On Mon, 2020-11-16 at 12:56 -0800, Eric Biggers wrote: > This patchset adds wrappers around FS_IOC_ENABLE_VERITY to libfsverity, > makes libfsverity (rather than just the fsverity program) default to > SHA-256 and 4096-byte blocks, and makes the fsverity commands share code > to parse the libfsverity_merkle_tree_params. > > This is my proposed alternative to Luca's patch > https://lkml.kernel.org/linux-fscrypt/20201113143527.1097499-1-luca.boccassi@xxxxxxxxx > > Changed since v1: > - Moved the default hash algorithm and block size handling into > libfsverity. > > Eric Biggers (4): > programs/fsverity: change default block size from PAGE_SIZE to 4096 > lib/compute_digest: add default hash_algorithm and block_size > lib: add libfsverity_enable() and libfsverity_enable_with_sig() > programs/fsverity: share code to parse tree parameters > > include/libfsverity.h | 83 +++++++++++++++++++++++++++++----- > lib/compute_digest.c | 27 ++++++----- > lib/enable.c | 47 +++++++++++++++++++ > lib/lib_private.h | 6 +++ > programs/cmd_digest.c | 31 ++----------- > programs/cmd_enable.c | 34 +++----------- > programs/cmd_sign.c | 32 ++----------- > programs/fsverity.c | 35 ++++++++------ > programs/fsverity.h | 21 ++++++--- > programs/test_compute_digest.c | 18 +++++--- > 10 files changed, 201 insertions(+), 133 deletions(-) > create mode 100644 lib/enable.c Tried on my machine, looks great, thank you! -- Kind regards, Luca Boccassi
Attachment:
signature.asc
Description: This is a digitally signed message part
|