lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date:   Sat, 09 Nov 2019 20:34:51 +0100
From:   walter harms <>
Subject: Re: [man-pages RFC PATCH] statx.2: document STATX_ATTR_VERITY

Am 08.11.2019 20:35, schrieb Eric Biggers:
> On Fri, Nov 08, 2019 at 09:23:04AM +0100, walter harms wrote:
>> Am 07.11.2019 23:02, schrieb Eric Biggers:
>>> From: Eric Biggers <>
>>> Document the verity attribute for statx().
>>> Signed-off-by: Eric Biggers <>
>>> ---
>>>  man2/statx.2 | 4 ++++
>>>  1 file changed, 4 insertions(+)
>>> RFC since the kernel patches are currently under review.
>>> The kernel patches can be found here:
>>> diff --git a/man2/statx.2 b/man2/statx.2
>>> index d2f1b07b8..713bd1260 100644
>>> --- a/man2/statx.2
>>> +++ b/man2/statx.2
>>> @@ -461,6 +461,10 @@ See
>>>  .TP
>>>  A key is required for the file to be encrypted by the filesystem.
>>> +.TP
>>> +The file has fs-verity enabled.  It cannot be written to, and all reads from it
>>> +will be verified against a Merkle tree.
>> Using "Merkle tree" opens a can of worm and what will happen when the methode will change ?
>> Does it matter at all ? i would suggest "filesystem" here.
> Fundamentally, fs-verity guarantees that all data read is verified against a
> cryptographic hash that covers the entire file.  I think it will be helpful to
> convey that here, e.g. to avoid confusion with non-cryptographic, individual
> block checksums supported by filesystems like btrfs and zfs.
> Now, the only sane way to implement this model is with a Merkle tree, and this
> is part of the fs-verity UAPI (via the file hash), so that's where I'm coming
> from here.  Perhaps the phrase "Merkle tree" could be interpreted too strictly,
> though, so it would be better to emphasize the more abstract model.  How about
> the following?:
> 	The file has fs-verity enabled.  It cannot be written to, and all reads
> 	from it will be verified against a cryptographic hash that covers the
> 	entire file, e.g. via a Merkle tree.

"feels" better,. but from a programmers perspective it is important at what level
this is actually done. To see my point look at the line before.
"encrypted by the filesystem" mean i have to read the documentation of the fs first
so if encryption is supported at all. Or do i think to complicated ?


Powered by blists - more mailing lists