FS-VERITY Updated For Read-Only, File-Based Authenticity Protection On EXT4/F2FS
Written by Michael Larabel in Linux Storage on 19 February 2019 at 12:03 AM EST. 4 Comments
LINUX STORAGE --
Since November we haven't heard much about Google's effort around FS-VERITY as transparent integrity / authenticity support for read-only files on a writable file-system. Fortunately, the effort didn't stop and new patches are pending for this implementation that complements DM-VERITY.

FS-VERITY offers read-only, file-based authenticity protection on a per-file basis that can reside on a read-write file-system, like DM-VERITY being at the block level. FS-VERITY is being implemented as its own framework akin to fs-crypt for file-system encryption. The initial Linux file-systems that Google cares about for hooking into FS-VERITY are EXT4 and F2FS, both of which are used by Android devices.

More details on the current FS-VERITY implementation are outlined in this cover letter while the patches under review can be found via this fsverity branch.


Embedded above is a video about FS-VERITY from the Linux Security Summit in 2018. Android currently makes use of DM-VERITY for verifying its system image but in the future, fs-verity could potentially replace it as well as extending the file authenticity support on the mobile operating system.
About The Author
Author picture

Michael Larabel is the principal author of Phoronix.com and founded the site in 2004 with a focus on enriching the Linux hardware experience. Michael has written more than 10,000 articles covering the state of Linux hardware support, Linux performance, graphics drivers, and other topics. Michael is also the lead developer of the Phoronix Test Suite, Phoromatic, and OpenBenchmarking.org automated benchmarking software. He can be followed via Twitter or contacted via MichaelLarabel.com.

Related Linux Storage News
Popular News This Week