On Wed, Mar 8, 2023 at 4:28 PM Alexander Larsson <alexl@xxxxxxxxxx> wrote: > > As was recently discussed in the various threads about composefs we > want the ability to specify a fs-verity digest for metacopy files, > such that the lower file used for the data is guaranteed to have the > specified digest. > > I wrote an initial version of this here: > > https://github.com/alexlarsson/linux/tree/overlay-verity After some discussions with Amir in github I updated the branch. In this new version there are four verity modes with this behaviour: Unless you explicitly disable it ("verity=off") all existing xattrs are validated before use. This is all that happens by default ("verity=validate"), but, if you turn on verity ("verity=on") then during metacopy we generate verity xattr in the upper metacopy file (if the source file has verity enabled). This means later accesses can guarantee that the correct data is used. Additionally you can use "verity=require". In this mode all metacopy files must have a valid verity xattr. For this to work metadata copy-up must be able to create a verity xattr (so that later accesses are validated). Therefore, in this mode, if the lower data file doesn't have fs-verity enabled we fall back to a full copy rather than a metacopy. In addition I changed the code so that validation of lowerdata happens during lookup. Previously I was trying to do this lazily at use-time, but that was only done partially right. Amir is doing some general work on making lookups lazy, so the idea is to migrate the verity validation to that later. -- =-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-= Alexander Larsson Red Hat, Inc alexl@xxxxxxxxxx alexander.larsson@xxxxxxxxx
