Linux kernel engineer Eric Biggers of Google has sent in a pull request adding FS-VERITY support to the Linux 5.4 but it remains to be seen if Linus Torvalds is content with pulling the code at this stage.
FS-VERITY is the code Google has been working on for a while now in the context of Android. The focus is on providing transparent integrity/authenticity support for read-only files on an otherwise writable file-system. See this presentation to learn more on this file-based authenticity protection.
FS-VERITY is brought to the kernel as a new framework akin to fscrypt for file-encryption. With the patches sought for inclusion in Linux 5.4, this support is wired through to the EXT4 and F2FS file-systems.
fs-verity is a filesystem feature that provides Merkle tree based hashing (similar to dm-verity) for individual readonly files, mainly for the purpose of efficient authenticity verification.
Compared to the original fs-verity patchset from last year, the UAPI to enable fs-verity on a file has been greatly simplified. Lots of other things were cleaned up too.
fs-verity is planned to be used by two different projects on Android; most of the userspace code is in place already. Another userspace tool (“fsverity-utils”), and xfstests, are also available. e2fsprogs and f2fs-tools already have fs-verity support. Other people have shown interest in using fs-verity too.
More details in the pending pull request.
>> Source Link