[mirror_ubuntu-jammy-kernel.git] / fs / verity / Kconfig

# SPDX-License-Identifier: GPL-2.0

config FS_VERITY
	bool "FS Verity (read-only file-based authenticity protection)"
	select CRYPTO
	# SHA-256 is selected as it's intended to be the default hash algorithm.
	# To avoid bloat, other wanted algorithms must be selected explicitly.
	select CRYPTO_SHA256
	help
	  This option enables fs-verity.  fs-verity is the dm-verity
	  mechanism implemented at the file level.  On supported
	  filesystems (currently EXT4 and F2FS), userspace can use an
	  ioctl to enable verity for a file, which causes the filesystem
	  to build a Merkle tree for the file.  The filesystem will then
	  transparently verify any data read from the file against the
	  Merkle tree.  The file is also made read-only.

	  This serves as an integrity check, but the availability of the
	  Merkle tree root hash also allows efficiently supporting
	  various use cases where normally the whole file would need to
	  be hashed at once, such as: (a) auditing (logging the file's
	  hash), or (b) authenticity verification (comparing the hash
	  against a known good value, e.g. from a digital signature).

	  fs-verity is especially useful on large files where not all
	  the contents may actually be needed.  Also, fs-verity verifies
	  data each time it is paged back in, which provides better
	  protection against malicious disks vs. an ahead-of-time hash.

	  If unsure, say N.

config FS_VERITY_DEBUG
	bool "FS Verity debugging"
	depends on FS_VERITY
	help
	  Enable debugging messages related to fs-verity by default.

	  Say N unless you are an fs-verity developer.

config FS_VERITY_BUILTIN_SIGNATURES
	bool "FS Verity builtin signature support"
	depends on FS_VERITY
	select SYSTEM_DATA_VERIFICATION
	help
	  Support verifying signatures of verity files against the X.509
	  certificates that have been loaded into the ".fs-verity"
	  kernel keyring.

	  This is meant as a relatively simple mechanism that can be
	  used to provide an authenticity guarantee for verity files, as
	  an alternative to IMA appraisal.  Userspace programs still
	  need to check that the verity bit is set in order to get an
	  authenticity guarantee.

	  If unsure, say N.
Commit	Line	Data
671e67b4 EB	1	# SPDX-License-Identifier: GPL-2.0
	2
	3	config FS_VERITY
	4	bool "FS Verity (read-only file-based authenticity protection)"
	5	select CRYPTO
	6	# SHA-256 is selected as it's intended to be the default hash algorithm.
	7	# To avoid bloat, other wanted algorithms must be selected explicitly.
	8	select CRYPTO_SHA256
	9	help
	10	This option enables fs-verity. fs-verity is the dm-verity
	11	mechanism implemented at the file level. On supported
	12	filesystems (currently EXT4 and F2FS), userspace can use an
	13	ioctl to enable verity for a file, which causes the filesystem
	14	to build a Merkle tree for the file. The filesystem will then
	15	transparently verify any data read from the file against the
	16	Merkle tree. The file is also made read-only.
	17
	18	This serves as an integrity check, but the availability of the
	19	Merkle tree root hash also allows efficiently supporting
	20	various use cases where normally the whole file would need to
	21	be hashed at once, such as: (a) auditing (logging the file's
	22	hash), or (b) authenticity verification (comparing the hash
	23	against a known good value, e.g. from a digital signature).
	24
	25	fs-verity is especially useful on large files where not all
	26	the contents may actually be needed. Also, fs-verity verifies
	27	data each time it is paged back in, which provides better
	28	protection against malicious disks vs. an ahead-of-time hash.
	29
	30	If unsure, say N.
	31
	32	config FS_VERITY_DEBUG
	33	bool "FS Verity debugging"
	34	depends on FS_VERITY
	35	help
	36	Enable debugging messages related to fs-verity by default.
	37
	38	Say N unless you are an fs-verity developer.
432434c9 EB	39
	40	config FS_VERITY_BUILTIN_SIGNATURES
	41	bool "FS Verity builtin signature support"
	42	depends on FS_VERITY
	43	select SYSTEM_DATA_VERIFICATION
	44	help
	45	Support verifying signatures of verity files against the X.509
	46	certificates that have been loaded into the ".fs-verity"
	47	kernel keyring.
	48
	49	This is meant as a relatively simple mechanism that can be
	50	used to provide an authenticity guarantee for verity files, as
	51	an alternative to IMA appraisal. Userspace programs still
	52	need to check that the verity bit is set in order to get an
	53	authenticity guarantee.
	54
	55	If unsure, say N.