+linux-fscrypt On Wed, Dec 02, 2020 at 09:01:52AM -0500, Chris Mason wrote: > Hi Eric, > > I’m working on fsverity support in btrfs and wanted to check on the max size > of the descriptor. I can go up to any size, just wanted to make sure I had > things correct in the disk format. > > -chris The implementations of fs-verity in ext4 and f2fs store the built-in signature (if there is one) appended to the 'struct fsverity_descriptor', and limit the total size of those two things combined to 16384 bytes. See FS_VERITY_MAX_DESCRIPTOR_SIZE in fs/verity/fsverity_private.h. Note that there's nothing special about this particular number; it's just an implementation limit to prevent userspace doing weird things with megabytes "signatures". If btrfs will be storing built-in signatures in the same way, it probably should use the same limit. Preferably it would be done in a way such that it's possible to increase the limit later if it's ever needed. - Eric
|