Lines Matching refs:t

58 time it's paged in.  This ensures that malicious disk firmware can't
173 - ``EKEYREJECTED``: the builtin signature doesn't match the file
175 - ``ENOKEY``: the ".fs-verity" keyring doesn't contain the certificate
244 if the client doesn't trust the server and if the server needs to
247 This is a fairly specialized use case, and most fs-verity users won't
288 The metadata returned by FS_IOC_READ_VERITY_METADATA isn't guaranteed
303   FS_VERITY_METADATA_TYPE_SIGNATURE was requested but the file doesn't
314 The existing ioctl FS_IOC_GETFLAGS (which isn't specific to fs-verity)
326 FS_IOC_GETFLAGS and FS_IOC_MEASURE_VERITY because it doesn't require
350 - Reads of data that doesn't match the verity Merkle tree will fail
417 can't a distinguish a large file from a small second file whose data
579 and (b) pages fully beyond i_size aren't visible to userspace but can
605 which usually wouldn't be enough for even a single Merkle tree block.
607 f2fs doesn't support enabling verity on files that currently have
724 weren't already directly answered in other parts of this document.
726 :Q: Why isn't fs-verity part of IMA?
737     doesn't make sense to force all uses of fs-verity to be through
742 :Q: Isn't fs-verity useless because the attacker can just modify the
748 :Q: Isn't fs-verity useless because the attacker can just replace a
755 :Q: Why does the Merkle tree need to be stored on-disk?  Couldn't you
757 :A: If the Merkle tree wasn't stored on-disk, then you'd have to
763     node isn't stored on-disk, you have to compute it by hashing its
774     hash page gets evicted (you can't pin the entire Merkle tree into
780 :Q: But couldn't you store just the leaf nodes and compute the rest?
793 :A: This isn't currently supported.  It was part of the original
795     wasn't a critical use case.  Files are usually installed once and
799 :Q: Why doesn't fs-verity support writes?
820     but is slow, is much more complex, and doesn't actually support
822     independently, i.e. there is no "root hash".  It doesn't really
826 :Q: Since verity files are immutable, why isn't the immutable bit set?
832     bit isn't appropriate.
851 :Q: Why is anything filesystem-specific at all?  Shouldn't fs-verity
864       the verity metadata.  Extended attributes don't work for this
867       filesystem block, and (b) ext4 and f2fs encryption doesn't