----- Ursprüngliche Mail ----- > Von: "Johannes Thumshirn" <jth@xxxxxxxxxx> > An: "David Sterba" <dsterba@xxxxxxx> > CC: "linux-fsdevel" <linux-fsdevel@xxxxxxxxxxxxxxx>, "linux-btrfs" <linux-btrfs@xxxxxxxxxxxxxxx>, "Eric Biggers" > <ebiggers@xxxxxxxxxx>, "richard" <richard@xxxxxx>, "Johannes Thumshirn" <johannes.thumshirn@xxxxxxx>, "Johannes > Thumshirn" <jthumshirn@xxxxxxx> > Gesendet: Dienstag, 28. April 2020 12:58:58 > Betreff: [PATCH v2 1/2] btrfs: add authentication support > From: Johannes Thumshirn <johannes.thumshirn@xxxxxxx> > > Add authentication support for a BTRFS file-system. > > This works, because in BTRFS every meta-data block as well as every > data-block has a own checksum. For meta-data the checksum is in the > meta-data node itself. For data blocks, the checksums are stored in the > checksum tree. Eric already raised doubts, let me ask more directly. Does the checksum tree really cover all moving parts of BTRFS? I'm a little surprised how small your patch is. Getting all this done for UBIFS was not easy and given that UBIFS is truly copy-on-write it was still less work than it would be for other filesystems. If I understand the checksum tree correctly, the main purpose is protecting you from flipping bits. An attacker will perform much more sophisticated attacks. Thanks, //richard
