| fsverity.rst (728d90bdc9e480dc93913e59a0aa3c896c7aa697) | fsverity.rst (c0d782a3ccdc614210f6c604e82e48fda3c7a4ca) |
|---|---|
| 1.. SPDX-License-Identifier: GPL-2.0 2 3.. _fsverity: 4 5======================================================= 6fs-verity: read-only file-based authenticity protection 7======================================================= 8 --- 384 unchanged lines hidden (view full) --- 393location, including the Merkle tree blocks and 394``fsverity_descriptor``. Filesystems must also call functions in 395``fs/verity/`` at certain times, such as when a file is opened or when 396pages have been read into the pagecache. (See `Verifying data`_.) 397 398ext4 399---- 400 | 1.. SPDX-License-Identifier: GPL-2.0 2 3.. _fsverity: 4 5======================================================= 6fs-verity: read-only file-based authenticity protection 7======================================================= 8 --- 384 unchanged lines hidden (view full) --- 393location, including the Merkle tree blocks and 394``fsverity_descriptor``. Filesystems must also call functions in 395``fs/verity/`` at certain times, such as when a file is opened or when 396pages have been read into the pagecache. (See `Verifying data`_.) 397 398ext4 399---- 400 |
| 401ext4 supports fs-verity since Linux TODO and e2fsprogs v1.45.2. | 401ext4 supports fs-verity since Linux v5.4 and e2fsprogs v1.45.2. |
| 402 403To create verity files on an ext4 filesystem, the filesystem must have 404been formatted with ``-O verity`` or had ``tune2fs -O verity`` run on 405it. "verity" is an RO_COMPAT filesystem feature, so once set, old 406kernels will only be able to mount the filesystem readonly, and old 407versions of e2fsck will be unable to check the filesystem. Moreover, 408currently ext4 only supports mounting a filesystem with the "verity" 409feature when its block size is equal to PAGE_SIZE (often 4096 bytes). --- 19 unchanged lines hidden (view full) --- 429 430Currently, ext4 verity only supports the case where the Merkle tree 431block size, filesystem block size, and page size are all the same. It 432also only supports extent-based files. 433 434f2fs 435---- 436 | 402 403To create verity files on an ext4 filesystem, the filesystem must have 404been formatted with ``-O verity`` or had ``tune2fs -O verity`` run on 405it. "verity" is an RO_COMPAT filesystem feature, so once set, old 406kernels will only be able to mount the filesystem readonly, and old 407versions of e2fsck will be unable to check the filesystem. Moreover, 408currently ext4 only supports mounting a filesystem with the "verity" 409feature when its block size is equal to PAGE_SIZE (often 4096 bytes). --- 19 unchanged lines hidden (view full) --- 429 430Currently, ext4 verity only supports the case where the Merkle tree 431block size, filesystem block size, and page size are all the same. It 432also only supports extent-based files. 433 434f2fs 435---- 436 |
| 437f2fs supports fs-verity since Linux TODO and f2fs-tools v1.11.0. | 437f2fs supports fs-verity since Linux v5.4 and f2fs-tools v1.11.0. |
| 438 439To create verity files on an f2fs filesystem, the filesystem must have 440been formatted with ``-O verity``. 441 442f2fs sets the FADVISE_VERITY_BIT on-disk inode flag on verity files. 443It can only be set by `FS_IOC_ENABLE_VERITY`_, and it cannot be 444cleared. 445 --- 281 unchanged lines hidden --- | 438 439To create verity files on an f2fs filesystem, the filesystem must have 440been formatted with ``-O verity``. 441 442f2fs sets the FADVISE_VERITY_BIT on-disk inode flag on verity files. 443It can only be set by `FS_IOC_ENABLE_VERITY`_, and it cannot be 444cleared. 445 --- 281 unchanged lines hidden --- |