Google's FS-VERITY File Authentication Called For Inclusion In Linux 5.4 Kernel
Written by Michael Larabel in Google on 16 September 2019 at 07:37 AM EDT. Add A Comment
GOOGLE --
Linux kernel engineer Eric Biggers of Google has sent in a pull request adding FS-VERITY support to the Linux 5.4 but it remains to be seen if Linus Torvalds is content with pulling the code at this stage.

FS-VERITY is the code Google has been working on for a while now in the context of Android. The focus is on providing transparent integrity/authenticity support for read-only files on an otherwise writable file-system. See this presentation to learn more on this file-based authenticity protection.

FS-VERITY is brought to the kernel as a new framework akin to fscrypt for file-encryption. With the patches sought for inclusion in Linux 5.4, this support is wired through to the EXT4 and F2FS file-systems.
fs-verity is a filesystem feature that provides Merkle tree based hashing (similar to dm-verity) for individual readonly files, mainly for the purpose of efficient authenticity verification.
...
Compared to the original fs-verity patchset from last year, the UAPI to enable fs-verity on a file has been greatly simplified. Lots of other things were cleaned up too.

fs-verity is planned to be used by two different projects on Android; most of the userspace code is in place already. Another userspace tool ("fsverity-utils"), and xfstests, are also available. e2fsprogs and f2fs-tools already have fs-verity support. Other people have shown interest in using fs-verity too.

More details in the pending pull request.
Related News
About The Author
Author picture

Michael Larabel is the principal author of Phoronix.com and founded the site in 2004 with a focus on enriching the Linux hardware experience. Michael has written more than 20,000 articles covering the state of Linux hardware support, Linux performance, graphics drivers, and other topics. Michael is also the lead developer of the Phoronix Test Suite, Phoromatic, and OpenBenchmarking.org automated benchmarking software. He can be followed via Twitter or contacted via MichaelLarabel.com.

Popular News This Week