xref: /linux/fs/verity/Kconfig (revision 0889d07f3e4b171c453b2aaf2b257f9074cdf624)
1# SPDX-License-Identifier: GPL-2.0
2
3config FS_VERITY
4	bool "FS Verity (read-only file-based authenticity protection)"
5	select CRYPTO
6	# SHA-256 is selected as it's intended to be the default hash algorithm.
7	# To avoid bloat, other wanted algorithms must be selected explicitly.
8	select CRYPTO_SHA256
9	help
10	  This option enables fs-verity.  fs-verity is the dm-verity
11	  mechanism implemented at the file level.  On supported
12	  filesystems (currently EXT4 and F2FS), userspace can use an
13	  ioctl to enable verity for a file, which causes the filesystem
14	  to build a Merkle tree for the file.  The filesystem will then
15	  transparently verify any data read from the file against the
16	  Merkle tree.  The file is also made read-only.
17
18	  This serves as an integrity check, but the availability of the
19	  Merkle tree root hash also allows efficiently supporting
20	  various use cases where normally the whole file would need to
21	  be hashed at once, such as: (a) auditing (logging the file's
22	  hash), or (b) authenticity verification (comparing the hash
23	  against a known good value, e.g. from a digital signature).
24
25	  fs-verity is especially useful on large files where not all
26	  the contents may actually be needed.  Also, fs-verity verifies
27	  data each time it is paged back in, which provides better
28	  protection against malicious disks vs. an ahead-of-time hash.
29
30	  If unsure, say N.
31
32config FS_VERITY_DEBUG
33	bool "FS Verity debugging"
34	depends on FS_VERITY
35	help
36	  Enable debugging messages related to fs-verity by default.
37
38	  Say N unless you are an fs-verity developer.
39
40config FS_VERITY_BUILTIN_SIGNATURES
41	bool "FS Verity builtin signature support"
42	depends on FS_VERITY
43	select SYSTEM_DATA_VERIFICATION
44	help
45	  Support verifying signatures of verity files against the X.509
46	  certificates that have been loaded into the ".fs-verity"
47	  kernel keyring.
48
49	  This is meant as a relatively simple mechanism that can be
50	  used to provide an authenticity guarantee for verity files, as
51	  an alternative to IMA appraisal.  Userspace programs still
52	  need to check that the verity bit is set in order to get an
53	  authenticity guarantee.
54
55	  If unsure, say N.
56