Google Volleys Latest FS-VERITY Code For Transparent Integrity/Authenticity Of Files
Written by Michael Larabel in Google on 2 November 2018 at 07:17 AM EDT. 2 Comments
GOOGLE --
One of the new Linux kernel features Google engineers have been working on is fs-verity for read-only file-based authenticity protection. Fs-verity is similar to dm-verity with a similar aim but is designed to work on a per-file basis for read-write file-systems rather than at the block level.

Fs-verity supports transparent integrity and authenticity protection of read-only file-systems. User-space appends a Merkle hash tree to a file and an ioctl allows enabling fs-verity on the per-file basis. All reads are then verified against the hash file and only allowed through if the verification passes.

Fs-verity consists of common kernel code but also requires some hooks into specific file-systems. For now Google is enabling this support for the EXT4 and F2FS file-systems but extending it to other Linux file-systems shouldn't be much of a challenge.

More details on this read-only file protection/verification can be found via the v2 patch series sent out this week. The code isn't being queued for Linux 4.20~5.0 but is an interesting feature likely coming to a future kernel release with Google planning to use fs-verity for Android devices.

About The Author
Author picture

Michael Larabel is the principal author of Phoronix.com and founded the site in 2004 with a focus on enriching the Linux hardware experience. Michael has written more than 10,000 articles covering the state of Linux hardware support, Linux performance, graphics drivers, and other topics. Michael is also the lead developer of the Phoronix Test Suite, Phoromatic, and OpenBenchmarking.org automated benchmarking software. He can be followed via Twitter or contacted via MichaelLarabel.com.

Related Google News
Popular News This Week