[LSF/MM TOPIC] fs-verity: file system-level integrity protection
David Gstir
david at sigma-star.at
Wed Feb 7 05:04:36 PST 2018
[CC-ing linux-mtd]
> On 25.01.2018, at 20:11, Theodore Ts'o <tytso at mit.edu> wrote:
>
> I'd like to talk about a proposal to implement and upstream something
> that we've been calling fs-verity, which is something like dm-verity,
> but implemnted on a per-file basis. It will be implemnted much like
> fs/crypto, in that most of the code will be in a generic layer, with
> minimal modifications needed in the file system layer.
>
> The merkle tree will be located after file's normal data, and then
> after the package manager sets the verity bit, i_size will be updated
> so that the fs-verity header and merkle tree will be "hidden" from
> userspace and the file will become immutable.
>
> How does this differ from IMA's file integrity?
>
> *) The pages are verified as they are read, so pages are verified as
> they are read the storage device; this avoids a large latency hit when
> the file is first opened or referenced.
>
> *) The design and code are done by file system developers, so it
> doesn't have the locking problems of the IMA code.
This sounds interesting! We recently sent a proposal to add file
authentication to UBIFS [1]. Although it does not cover the exact
same use case, the concept is similar so that it could implement
the same VFS/fs-verity API.
It would be great to get some input on this.
Thanks,
David
[1] https://marc.info/?l=linux-fsdevel&m=151620293206369&w=2
More information about the linux-mtd
mailing list