Home / Linux / Google’s FS-VERITY File Authentication Called For Inclusion In Linux 5.4 Kernel

Google’s FS-VERITY File Authentication Called For Inclusion In Linux 5.4 Kernel

GOOGLE --

Linux kernel engineer Eric Biggers of Google has sent in a pull request adding FS-VERITY support to the Linux 5.4 but it remains to be seen if Linus Torvalds is content with pulling the code at this stage.

FS-VERITY is the code Google has been working on for a while now in the context of Android. The focus is on providing transparent integrity/authenticity support for read-only files on an otherwise writable file-system. See this presentation to learn more on this file-based authenticity protection.

FS-VERITY is brought to the kernel as a new framework akin to fscrypt for file-encryption. With the patches sought for inclusion in Linux 5.4, this support is wired through to the EXT4 and F2FS file-systems.

fs-verity is a filesystem feature that provides Merkle tree based hashing (similar to dm-verity) for individual readonly files, mainly for the purpose of efficient authenticity verification.

Compared to the original fs-verity patchset from last year, the UAPI to enable fs-verity on a file has been greatly simplified. Lots of other things were cleaned up too.

fs-verity is planned to be used by two different projects on Android; most of the userspace code is in place already. Another userspace tool (“fsverity-utils”), and xfstests, are also available. e2fsprogs and f2fs-tools already have fs-verity support. Other people have shown interest in using fs-verity too.

More details in the pending pull request.


>> Source Link

Loading...

Check Also

Google wants to unfork Anfroid back to the Linux kernel

Fork you, they won’t do what you tell them GOOGLE HAS SAID it wants to bring …