1671e67b4SEric Biggers# SPDX-License-Identifier: GPL-2.0 2671e67b4SEric Biggers 3671e67b4SEric Biggersconfig FS_VERITY 4671e67b4SEric Biggers bool "FS Verity (read-only file-based authenticity protection)" 5671e67b4SEric Biggers select CRYPTO 6671e67b4SEric Biggers # SHA-256 is selected as it's intended to be the default hash algorithm. 7671e67b4SEric Biggers # To avoid bloat, other wanted algorithms must be selected explicitly. 8671e67b4SEric Biggers select CRYPTO_SHA256 9671e67b4SEric Biggers help 10671e67b4SEric Biggers This option enables fs-verity. fs-verity is the dm-verity 11671e67b4SEric Biggers mechanism implemented at the file level. On supported 12671e67b4SEric Biggers filesystems (currently EXT4 and F2FS), userspace can use an 13671e67b4SEric Biggers ioctl to enable verity for a file, which causes the filesystem 14671e67b4SEric Biggers to build a Merkle tree for the file. The filesystem will then 15671e67b4SEric Biggers transparently verify any data read from the file against the 16671e67b4SEric Biggers Merkle tree. The file is also made read-only. 17671e67b4SEric Biggers 18671e67b4SEric Biggers This serves as an integrity check, but the availability of the 19671e67b4SEric Biggers Merkle tree root hash also allows efficiently supporting 20671e67b4SEric Biggers various use cases where normally the whole file would need to 21671e67b4SEric Biggers be hashed at once, such as: (a) auditing (logging the file's 22671e67b4SEric Biggers hash), or (b) authenticity verification (comparing the hash 23671e67b4SEric Biggers against a known good value, e.g. from a digital signature). 24671e67b4SEric Biggers 25671e67b4SEric Biggers fs-verity is especially useful on large files where not all 26671e67b4SEric Biggers the contents may actually be needed. Also, fs-verity verifies 27671e67b4SEric Biggers data each time it is paged back in, which provides better 28671e67b4SEric Biggers protection against malicious disks vs. an ahead-of-time hash. 29671e67b4SEric Biggers 30671e67b4SEric Biggers If unsure, say N. 31671e67b4SEric Biggers 32671e67b4SEric Biggersconfig FS_VERITY_DEBUG 33671e67b4SEric Biggers bool "FS Verity debugging" 34671e67b4SEric Biggers depends on FS_VERITY 35671e67b4SEric Biggers help 36671e67b4SEric Biggers Enable debugging messages related to fs-verity by default. 37671e67b4SEric Biggers 38671e67b4SEric Biggers Say N unless you are an fs-verity developer. 39432434c9SEric Biggers 40432434c9SEric Biggersconfig FS_VERITY_BUILTIN_SIGNATURES 41432434c9SEric Biggers bool "FS Verity builtin signature support" 42432434c9SEric Biggers depends on FS_VERITY 43432434c9SEric Biggers select SYSTEM_DATA_VERIFICATION 44432434c9SEric Biggers help 45432434c9SEric Biggers Support verifying signatures of verity files against the X.509 46432434c9SEric Biggers certificates that have been loaded into the ".fs-verity" 47432434c9SEric Biggers kernel keyring. 48432434c9SEric Biggers 49432434c9SEric Biggers This is meant as a relatively simple mechanism that can be 50432434c9SEric Biggers used to provide an authenticity guarantee for verity files, as 51432434c9SEric Biggers an alternative to IMA appraisal. Userspace programs still 52432434c9SEric Biggers need to check that the verity bit is set in order to get an 53432434c9SEric Biggers authenticity guarantee. 54432434c9SEric Biggers 55432434c9SEric Biggers If unsure, say N. 56