fsverity.rst - OpenGrok cross reference for /linux/Documentation/filesystems/fsverity.rst

Lines Matching full:signature
80   verifying a signature of it using any userspace cryptographic
86   signature in their "security.ima" extended attribute, as controlled
95   files with a verified fs-verity's built-in signature. For
99 - Trusted userspace code in combination with `Built-in signature
142 - ``sig_size`` is the size of the builtin signature in bytes, or 0 if no
143   builtin signature is provided.  Currently the builtin signature is
145 - ``sig_ptr``  is the pointer to the builtin signature, or NULL if no
146   builtin signature is provided.  A builtin signature is only needed
147   if the `Built-in signature verification`_ feature is being used.  It
149   signature is being handled entirely in userspace.
173 - ``EBADMSG``: the builtin signature is malformed
183 - ``EKEYREJECTED``: the builtin signature doesn't match the file
184 - ``EMSGSIZE``: the salt or builtin signature is too long
186   needed to verify the builtin signature
194 - ``EPERM``: the file is append-only; or, a builtin signature is
290 - ``FS_VERITY_METADATA_TYPE_SIGNATURE`` reads the builtin signature
292   signature verification`_.
319   have a builtin signature
370   opening the file will fail.  See `Built-in signature verification`_.
452 Built-in signature verification
460 alternatives (such as userspace signature verification, and IMA
471    detached signature in DER format of the file's fs-verity digest.
472    On success, the ioctl persists the signature alongside the Merkle
474    file's actual digest against this signature, using the certificates
476    file's signature exists, regardless of the state of the sysctl variable
479    that contain a verified built-in fsverity signature.
485 The data that the signature as described in (2) must be a signature of
501 - Builtin signature verification does *not* make the kernel enforce
506   signature before they are accessed.  (With
509   could just store the signature alongside the file and verify it
512 - Another approach is to utilize fs-verity builtin signature
515   files with a verified fs-verity builtin signature to perform certain
521 - A file's builtin signature can only be set at the same time that
523   builtin signature later requires re-creating the file.
525 - Builtin signature verification uses the same set of public keys for
534 - Builtin signature verification can only use signature algorithms
536   yet support Ed25519, even though this is often the signature