]>
Commit | Line | Data |
---|---|---|
671e67b4 EB |
1 | # SPDX-License-Identifier: GPL-2.0 |
2 | ||
3 | config FS_VERITY | |
4 | bool "FS Verity (read-only file-based authenticity protection)" | |
5 | select CRYPTO | |
6 | # SHA-256 is selected as it's intended to be the default hash algorithm. | |
7 | # To avoid bloat, other wanted algorithms must be selected explicitly. | |
8 | select CRYPTO_SHA256 | |
9 | help | |
10 | This option enables fs-verity. fs-verity is the dm-verity | |
11 | mechanism implemented at the file level. On supported | |
12 | filesystems (currently EXT4 and F2FS), userspace can use an | |
13 | ioctl to enable verity for a file, which causes the filesystem | |
14 | to build a Merkle tree for the file. The filesystem will then | |
15 | transparently verify any data read from the file against the | |
16 | Merkle tree. The file is also made read-only. | |
17 | ||
18 | This serves as an integrity check, but the availability of the | |
19 | Merkle tree root hash also allows efficiently supporting | |
20 | various use cases where normally the whole file would need to | |
21 | be hashed at once, such as: (a) auditing (logging the file's | |
22 | hash), or (b) authenticity verification (comparing the hash | |
23 | against a known good value, e.g. from a digital signature). | |
24 | ||
25 | fs-verity is especially useful on large files where not all | |
26 | the contents may actually be needed. Also, fs-verity verifies | |
27 | data each time it is paged back in, which provides better | |
28 | protection against malicious disks vs. an ahead-of-time hash. | |
29 | ||
30 | If unsure, say N. | |
31 | ||
32 | config FS_VERITY_DEBUG | |
33 | bool "FS Verity debugging" | |
34 | depends on FS_VERITY | |
35 | help | |
36 | Enable debugging messages related to fs-verity by default. | |
37 | ||
38 | Say N unless you are an fs-verity developer. | |
432434c9 EB |
39 | |
40 | config FS_VERITY_BUILTIN_SIGNATURES | |
41 | bool "FS Verity builtin signature support" | |
42 | depends on FS_VERITY | |
43 | select SYSTEM_DATA_VERIFICATION | |
44 | help | |
45 | Support verifying signatures of verity files against the X.509 | |
46 | certificates that have been loaded into the ".fs-verity" | |
47 | kernel keyring. | |
48 | ||
49 | This is meant as a relatively simple mechanism that can be | |
50 | used to provide an authenticity guarantee for verity files, as | |
51 | an alternative to IMA appraisal. Userspace programs still | |
52 | need to check that the verity bit is set in order to get an | |
53 | authenticity guarantee. | |
54 | ||
55 | If unsure, say N. |