tjh.dev / kernel
Linux kernel mirror (for testing) git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git
kernel os linux
1
fork

Configure Feed

Select the types of activity you want to include in your feed.

Merge tag 'fsverity-for-linus' of git://git.kernel.org/pub/scm/fs/fsverity/linux

Pull fsverity updates from Eric Biggers:
"A fix for an issue where CONFIG_FS_VERITY could be enabled without
some of its dependencies, and a small documentation update"

* tag 'fsverity-for-linus' of git://git.kernel.org/pub/scm/fs/fsverity/linux:
Revert "fsverity: relax build time dependency on CRYPTO_SHA256"
Documentation: add a usecase for FS_IOC_READ_VERITY_METADATA

Linus Torvalds bdab2977 61af143f

+13 -11
+11 -5
Documentation/filesystems/fsverity.rst
··· 248 248 The FS_IOC_READ_VERITY_METADATA ioctl reads verity metadata from a 249 249 verity file. This ioctl is available since Linux v5.12. 250 250 251 - This ioctl allows writing a server program that takes a verity file 252 - and serves it to a client program, such that the client can do its own 253 - fs-verity compatible verification of the file. This only makes sense 254 - if the client doesn't trust the server and if the server needs to 255 - provide the storage for the client. 251 + This ioctl is useful for cases where the verity verification should be 252 + performed somewhere other than the currently running kernel. 253 + 254 + One example is a server program that takes a verity file and serves it 255 + to a client program, such that the client can do its own fs-verity 256 + compatible verification of the file. This only makes sense if the 257 + client doesn't trust the server and if the server needs to provide the 258 + storage for the client. 259 + 260 + Another example is copying verity metadata when creating filesystem 261 + images in userspace (such as with ``mkfs.ext4 -d``). 256 262 257 263 This is a fairly specialized use case, and most fs-verity users won't 258 264 need this ioctl.
+2 -6
fs/verity/Kconfig
··· 4 4 bool "FS Verity (read-only file-based authenticity protection)" 5 5 select CRYPTO 6 6 select CRYPTO_HASH_INFO 7 - # SHA-256 is implied as it's intended to be the default hash algorithm. 7 + # SHA-256 is selected as it's intended to be the default hash algorithm. 8 8 # To avoid bloat, other wanted algorithms must be selected explicitly. 9 - # Note that CRYPTO_SHA256 denotes the generic C implementation, but 10 - # some architectures provided optimized implementations of the same 11 - # algorithm that may be used instead. In this case, CRYPTO_SHA256 may 12 - # be omitted even if SHA-256 is being used. 13 - imply CRYPTO_SHA256 9 + select CRYPTO_SHA256 14 10 help 15 11 This option enables fs-verity. fs-verity is the dm-verity 16 12 mechanism implemented at the file level. On supported