Home
last modified time | relevance | path

Searched refs:verity (Results 1 – 20 of 20) sorted by relevance

/linux/Documentation/filesystems/ext4/
H A Dverity.rst6 ext4 supports fs-verity, which is a filesystem feature that provides
8 fs-verity is common to all filesystems that support it; see
10 fs-verity documentation. However, the on-disk layout of the verity
11 metadata is filesystem-specific. On ext4, the verity metadata is
25 - The verity descriptor, as documented in
32 - The size of the verity descriptor in bytes, as a 4-byte little
37 They can have EXT4_ENCRYPT_FL set, in which case the verity metadata
40 Verity files cannot have blocks allocated past the end of the verity
/linux/fs/verity/
H A DKconfig12 This option enables fs-verity. fs-verity is the dm-verity
15 use an ioctl to enable verity for a file, which causes the
27 fs-verity is especially useful on large files where not all
28 the contents may actually be needed. Also, fs-verity verifies
40 fs-verity builtin signatures.
43 the only way to do signatures with fs-verity, and the
/linux/Documentation/admin-guide/device-mapper/
H A Ddm-init.rst32 <target_type> ::= "verity" | "linear" | ... (see list below)
61 `verity` allowed
85 dm-verity,,3,ro,
86 0 1638400 verity 1 /dev/sdc1 /dev/sdc2 4096 4096 204800 1 sha256
120 "verity"::
122 dm-verity,,4,ro,
123 0 1638400 verity 1 8:1 8:2 4096 4096 204800 1 sha256
H A Ddm-ima.rst15 target types like crypt, verity, integrity etc. Each of these target
338 #. verity
673 10. verity
676 section above) has the following data format for 'verity' target.
685 target_name := "target_name=verity"
704 When a 'verity' target is loaded, then IMA ASCII measurement log will have an entry
705 similar to the following, depicting what 'verity' attributes are measured in EVENT_DATA
710 name=test-verity,uuid=,major=253,minor=2,minor_count=1,num_targets=1;
711 …target_index=0,target_begin=0,target_len=1953120,target_name=verity,target_version=1.8.0,hash_fail…
/linux/Documentation/translations/zh_CN/security/
H A Dipe.rst53 如果对由dm-verity保护的文件系统进行了离线挂载,校验
57 verity同样提供了对抗恶意块设备的额外保护。在这样的
60 错误将报告攻击者的有效载荷。由于dm-verity会在页面错
66 * dm-verity在块被读取时按需提供完整性验证,而不需要将整
/linux/Documentation/admin-guide/LSM/
H A Dipe.rst34 a file's origin, such as dm-verity or fs-verity, which provide a layer of
36 that trust files from a dm-verity protected device. dm-verity ensures the
38 of its contents. Similarly, fs-verity offers filesystem-level integrity
40 fs-verity. These two features cannot be turned off once established, so
50 property. The latter includes checking the roothash of a dm-verity
51 protected device, determining whether dm-verity possesses a valid
52 signature, assessing the digest of a fs-verity protected file, or
53 determining whether fs-verity possesses a valid built-in signature. This
648 specific dm-verity volumes, identified via their root hashes. It has a
673 This property can be utilized for authorization of all dm-verity
[all …]
H A DLoadPin.rst8 such as dm-verity or CDROM. This allows systems that have a verified
/linux/Documentation/translations/zh_CN/filesystems/
H A Dubifs-authentication.rst33 dm-verity 子系统[DM-INTEGRITY, DM-VERITY]在块层实现完整数据认证,这些
350 [DM-VERITY] https://www.kernel.org/doc/Documentation/device-mapper/verity.rst
/linux/fs/f2fs/
H A DMakefile10 f2fs-$(CONFIG_FS_VERITY) += verity.o
/linux/fs/ext4/
H A DMakefile20 ext4-$(CONFIG_FS_VERITY) += verity.o
H A Dsysfs.c361 EXT4_ATTR_FEATURE(verity);
384 ATTR_LIST(verity),
H A Dinode.c1449 bool verity = ext4_verity_in_progress(inode); in ext4_write_end() local
1466 if (!verity) in ext4_write_end()
1471 if (old_size < pos && !verity) in ext4_write_end()
1483 if (pos + len > inode->i_size && !verity && ext4_can_truncate(inode)) in ext4_write_end()
1494 if (pos + len > inode->i_size && !verity) { in ext4_write_end()
1555 bool verity = ext4_verity_in_progress(inode); in ext4_journalled_write_end() local
1582 if (!verity) in ext4_journalled_write_end()
1588 if (old_size < pos && !verity) in ext4_journalled_write_end()
1597 if (pos + len > inode->i_size && !verity && ext4_can_truncate(inode)) in ext4_journalled_write_end()
1607 if (pos + len > inode->i_size && !verity) { in ext4_journalled_write_end()
H A Dext4.h2206 EXT4_FEATURE_RO_COMPAT_FUNCS(verity, VERITY) in EXT4_FEATURE_COMPAT_FUNCS()
/linux/Documentation/filesystems/
H A Doverlayfs.rst481 fs-verity support
485 fs-verity enabled and overlay verity support is enabled, then the
490 When a layer containing verity xattrs is used, it means that any such
496 digest check, or from a later read due to fs-verity) and a detailed
497 error is printed to the kernel logs. For more details of how fs-verity
504 layer is fully trusted (by using dm-verity or something similar), then
511 This feature is controlled by the "verity" mount option, which
516 default if verity option is not specified.
520 generating a metacopy file the verity digest will be set in it
525 will only be used if the data file has fs-verity enabled,
/linux/Documentation/security/
H A DIMA-templates.rst70 - 'd-ngv2': same as d-ng, but prefixed with the "ima" or "verity" digest type
/linux/Documentation/userspace-api/
H A Dcheck_exec.rst131 dm-verity/IPE) but where access rights might not be ready yet. Indeed,
/linux/fs/btrfs/
H A Dsysfs.c306 BTRFS_FEAT_ATTR_COMPAT_RO(verity, VERITY);
339 BTRFS_FEAT_ATTR_PTR(verity),
/linux/Documentation/
H A D.renames.txt183 device-mapper/verity admin-guide/device-mapper/verity
/linux/Documentation/admin-guide/
H A Dkernel-parameters.txt1374 [KNL] When set to 1, leave the dm-verity keyring
/linux/
H A DMAINTAINERS10539 F: fs/verity/