original_kernel/fs/verity
Eric Biggers 432434c9f8 fs-verity: support builtin file signatures
To meet some users' needs, add optional support for having fs-verity
handle a portion of the authentication policy in the kernel.  An
".fs-verity" keyring is created to which X.509 certificates can be
added; then a sysctl 'fs.verity.require_signatures' can be set to cause
the kernel to enforce that all fs-verity files contain a signature of
their file measurement by a key in this keyring.

See the "Built-in signature verification" section of
Documentation/filesystems/fsverity.rst for the full documentation.

Reviewed-by: Theodore Ts'o <tytso@mit.edu>
Signed-off-by: Eric Biggers <ebiggers@google.com>
2019-08-12 19:33:50 -07:00
..
Kconfig fs-verity: support builtin file signatures 2019-08-12 19:33:50 -07:00
Makefile fs-verity: support builtin file signatures 2019-08-12 19:33:50 -07:00
enable.c fs-verity: support builtin file signatures 2019-08-12 19:33:50 -07:00
fsverity_private.h fs-verity: support builtin file signatures 2019-08-12 19:33:50 -07:00
hash_algs.c fs-verity: add SHA-512 support 2019-08-12 19:33:50 -07:00
init.c fs-verity: support builtin file signatures 2019-08-12 19:33:50 -07:00
measure.c fs-verity: implement FS_IOC_MEASURE_VERITY ioctl 2019-08-12 19:33:50 -07:00
open.c fs-verity: support builtin file signatures 2019-08-12 19:33:50 -07:00
signature.c fs-verity: support builtin file signatures 2019-08-12 19:33:50 -07:00
verify.c fs-verity: support builtin file signatures 2019-08-12 19:33:50 -07:00