This patchset adds wrappers around FS_IOC_ENABLE_VERITY to libfsverity,
makes libfsverity (rather than just the fsverity program) default to
SHA-256 and 4096-byte blocks, and makes the fsverity commands share code
to parse the libfsverity_merkle_tree_params.
This is my proposed alternative to Luca's patch
https://lkml.kernel.org/linux-fscrypt/20201113143527.1097499-1-luca.boccassi@xxxxxxxxx
Changed since v1:
- Moved the default hash algorithm and block size handling into
libfsverity.
Eric Biggers (4):
programs/fsverity: change default block size from PAGE_SIZE to 4096
lib/compute_digest: add default hash_algorithm and block_size
lib: add libfsverity_enable() and libfsverity_enable_with_sig()
programs/fsverity: share code to parse tree parameters
include/libfsverity.h | 83 +++++++++++++++++++++++++++++-----
lib/compute_digest.c | 27 ++++++-----
lib/enable.c | 47 +++++++++++++++++++
lib/lib_private.h | 6 +++
programs/cmd_digest.c | 31 ++-----------
programs/cmd_enable.c | 34 +++-----------
programs/cmd_sign.c | 32 ++-----------
programs/fsverity.c | 35 ++++++++------
programs/fsverity.h | 21 ++++++---
programs/test_compute_digest.c | 18 +++++---
10 files changed, 201 insertions(+), 133 deletions(-)
create mode 100644 lib/enable.c
--
2.29.2
|