summaryrefslogtreecommitdiff
path: root/Documentation/filesystems/ext4/verity.rst
blob: 3e4c0ee0e06839ab350e2b01d753ce9bf8639e76 (plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
.. SPDX-License-Identifier: GPL-2.0

Verity files
------------

ext4 supports fs-verity, which is a filesystem feature that provides
Merkle tree based hashing for individual readonly files.  Most of
fs-verity is common to all filesystems that support it; see
:ref:`Documentation/filesystems/fsverity.rst <fsverity>` for the
fs-verity documentation.  However, the on-disk layout of the verity
metadata is filesystem-specific.  On ext4, the verity metadata is
stored after the end of the file data itself, in the following format:

- Zero-padding to the next 65536-byte boundary.  This padding need not
  actually be allocated on-disk, i.e. it may be a hole.

- The Merkle tree, as documented in
  :ref:`Documentation/filesystems/fsverity.rst
  <fsverity_merkle_tree>`, with the tree levels stored in order from
  root to leaf, and the tree blocks within each level stored in their
  natural order.

- Zero-padding to the next filesystem block boundary.

- The verity descriptor, as documented in
  :ref:`Documentation/filesystems/fsverity.rst <fsverity_descriptor>`,
  with optionally appended signature blob.

- Zero-padding to the next offset that is 4 bytes before a filesystem
  block boundary.

- The size of the verity descriptor in bytes, as a 4-byte little
  endian integer.

Verity inodes have EXT4_VERITY_FL set, and they must use extents, i.e.
EXT4_EXTENTS_FL must be set and EXT4_INLINE_DATA_FL must be clear.
They can have EXT4_ENCRYPT_FL set, in which case the verity metadata
is encrypted as well as the data itself.

Verity files cannot have blocks allocated past the end of the verity
metadata.