Home / Linux / Google’s FS-VERITY File Authentication Called For Inclusion In Linux 5.4 Kernel

Google’s FS-VERITY File Authentication Called For Inclusion In Linux 5.4 Kernel


Linux kernel engineer Eric Biggers of Google has sent in a pull request adding FS-VERITY support to the Linux 5.4 but it remains to be seen if Linus Torvalds is content with pulling the code at this stage.

FS-VERITY is the code Google has been working on for a while now in the context of Android. The focus is on providing transparent integrity/authenticity support for read-only files on an otherwise writable file-system. See this presentation to learn more on this file-based authenticity protection.

FS-VERITY is brought to the kernel as a new framework akin to fscrypt for file-encryption. With the patches sought for inclusion in Linux 5.4, this support is wired through to the EXT4 and F2FS file-systems.

fs-verity is a filesystem feature that provides Merkle tree based hashing (similar to dm-verity) for individual readonly files, mainly for the purpose of efficient authenticity verification.

Compared to the original fs-verity patchset from last year, the UAPI to enable fs-verity on a file has been greatly simplified. Lots of other things were cleaned up too.

fs-verity is planned to be used by two different projects on Android; most of the userspace code is in place already. Another userspace tool (“fsverity-utils”), and xfstests, are also available. e2fsprogs and f2fs-tools already have fs-verity support. Other people have shown interest in using fs-verity too.

More details in the pending pull request.

>> Source Link


Check Also

Google wants to unfork Anfroid back to the Linux kernel

Fork you, they won’t do what you tell them GOOGLE HAS SAID it wants to bring …