[linux-block.git] / fs / verity / Kconfig

# SPDX-License-Identifier: GPL-2.0

config FS_VERITY
	bool "FS Verity (read-only file-based authenticity protection)"
	select CRYPTO
	select CRYPTO_HASH_INFO
	# SHA-256 is implied as it's intended to be the default hash algorithm.
	# To avoid bloat, other wanted algorithms must be selected explicitly.
	# Note that CRYPTO_SHA256 denotes the generic C implementation, but
	# some architectures provided optimized implementations of the same
	# algorithm that may be used instead. In this case, CRYPTO_SHA256 may
	# be omitted even if SHA-256 is being used.
	imply CRYPTO_SHA256
	help
	  This option enables fs-verity.  fs-verity is the dm-verity
	  mechanism implemented at the file level.  On supported
	  filesystems (currently ext4, f2fs, and btrfs), userspace can
	  use an ioctl to enable verity for a file, which causes the
	  filesystem to build a Merkle tree for the file.  The filesystem
	  will then transparently verify any data read from the file
	  against the Merkle tree.  The file is also made read-only.

	  This serves as an integrity check, but the availability of the
	  Merkle tree root hash also allows efficiently supporting
	  various use cases where normally the whole file would need to
	  be hashed at once, such as: (a) auditing (logging the file's
	  hash), or (b) authenticity verification (comparing the hash
	  against a known good value, e.g. from a digital signature).

	  fs-verity is especially useful on large files where not all
	  the contents may actually be needed.  Also, fs-verity verifies
	  data each time it is paged back in, which provides better
	  protection against malicious disks vs. an ahead-of-time hash.

	  If unsure, say N.

config FS_VERITY_BUILTIN_SIGNATURES
	bool "FS Verity builtin signature support"
	depends on FS_VERITY
	select SYSTEM_DATA_VERIFICATION
	help
	  This option adds support for in-kernel verification of
	  fs-verity builtin signatures.

	  Please take great care before using this feature.  It is not
	  the only way to do signatures with fs-verity, and the
	  alternatives (such as userspace signature verification, and
	  IMA appraisal) can be much better.  For details about the
	  limitations of this feature, see
	  Documentation/filesystems/fsverity.rst.

	  If unsure, say N.
Commit	Line	Data
671e67b4 EB	1	# SPDX-License-Identifier: GPL-2.0
	2
	3	config FS_VERITY
	4	bool "FS Verity (read-only file-based authenticity protection)"
	5	select CRYPTO
246d9216	6	select CRYPTO_HASH_INFO
e3a606f2	7	# SHA-256 is implied as it's intended to be the default hash algorithm.
671e67b4	8	# To avoid bloat, other wanted algorithms must be selected explicitly.
e3a606f2 AB	9	# Note that CRYPTO_SHA256 denotes the generic C implementation, but
	10	# some architectures provided optimized implementations of the same
	11	# algorithm that may be used instead. In this case, CRYPTO_SHA256 may
	12	# be omitted even if SHA-256 is being used.
	13	imply CRYPTO_SHA256
671e67b4 EB	14	help
	15	This option enables fs-verity. fs-verity is the dm-verity
	16	mechanism implemented at the file level. On supported
8da572c5 EB	17	filesystems (currently ext4, f2fs, and btrfs), userspace can
	18	use an ioctl to enable verity for a file, which causes the
	19	filesystem to build a Merkle tree for the file. The filesystem
	20	will then transparently verify any data read from the file
	21	against the Merkle tree. The file is also made read-only.
671e67b4 EB	22
	23	This serves as an integrity check, but the availability of the
	24	Merkle tree root hash also allows efficiently supporting
	25	various use cases where normally the whole file would need to
	26	be hashed at once, such as: (a) auditing (logging the file's
	27	hash), or (b) authenticity verification (comparing the hash
	28	against a known good value, e.g. from a digital signature).
	29
	30	fs-verity is especially useful on large files where not all
	31	the contents may actually be needed. Also, fs-verity verifies
	32	data each time it is paged back in, which provides better
	33	protection against malicious disks vs. an ahead-of-time hash.
	34
	35	If unsure, say N.
	36
432434c9 EB	37	config FS_VERITY_BUILTIN_SIGNATURES
	38	bool "FS Verity builtin signature support"
	39	depends on FS_VERITY
	40	select SYSTEM_DATA_VERIFICATION
	41	help
672d6ef4 EB	42	This option adds support for in-kernel verification of
672d6ef4 EB	43	fs-verity builtin signatures.
432434c9	44
672d6ef4 EB	45	Please take great care before using this feature. It is not
	46	the only way to do signatures with fs-verity, and the
	47	alternatives (such as userspace signature verification, and
	48	IMA appraisal) can be much better. For details about the
	49	limitations of this feature, see
	50	Documentation/filesystems/fsverity.rst.
432434c9 EB	51
432434c9 EB	52	If unsure, say N.