XFS Support For FS-VERITY Moves Closer To Mainline

Among the early pull requests for the now-open Linux 6.5 merge window is the FS-VERITY pull for that support layer enabling file-systems to leverage transparent integrity and authenticity protections fr read-only files. The FS-VERITY updates for Linux 6.5 are helping to ease the upcoming XFS file-system support.

The FS-VERITY authenticity protection for read-only files has supported EXT4, Btrfs, and F2FS while XFS has been the notable prominent file-system not supported. For months there have been patches for enabling XFS support with FS-VERITY and it looks like that work could finally reach mainline soon.

Eric Biggers of Google sent in the FS-VERITY updates for the Linux 6.5 merge window and they include a change to the hashing API usage to help with the XFS support. All FS-VERITY hashing is now being done with the shash API rather than ahash, in order to simplify the code and lower the API overhead while making "things slightly easier for XFS's upcoming support."

While things makes things easier and will help with the XFS support, the API switch does mean that off-CPU hashing acceleration is no longer supported for FS-VERITY but wasn't known to be used or to have a complete implementation.

The pull request of FS-VERITY changes for Linux 6.5 also include documentation updates and other changes. This kernel code is intended to be used for use-cases around trusted computing, Integrity Measurement Architecture (IMA), and similar purposes. Those unfamiliar with FS-VERITY can learn more via the kernel.org documentation for this feature that was introduced to mainline several years ago.