[CC-ing linux-mtd] > On 25.01.2018, at 20:11, Theodore Ts'o <tytso@xxxxxxx> wrote: > > I'd like to talk about a proposal to implement and upstream something > that we've been calling fs-verity, which is something like dm-verity, > but implemnted on a per-file basis. It will be implemnted much like > fs/crypto, in that most of the code will be in a generic layer, with > minimal modifications needed in the file system layer. > > The merkle tree will be located after file's normal data, and then > after the package manager sets the verity bit, i_size will be updated > so that the fs-verity header and merkle tree will be "hidden" from > userspace and the file will become immutable. > > How does this differ from IMA's file integrity? > > *) The pages are verified as they are read, so pages are verified as > they are read the storage device; this avoids a large latency hit when > the file is first opened or referenced. > > *) The design and code are done by file system developers, so it > doesn't have the locking problems of the IMA code. This sounds interesting! We recently sent a proposal to add file authentication to UBIFS [1]. Although it does not cover the exact same use case, the concept is similar so that it could implement the same VFS/fs-verity API. It would be great to get some input on this. Thanks, David [1] https://marc.info/?l=linux-fsdevel&m=151620293206369&w=2
