1671e67b4SEric Biggers# SPDX-License-Identifier: GPL-2.0 2671e67b4SEric Biggers 3671e67b4SEric Biggersconfig FS_VERITY 4671e67b4SEric Biggers bool "FS Verity (read-only file-based authenticity protection)" 5671e67b4SEric Biggers select CRYPTO 6246d9216SMimi Zohar select CRYPTO_HASH_INFO 7e3a606f2SArd Biesheuvel # SHA-256 is implied as it's intended to be the default hash algorithm. 8671e67b4SEric Biggers # To avoid bloat, other wanted algorithms must be selected explicitly. 9e3a606f2SArd Biesheuvel # Note that CRYPTO_SHA256 denotes the generic C implementation, but 10e3a606f2SArd Biesheuvel # some architectures provided optimized implementations of the same 11e3a606f2SArd Biesheuvel # algorithm that may be used instead. In this case, CRYPTO_SHA256 may 12e3a606f2SArd Biesheuvel # be omitted even if SHA-256 is being used. 13e3a606f2SArd Biesheuvel imply CRYPTO_SHA256 14671e67b4SEric Biggers help 15671e67b4SEric Biggers This option enables fs-verity. fs-verity is the dm-verity 16671e67b4SEric Biggers mechanism implemented at the file level. On supported 178da572c5SEric Biggers filesystems (currently ext4, f2fs, and btrfs), userspace can 188da572c5SEric Biggers use an ioctl to enable verity for a file, which causes the 198da572c5SEric Biggers filesystem to build a Merkle tree for the file. The filesystem 208da572c5SEric Biggers will then transparently verify any data read from the file 218da572c5SEric Biggers against the Merkle tree. The file is also made read-only. 22671e67b4SEric Biggers 23671e67b4SEric Biggers This serves as an integrity check, but the availability of the 24671e67b4SEric Biggers Merkle tree root hash also allows efficiently supporting 25671e67b4SEric Biggers various use cases where normally the whole file would need to 26671e67b4SEric Biggers be hashed at once, such as: (a) auditing (logging the file's 27671e67b4SEric Biggers hash), or (b) authenticity verification (comparing the hash 28671e67b4SEric Biggers against a known good value, e.g. from a digital signature). 29671e67b4SEric Biggers 30671e67b4SEric Biggers fs-verity is especially useful on large files where not all 31671e67b4SEric Biggers the contents may actually be needed. Also, fs-verity verifies 32671e67b4SEric Biggers data each time it is paged back in, which provides better 33671e67b4SEric Biggers protection against malicious disks vs. an ahead-of-time hash. 34671e67b4SEric Biggers 35671e67b4SEric Biggers If unsure, say N. 36671e67b4SEric Biggers 37432434c9SEric Biggersconfig FS_VERITY_BUILTIN_SIGNATURES 38432434c9SEric Biggers bool "FS Verity builtin signature support" 39432434c9SEric Biggers depends on FS_VERITY 40432434c9SEric Biggers select SYSTEM_DATA_VERIFICATION 41432434c9SEric Biggers help 42*672d6ef4SEric Biggers This option adds support for in-kernel verification of 43*672d6ef4SEric Biggers fs-verity builtin signatures. 44432434c9SEric Biggers 45*672d6ef4SEric Biggers Please take great care before using this feature. It is not 46*672d6ef4SEric Biggers the only way to do signatures with fs-verity, and the 47*672d6ef4SEric Biggers alternatives (such as userspace signature verification, and 48*672d6ef4SEric Biggers IMA appraisal) can be much better. For details about the 49*672d6ef4SEric Biggers limitations of this feature, see 50*672d6ef4SEric Biggers Documentation/filesystems/fsverity.rst. 51432434c9SEric Biggers 52432434c9SEric Biggers If unsure, say N. 53