Commit | Line | Data |
---|---|---|
671e67b4 EB |
1 | # SPDX-License-Identifier: GPL-2.0 |
2 | ||
3 | config FS_VERITY | |
4 | bool "FS Verity (read-only file-based authenticity protection)" | |
5 | select CRYPTO | |
246d9216 | 6 | select CRYPTO_HASH_INFO |
e3a606f2 | 7 | # SHA-256 is implied as it's intended to be the default hash algorithm. |
671e67b4 | 8 | # To avoid bloat, other wanted algorithms must be selected explicitly. |
e3a606f2 AB |
9 | # Note that CRYPTO_SHA256 denotes the generic C implementation, but |
10 | # some architectures provided optimized implementations of the same | |
11 | # algorithm that may be used instead. In this case, CRYPTO_SHA256 may | |
12 | # be omitted even if SHA-256 is being used. | |
13 | imply CRYPTO_SHA256 | |
671e67b4 EB |
14 | help |
15 | This option enables fs-verity. fs-verity is the dm-verity | |
16 | mechanism implemented at the file level. On supported | |
8da572c5 EB |
17 | filesystems (currently ext4, f2fs, and btrfs), userspace can |
18 | use an ioctl to enable verity for a file, which causes the | |
19 | filesystem to build a Merkle tree for the file. The filesystem | |
20 | will then transparently verify any data read from the file | |
21 | against the Merkle tree. The file is also made read-only. | |
671e67b4 EB |
22 | |
23 | This serves as an integrity check, but the availability of the | |
24 | Merkle tree root hash also allows efficiently supporting | |
25 | various use cases where normally the whole file would need to | |
26 | be hashed at once, such as: (a) auditing (logging the file's | |
27 | hash), or (b) authenticity verification (comparing the hash | |
28 | against a known good value, e.g. from a digital signature). | |
29 | ||
30 | fs-verity is especially useful on large files where not all | |
31 | the contents may actually be needed. Also, fs-verity verifies | |
32 | data each time it is paged back in, which provides better | |
33 | protection against malicious disks vs. an ahead-of-time hash. | |
34 | ||
35 | If unsure, say N. | |
36 | ||
432434c9 EB |
37 | config FS_VERITY_BUILTIN_SIGNATURES |
38 | bool "FS Verity builtin signature support" | |
39 | depends on FS_VERITY | |
40 | select SYSTEM_DATA_VERIFICATION | |
41 | help | |
672d6ef4 EB |
42 | This option adds support for in-kernel verification of |
43 | fs-verity builtin signatures. | |
432434c9 | 44 | |
672d6ef4 EB |
45 | Please take great care before using this feature. It is not |
46 | the only way to do signatures with fs-verity, and the | |
47 | alternatives (such as userspace signature verification, and | |
48 | IMA appraisal) can be much better. For details about the | |
49 | limitations of this feature, see | |
50 | Documentation/filesystems/fsverity.rst. | |
432434c9 EB |
51 | |
52 | If unsure, say N. |