mirror/linux
1
0
Fork 0
mirror of https://github.com/torvalds/linux.git synced 2025-04-11 04:53:02 +00:00
Code Issues Packages Projects Releases Wiki Activity
linux/fs/verity/Kconfig
Eric Biggers a19bcde499 Revert "fsverity: relax build time dependency on CRYPTO_SHA256" 
This reverts commit e3a606f2c544b231f6079c8c5fea451e772e1139 because it
allows people to create broken configurations that enable FS_VERITY but
not SHA-256 support.

The commit did allow people to disable the generic SHA-256
implementation when it's not needed.  But that at best allowed saving a
bit of code.  In the real world people are unlikely to intentionally and
correctly make such a tweak anyway, as they tend to just be confused by
what all the different crypto kconfig options mean.

Of course we really need the crypto API to enable the correct
implementations automatically, but that's for a later fix.

Acked-by: Ard Biesheuvel <ardb@kernel.org>
Cc: Herbert Xu <herbert@gondor.apana.org.au>
Link: https://lore.kernel.org/r/20250217185105.26751-1-ebiggers@kernel.org
Signed-off-by: Eric Biggers <ebiggers@google.com>
2025-02-17 11:34:15 -08:00

49 lines
2.0 KiB
Plaintext
Raw Permalink Blame History

# SPDX-License-Identifier: GPL-2.0
config FS_VERITY
bool "FS Verity (read-only file-based authenticity protection)"
select CRYPTO
select CRYPTO_HASH_INFO
# SHA-256 is selected as it's intended to be the default hash algorithm.
# To avoid bloat, other wanted algorithms must be selected explicitly.
select CRYPTO_SHA256
help
This option enables fs-verity. fs-verity is the dm-verity
mechanism implemented at the file level. On supported
filesystems (currently ext4, f2fs, and btrfs), userspace can
use an ioctl to enable verity for a file, which causes the
filesystem to build a Merkle tree for the file. The filesystem
will then transparently verify any data read from the file
against the Merkle tree. The file is also made read-only.
This serves as an integrity check, but the availability of the
Merkle tree root hash also allows efficiently supporting
various use cases where normally the whole file would need to
be hashed at once, such as: (a) auditing (logging the file's
hash), or (b) authenticity verification (comparing the hash
against a known good value, e.g. from a digital signature).
fs-verity is especially useful on large files where not all
the contents may actually be needed. Also, fs-verity verifies
data each time it is paged back in, which provides better
protection against malicious disks vs. an ahead-of-time hash.
If unsure, say N.
config FS_VERITY_BUILTIN_SIGNATURES
bool "FS Verity builtin signature support"
depends on FS_VERITY
select SYSTEM_DATA_VERIFICATION
help
This option adds support for in-kernel verification of
fs-verity builtin signatures.
Please take great care before using this feature. It is not
the only way to do signatures with fs-verity, and the
alternatives (such as userspace signature verification, and
IMA appraisal) can be much better. For details about the
limitations of this feature, see
Documentation/filesystems/fsverity.rst.
If unsure, say N.
Reference in New Issue View Git Blame Copy Permalink