fs-verity: Work-in-progress prototype w/ F2FS integration
fs-verity makes efficient authenticity measurements over file
contents. It does so by implementing the dm-verity mechanism at a
file-granular level. This uses an authenticated dictionary structure
to measure any given block in the file in log(file size) time.
This is a major new VFS feature that will take some time to get right.
If you would like to participate in the design and implementation,
please do so on the linux-fscrypt mailing list. Note that this will
be a topic of discussion at LSF/MM 2018.
This is proof-of-concept code only that does not offer any security
guarantees at the moment. (In fact, just about the only thing I can
promise is that you can probably exploit the kernel via this code as
it currently stands.)
Signed-off-by: Michael Halcrow <firstname.lastname@example.org>
20 files changed