Google Volleys Latest FS-VERITY Code For Transparent Integrity/Authenticity Of Files
Written by Michael Larabel in Google on 2 November 2018 at 07:17 AM EDT. 2 Comments
One of the new Linux kernel features Google engineers have been working on is fs-verity for read-only file-based authenticity protection. Fs-verity is similar to dm-verity with a similar aim but is designed to work on a per-file basis for read-write file-systems rather than at the block level.

Fs-verity supports transparent integrity and authenticity protection of read-only file-systems. User-space appends a Merkle hash tree to a file and an ioctl allows enabling fs-verity on the per-file basis. All reads are then verified against the hash file and only allowed through if the verification passes.

Fs-verity consists of common kernel code but also requires some hooks into specific file-systems. For now Google is enabling this support for the EXT4 and F2FS file-systems but extending it to other Linux file-systems shouldn't be much of a challenge.

More details on this read-only file protection/verification can be found via the v2 patch series sent out this week. The code isn't being queued for Linux 4.20~5.0 but is an interesting feature likely coming to a future kernel release with Google planning to use fs-verity for Android devices.
Related News
About The Author
Author picture

Michael Larabel is the principal author of and founded the site in 2004 with a focus on enriching the Linux hardware experience. Michael has written more than 20,000 articles covering the state of Linux hardware support, Linux performance, graphics drivers, and other topics. Michael is also the lead developer of the Phoronix Test Suite, Phoromatic, and automated benchmarking software. He can be followed via Twitter or contacted via

Popular News This Week