Originally posted by doublez13
View Post
-
dm-verity authenticates a whole block device including all filesystem metadata, while fs-verity only authenticates individual files. dm-verity is generally the better option for read-only filesystems, but it can't be used on writable filesystems. -
Also, fs-verity is not intended to replace dm-verity in Android, but rather be used to verify important files on the userdata partition where dm-verity cannot be used.Leave a comment:
-
To clarify, the "v3" patches you linked to in my git repository are work-in-progress and haven't been sent out for review yet. We need consensus on the API to move forward; see this LWN article and the latest API proposal.Leave a comment:
-
FS-VERITY Updated For Read-Only, File-Based Authenticity Protection On EXT4/F2FS
Phoronix: FS-VERITY Updated For Read-Only, File-Based Authenticity Protection On EXT4/F2FS
Since November we haven't heard much about Google's effort around FS-VERITY as transparent integrity / authenticity support for read-only files on a writable file-system. Fortunately, the effort didn't stop and new patches are pending for this implementation that complements DM-VERITY...
http://www.phoronix.com/scan.php?pag...e-Authenticity
Leave a comment: