriptor { 37 __u8 magic[8]; /* must be FS_VERITY_MAGIC */ 38 __u8 major_version; /* must be 1 */ 39 __u8 minor_version; /* must be 0 */ 40 __u8 log_data_blocksize;/* log2(data-bytes-per-hash), e.g. 12 for 4KB */ 41 __u8 log_tree_blocksize;/* log2(tree-bytes-per-hash), e.g. 12 for 4KB */ 42 __le16 data_algorithm; /* hash algorithm for data blocks */ 43 __le16 tree_algorithm; /* hash algorithm for tree blocks */ 44 __le32 flags; /* flags */ 45 __le32 reserved1; /* must be 0 */ 46 __le64 orig_file_size; /* size of the original, unpadded data */ 47 __le16 auth_ext_count; /* number of authenticated extensions */ 48 __u8 reserved2[30]; /* must be 0 */ 49 }; 50 /* followed by list of 'auth_ext_count' authenticated extensions */ 51 /* 52 * then followed by '__le16 unauth_ext_count' padded to next 8-byte boundary, 53 * then a list of 'unauth_ext_count' (may be 0) unauthenticated extensions 54 */ 55 56 /* Extension types */ 57 #define FS_VERITY_EXT_ROOT_HASH 1 58 #define FS_VERITY_EXT_SALT 2 59 #define FS_VERITY_EXT_PKCS7_SIGNATURE 3 60 #define FS_VERITY_EXT_ELIDE 4 61 #define FS_VERITY_EXT_PATCH 5 62 63 /* Header of each extension (variable-length metadata item) */ 64 struct fsverity_extension { 65 /* 66 * Length in bytes, including this header but excluding padding to next 67 * 8-byte boundary that is applied when advancing to the next extension. 68 */ 69 __le32 length; 70 __le16 type; /* Type of this extension (see codes above) */ 71 __le16 reserved; /* Reserved, must be 0 */ 72 }; 73 /* followed by the payload of 'length - 8' bytes */ 74 75 /* Extension payload formats */ 76 77 /* 78 * FS_VERITY_EXT_ROOT_HASH payload is just a byte array, with size equal to the 79 * digest size of the hash algorithm given in the fsverity_descriptor 80 */ 81 82 /* FS_VERITY_EXT_SALT payload is just a byte array, any size */ 83 84 /* 85 * FS_VERITY_EXT_PKCS7_SIGNATURE payload is a DER-encoded PKCS#7 message 86 * containing the signed file measurement in the following format: 87 */ 88 struct fsverity_digest_disk { 89 __le16 digest_algorithm; 90 __le16 digest_size; 91 __u8 digest[]; 92 }; 93 94 /* FS_VERITY_EXT_ELIDE payload */ 95 struct fsverity_extension_elide { 96 __le64 offset; 97 __le64 length; 98 }; 99 100 /* FS_VERITY_EXT_PATCH payload */ 101 struct fsverity_extension_patch { 102 __le64 offset; 103 /* followed by variable-length patch data */ 104 }; 105 106 /* Fields stored at the very end of the file */ 107 struct fsverity_footer { 108 __le32 desc_reverse_offset; /* distance to fsverity_descriptor */ 109 __u8 magic[8]; /* FS_VERITY_MAGIC */ 110 } __attribute__((packed)); 111 112 #endif /* _UAPI_LINUX_FSVERITY_H */ 113