fsverity.rst - OpenGrok cross reference for /linux/Documentation/filesystems/fsverity.rst

Lines Matching full:signature
80   verifying a signature of it using any userspace cryptographic
86   signature in their "security.ima" extended attribute, as controlled
95   files with a verified fs-verity's built-in signature. For
99 - Trusted userspace code in combination with `Built-in signature
142 - ``sig_size`` is the size of the builtin signature in bytes, or 0 if no
143   builtin signature is provided.  Currently the builtin signature is
145 - ``sig_ptr``  is the pointer to the builtin signature, or NULL if no
146   builtin signature is provided.  A builtin signature is only needed
147   if the `Built-in signature verification`_ feature is being used.  It
149   signature is being handled entirely in userspace.
173 - ``EBADMSG``: the builtin signature is malformed
183 - ``EKEYREJECTED``: the builtin signature doesn't match the file
184 - ``EMSGSIZE``: the salt or builtin signature is too long
186   needed to verify the builtin signature
195 - ``EPERM``: the file is append-only; or, a builtin signature is
285 - ``FS_VERITY_METADATA_TYPE_SIGNATURE`` reads the builtin signature
287   signature verification`_.
314   have a builtin signature
365   opening the file will fail.  See `Built-in signature verification`_.
447 Built-in signature verification
455 alternatives (such as userspace signature verification, and IMA
466    detached signature in DER format of the file's fs-verity digest.
467    On success, the ioctl persists the signature alongside the Merkle
469    file's actual digest against this signature, using the certificates
471    file's signature exists, regardless of the state of the sysctl variable
474    that contain a verified built-in fsverity signature.
480 The data that the signature as described in (2) must be a signature of
496 - Builtin signature verification does *not* make the kernel enforce
501   signature before they are accessed.  (With
504   could just store the signature alongside the file and verify it
507 - Another approach is to utilize fs-verity builtin signature
510   files with a verified fs-verity builtin signature to perform certain
516 - A file's builtin signature can only be set at the same time that
518   builtin signature later requires re-creating the file.
520 - Builtin signature verification uses the same set of public keys for
529 - Builtin signature verification can only use signature algorithms
531   yet support Ed25519, even though this is often the signature