On Thu, 2019-04-04 at 15:26 -0700, Matthew Garrett wrote: > On Thu, Apr 4, 2019 at 3:18 PM James Bottomley > <James.Bottomley@xxxxxxxxxxxxxxxxxxxxx> wrote: > > The obvious other thought is integration with fs-verity, which is a > > filesystem maintained possibly signed merkel tree hash. The > > problem here is what does vfs_get_hash() actually mean? The > > assumption seems to be that it is the flat hash of the entire file > > which doesn't work for merkle trees. However, if it could be a > > representative hash of the file which is produced however the > > filesystem decides, it could work (well, unless the file is copied > > on to a different fs, of course ...). > > We could always use fs-verity to store additional verifiable metadata > including actual hashes for consistency? Redundant information is always possible, but it can become inconsistent and, because the hashes can't be derived from each other, it's hard to tell if it is inconsistent without redoing the whole hash with each method. I was more wondering what, if any, problems would follow if we did let the filesystem choose the hash method and simply used the top merkle hash in place of the usual IMA hash? James
