13 Aug, 2019
4 commits
-
To meet some users' needs, add optional support for having fs-verity
handle a portion of the authentication policy in the kernel. An
".fs-verity" keyring is created to which X.509 certificates can be
added; then a sysctl 'fs.verity.require_signatures' can be set to cause
the kernel to enforce that all fs-verity files contain a signature of
their file measurement by a key in this keyring.See the "Built-in signature verification" section of
Documentation/filesystems/fsverity.rst for the full documentation.Reviewed-by: Theodore Ts'o
Signed-off-by: Eric Biggers -
Add SHA-512 support to fs-verity. This is primarily a demonstration of
the trivial changes needed to support a new hash algorithm in fs-verity;
most users will still use SHA-256, due to the smaller space required to
store the hashes. But some users may prefer SHA-512.Reviewed-by: Theodore Ts'o
Reviewed-by: Jaegeuk Kim
Signed-off-by: Eric Biggers -
Add a function for filesystems to call to implement the
FS_IOC_MEASURE_VERITY ioctl. This ioctl retrieves the file measurement
that fs-verity calculated for the given file and is enforcing for reads;
i.e., reads that don't match this hash will fail. This ioctl can be
used for authentication or logging of file measurements in userspace.See the "FS_IOC_MEASURE_VERITY" section of
Documentation/filesystems/fsverity.rst for the documentation.Reviewed-by: Theodore Ts'o
Reviewed-by: Jaegeuk Kim
Signed-off-by: Eric Biggers -
Add a function for filesystems to call to implement the
FS_IOC_ENABLE_VERITY ioctl. This ioctl enables fs-verity on a file.See the "FS_IOC_ENABLE_VERITY" section of
Documentation/filesystems/fsverity.rst for the documentation.Reviewed-by: Theodore Ts'o
Reviewed-by: Jaegeuk Kim
Signed-off-by: Eric Biggers
29 Jul, 2019
4 commits
-
Add functions that verify data pages that have been read from a
fs-verity file, against that file's Merkle tree. These will be called
from filesystems' ->readpage() and ->readpages() methods.Since data verification can block, a workqueue is provided for these
methods to enqueue verification work from their bio completion callback.See the "Verifying data" section of
Documentation/filesystems/fsverity.rst for more information.Reviewed-by: Theodore Ts'o
Reviewed-by: Jaegeuk Kim
Signed-off-by: Eric Biggers -
Add a function fsverity_prepare_setattr() which filesystems that support
fs-verity must call to deny truncates of verity files.Reviewed-by: Theodore Ts'o
Reviewed-by: Jaegeuk Kim
Signed-off-by: Eric Biggers -
Add the fsverity_file_open() function, which prepares an fs-verity file
to be read from. If not already done, it loads the fs-verity descriptor
from the filesystem and sets up an fsverity_info structure for the inode
which describes the Merkle tree and contains the file measurement. It
also denies all attempts to open verity files for writing.This commit also begins the include/linux/fsverity.h header, which
declares the interface between fs/verity/ and filesystems.Reviewed-by: Theodore Ts'o
Reviewed-by: Jaegeuk Kim
Signed-off-by: Eric Biggers -
Add the beginnings of the fs/verity/ support layer, including the
Kconfig option and various helper functions for hashing. To start, only
SHA-256 is supported, but other hash algorithms can easily be added.Reviewed-by: Theodore Ts'o
Reviewed-by: Jaegeuk Kim
Signed-off-by: Eric Biggers