| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-Id: <20190920212954.205789-4-ebiggers@kernel.org> Date: Fri, 20 Sep 2019 14:29:51 -0700 From: Eric Biggers <ebiggers@...nel.org> To: linux-ext4@...r.kernel.org Subject: [PATCH 3/6] ext4.5: document the verity feature From: Eric Biggers <ebiggers@...gle.com> Signed-off-by: Eric Biggers <ebiggers@...gle.com> --- misc/ext4.5.in | 14 ++++++++++++++ 1 file changed, 14 insertions(+) diff --git a/misc/ext4.5.in b/misc/ext4.5.in index 40e75f81..627c0dad 100644 --- a/misc/ext4.5.in +++ b/misc/ext4.5.in @@ -312,6 +312,18 @@ the file system using and it also speeds up the time required for .BR mke2fs (8) to create the file system. +.TP +.B verity +.br +Enables support for verity protected files. Verity files are readonly, +and their data is transparently verified against a Merkle tree hidden +past the end of the file. Using the Merkle tree's root hash, a verity +file can be efficiently authenticated, independent of the file's size. +.IP +This feature is most useful for authenticating important read-only files +on read-write file systems. If the file system itself is read-only, +then using dm-verity to authenticate the entire block device may provide +much better security. .SH MOUNT OPTIONS This section describes mount options which are specific to ext2, ext3, and ext4. Other generic mount options may be used as well; see @@ -774,6 +786,8 @@ ext4, 4.13 ext4, 4.13 .IP "\fBcasefold\fR" 2i ext4, 5.2 +.IP "\fBverity\fR" 2i +ext4, 5.4 .SH SEE ALSO .BR mke2fs (8), .BR mke2fs.conf (5), -- 2.23.0.351.gc4317032e6-goog
Powered by blists - more mailing lists