On Mon, Jun 12, 2023 at 5:54 PM Alexander Larsson <alexl@xxxxxxxxxx> wrote: > > On Mon, Jun 12, 2023 at 1:09 PM Alexander Larsson <alexl@xxxxxxxxxx> wrote: > > > > On Mon, Jun 12, 2023 at 12:54 PM Amir Goldstein <amir73il@xxxxxxxxx> wrote: > > > > > > On Mon, Jun 12, 2023 at 1:27 PM Alexander Larsson <alexl@xxxxxxxxxx> wrote: > > > > > > > > This patchset adds support for using fs-verity to validate lowerdata > > > > files by specifying an overlay.verity xattr on the metacopy > > > > files. > > > > > > > > This is primarily motivated by the Composefs usecase, where there will > > > > be a read-only EROFS layer that contains redirect into a base data > > > > layer which has fs-verity enabled on all files. However, it is also > > > > useful in general if you want to ensure that the lowerdata files > > > > matches the expected content over time. > > > > > > > > I have also added some tests for this feature to xfstests[1]. > > > > > > I can't remember if there is a good reason why your test does > > > not include verify in a data-only layer. > > > > > > I think this test coverage needs to be added. > > > > Yeah. I'll add that. > > Updated the git branch with some lowerdata tests. > What do I need to do in order to enable verity on ext4 besides enabling FS_VERITY in the kernel? I'm getting these on verity tests on ext4 in the default 4k config. _require_scratch_verity() doesn't mention any requirement other that 4K blocks and extent format files. Thanks, Amir. BEGIN TEST 4k (10 tests): Ext4 4k block Wed Jun 14 06:04:25 UTC 2023 DEVICE: /dev/vdb EXT_MKFS_OPTIONS: -b 4096 EXT_MOUNT_OPTIONS: -o block_validity FSTYP -- ext4 PLATFORM -- Linux/x86_64 kvm-xfstests 6.4.0-rc2-xfstests-00026-g35774ba7f07c #1596 SMP PREEMPT_DYNAMIC Tue Jun 13 18:16:59 IDT 2023 MKFS_OPTIONS -- -F -q -b 4096 /dev/vdc MOUNT_OPTIONS -- -o acl,user_xattr -o block_validity /dev/vdc /vdc generic/572 [06:04:42] [06:04:47] [not run] generic/572 -- ext4 verity isn't usable by default with these mkfs options ...
