fs-verity: add support for elide and patch extensions
The Android application package (APK) format has a signature block in
the middle of the file. To allow fs-verity to be used on such files, we
introduce support for elisions and patches:
- An elision is a region of data that is not verified at all, being
omitted from the Merkle tree.
- A patch is a region of data that is not verified, but has substitute
data of the same length included in the Merkle tree.
Both are stored as authenticated extension items, so they are included
in the fs-verity measurement and an attacker cannot simply circumvent
fs-verity by adding them. Userspace is responsible for verifying the
signature block and generating the expected list of elisions and
patches, then setting the expected measurement via an ioctl.
For simplicity of implementation, elisions are required to be
page-aligned, each page can have at most one patch, and elisions and
patches cannot overlap.
Signed-off-by: Eric Biggers <ebiggers@google.com>
2 files changed
