Changes in Makefile en Copyright 2015 Java e17fe657 - fs-verity: add FS_IOC_READ_VERITY_METADATA ioctl http://172.16.0.5:8080/history/linux-6.15/fs/verity/Makefile#e17fe657 fs-verity: add FS_IOC_READ_VERITY_METADATA ioctlAdd an ioctl FS_IOC_READ_VERITY_METADATA which will allow reading veritymetadata from a file that has fs-verity enabled, including:- The Merkle tree- The fsverity_descriptor (not including the signature if present)- The built-in signature, if presentThis ioctl has similar semantics to pread(). It is passed the type ofmetadata to read (one of the above three), and a buffer, offset, andsize. It returns the number of bytes read or an error.Separate patches will add support for each of the above metadata types.This patch just adds the ioctl itself.This ioctl doesn't make any assumption about where the metadata isstored on-disk. It does assume the metadata is in a stable format, butthat's basically already the case:- The Merkle tree and fsverity_descriptor are defined by how fs-verity file digests are computed; see the "File digest computation" section of Documentation/filesystems/fsverity.rst. Technically, the way in which the levels of the tree are ordered relative to each other wasn't previously specified, but it's logical to put the root level first.- The built-in signature is the value passed to FS_IOC_ENABLE_VERITY.This ioctl is useful because it allows writing a server program thattakes a verity file and serves it to a client program, such that theclient can do its own fs-verity compatible verification of the file.This only makes sense if the client doesn't trust the server and if theserver needs to provide the storage for the client.More concretely, there is interest in using this ability in Android toexport APK files (which are protected by fs-verity) to "protected VMs".This would use Protected KVM (https://lwn.net/Articles/836693), whichprovides an isolated execution environment without having to trust thetraditional "host". A "guest" VM can boot from a signed image andperform specific tasks in a minimum trusted environment using files thathave fs-verity enabled on the host, without trusting the host orrequiring that the guest has its own trusted storage.Technically, it would be possible to duplicate the metadata and store itin separate files for serving. However, that would be less efficientand would require extra care in userspace to maintain file consistency.In addition to the above, the ability to read the built-in signatures isuseful because it allows a system that is using the in-kernel signatureverification to migrate to userspace signature verification.Link: https://lore.kernel.org/r/20210115181819.34732-4-ebiggers@kernel.orgReviewed-by: Victor Hsieh <victorhsieh@google.com>Acked-by: Jaegeuk Kim <jaegeuk@kernel.org>Reviewed-by: Chao Yu <yuchao0@huawei.com>Signed-off-by: Eric Biggers <ebiggers@google.com> List of files: /linux-6.15/fs/verity/Makefile Fri, 15 Jan 2021 18:18:16 +0000 Eric Biggers <ebiggers@google.com> 432434c9 - fs-verity: support builtin file signatures http://172.16.0.5:8080/history/linux-6.15/fs/verity/Makefile#432434c9 fs-verity: support builtin file signaturesTo meet some users' needs, add optional support for having fs-verityhandle a portion of the authentication policy in the kernel. An".fs-verity" keyring is created to which X.509 certificates can beadded; then a sysctl 'fs.verity.require_signatures' can be set to causethe kernel to enforce that all fs-verity files contain a signature oftheir file measurement by a key in this keyring.See the "Built-in signature verification" section ofDocumentation/filesystems/fsverity.rst for the full documentation.Reviewed-by: Theodore Ts'o <tytso@mit.edu>Signed-off-by: Eric Biggers <ebiggers@google.com> List of files: /linux-6.15/fs/verity/Makefile Mon, 22 Jul 2019 16:26:23 +0000 Eric Biggers <ebiggers@google.com> 4dd893d8 - fs-verity: implement FS_IOC_MEASURE_VERITY ioctl http://172.16.0.5:8080/history/linux-6.15/fs/verity/Makefile#4dd893d8 fs-verity: implement FS_IOC_MEASURE_VERITY ioctlAdd a function for filesystems to call to implement theFS_IOC_MEASURE_VERITY ioctl. This ioctl retrieves the file measurementthat fs-verity calculated for the given file and is enforcing for reads;i.e., reads that don't match this hash will fail. This ioctl can beused for authentication or logging of file measurements in userspace.See the "FS_IOC_MEASURE_VERITY" section ofDocumentation/filesystems/fsverity.rst for the documentation.Reviewed-by: Theodore Ts'o <tytso@mit.edu>Reviewed-by: Jaegeuk Kim <jaegeuk@kernel.org>Signed-off-by: Eric Biggers <ebiggers@google.com> List of files: /linux-6.15/fs/verity/Makefile Mon, 22 Jul 2019 16:26:23 +0000 Eric Biggers <ebiggers@google.com> 3fda4c61 - fs-verity: implement FS_IOC_ENABLE_VERITY ioctl http://172.16.0.5:8080/history/linux-6.15/fs/verity/Makefile#3fda4c61 fs-verity: implement FS_IOC_ENABLE_VERITY ioctlAdd a function for filesystems to call to implement theFS_IOC_ENABLE_VERITY ioctl. This ioctl enables fs-verity on a file.See the "FS_IOC_ENABLE_VERITY" section ofDocumentation/filesystems/fsverity.rst for the documentation.Reviewed-by: Theodore Ts'o <tytso@mit.edu>Reviewed-by: Jaegeuk Kim <jaegeuk@kernel.org>Signed-off-by: Eric Biggers <ebiggers@google.com> List of files: /linux-6.15/fs/verity/Makefile Mon, 22 Jul 2019 16:26:22 +0000 Eric Biggers <ebiggers@google.com> 8a1d0f9c - fs-verity: add data verification hooks for ->readpages() http://172.16.0.5:8080/history/linux-6.15/fs/verity/Makefile#8a1d0f9c fs-verity: add data verification hooks for ->readpages()Add functions that verify data pages that have been read from afs-verity file, against that file's Merkle tree. These will be calledfrom filesystems' ->readpage() and ->readpages() methods.Since data verification can block, a workqueue is provided for thesemethods to enqueue verification work from their bio completion callback.See the "Verifying data" section ofDocumentation/filesystems/fsverity.rst for more information.Reviewed-by: Theodore Ts'o <tytso@mit.edu>Reviewed-by: Jaegeuk Kim <jaegeuk@kernel.org>Signed-off-by: Eric Biggers <ebiggers@google.com> List of files: /linux-6.15/fs/verity/Makefile Mon, 22 Jul 2019 16:26:22 +0000 Eric Biggers <ebiggers@google.com> fd2d1acf - fs-verity: add the hook for file ->open() http://172.16.0.5:8080/history/linux-6.15/fs/verity/Makefile#fd2d1acf fs-verity: add the hook for file ->open()Add the fsverity_file_open() function, which prepares an fs-verity fileto be read from. If not already done, it loads the fs-verity descriptorfrom the filesystem and sets up an fsverity_info structure for the inodewhich describes the Merkle tree and contains the file measurement. Italso denies all attempts to open verity files for writing.This commit also begins the include/linux/fsverity.h header, whichdeclares the interface between fs/verity/ and filesystems.Reviewed-by: Theodore Ts'o <tytso@mit.edu>Reviewed-by: Jaegeuk Kim <jaegeuk@kernel.org>Signed-off-by: Eric Biggers <ebiggers@google.com> List of files: /linux-6.15/fs/verity/Makefile Mon, 22 Jul 2019 16:26:22 +0000 Eric Biggers <ebiggers@google.com> 671e67b4 - fs-verity: add Kconfig and the helper functions for hashing http://172.16.0.5:8080/history/linux-6.15/fs/verity/Makefile#671e67b4 fs-verity: add Kconfig and the helper functions for hashingAdd the beginnings of the fs/verity/ support layer, including theKconfig option and various helper functions for hashing. To start, onlySHA-256 is supported, but other hash algorithms can easily be added.Reviewed-by: Theodore Ts'o <tytso@mit.edu>Reviewed-by: Jaegeuk Kim <jaegeuk@kernel.org>Signed-off-by: Eric Biggers <ebiggers@google.com> List of files: /linux-6.15/fs/verity/Makefile Mon, 22 Jul 2019 16:26:21 +0000 Eric Biggers <ebiggers@google.com>