Announcement

Collapse
No announcement yet.

FS-VERITY Updated For Read-Only, File-Based Authenticity Protection On EXT4/F2FS

Collapse
X
 
  • Filter
  • Time
  • Show
Clear All
new posts

  • FS-VERITY Updated For Read-Only, File-Based Authenticity Protection On EXT4/F2FS

    Phoronix: FS-VERITY Updated For Read-Only, File-Based Authenticity Protection On EXT4/F2FS

    Since November we haven't heard much about Google's effort around FS-VERITY as transparent integrity / authenticity support for read-only files on a writable file-system. Fortunately, the effort didn't stop and new patches are pending for this implementation that complements DM-VERITY...

    Phoronix, Linux Hardware Reviews, Linux hardware benchmarks, Linux server benchmarks, Linux benchmarking, Desktop Linux, Linux performance, Open Source graphics, Linux How To, Ubuntu benchmarks, Ubuntu hardware, Phoronix Test Suite

  • #2
    To clarify, the "v3" patches you linked to in my git repository are work-in-progress and haven't been sent out for review yet. We need consensus on the API to move forward; see this LWN article and the latest API proposal.

    Comment


    • #3
      Also, fs-verity is not intended to replace dm-verity in Android, but rather be used to verify important files on the userdata partition where dm-verity cannot be used.

      Comment


      • #4
        Originally posted by ebiggers View Post
        Also, fs-verity is not intended to replace dm-verity in Android, but rather be used to verify important files on the userdata partition where dm-verity cannot be used.
        What use cases does dm-verify have that fs-verify couldn't fulfill?

        Comment


        • #5
          Originally posted by doublez13 View Post

          What use cases does dm-verify have that fs-verify couldn't fulfill?
          dm-verity authenticates a whole block device including all filesystem metadata, while fs-verity only authenticates individual files. dm-verity is generally the better option for read-only filesystems, but it can't be used on writable filesystems.

          Comment

          Working...
          X