18c2ecf20Sopenharmony_ci# SPDX-License-Identifier: GPL-2.0
28c2ecf20Sopenharmony_ci
38c2ecf20Sopenharmony_ciconfig FS_VERITY
48c2ecf20Sopenharmony_ci	bool "FS Verity (read-only file-based authenticity protection)"
58c2ecf20Sopenharmony_ci	select CRYPTO
68c2ecf20Sopenharmony_ci	# SHA-256 is selected as it's intended to be the default hash algorithm.
78c2ecf20Sopenharmony_ci	# To avoid bloat, other wanted algorithms must be selected explicitly.
88c2ecf20Sopenharmony_ci	select CRYPTO_SHA256
98c2ecf20Sopenharmony_ci	help
108c2ecf20Sopenharmony_ci	  This option enables fs-verity.  fs-verity is the dm-verity
118c2ecf20Sopenharmony_ci	  mechanism implemented at the file level.  On supported
128c2ecf20Sopenharmony_ci	  filesystems (currently EXT4 and F2FS), userspace can use an
138c2ecf20Sopenharmony_ci	  ioctl to enable verity for a file, which causes the filesystem
148c2ecf20Sopenharmony_ci	  to build a Merkle tree for the file.  The filesystem will then
158c2ecf20Sopenharmony_ci	  transparently verify any data read from the file against the
168c2ecf20Sopenharmony_ci	  Merkle tree.  The file is also made read-only.
178c2ecf20Sopenharmony_ci
188c2ecf20Sopenharmony_ci	  This serves as an integrity check, but the availability of the
198c2ecf20Sopenharmony_ci	  Merkle tree root hash also allows efficiently supporting
208c2ecf20Sopenharmony_ci	  various use cases where normally the whole file would need to
218c2ecf20Sopenharmony_ci	  be hashed at once, such as: (a) auditing (logging the file's
228c2ecf20Sopenharmony_ci	  hash), or (b) authenticity verification (comparing the hash
238c2ecf20Sopenharmony_ci	  against a known good value, e.g. from a digital signature).
248c2ecf20Sopenharmony_ci
258c2ecf20Sopenharmony_ci	  fs-verity is especially useful on large files where not all
268c2ecf20Sopenharmony_ci	  the contents may actually be needed.  Also, fs-verity verifies
278c2ecf20Sopenharmony_ci	  data each time it is paged back in, which provides better
288c2ecf20Sopenharmony_ci	  protection against malicious disks vs. an ahead-of-time hash.
298c2ecf20Sopenharmony_ci
308c2ecf20Sopenharmony_ci	  If unsure, say N.
318c2ecf20Sopenharmony_ci
328c2ecf20Sopenharmony_ciconfig FS_VERITY_DEBUG
338c2ecf20Sopenharmony_ci	bool "FS Verity debugging"
348c2ecf20Sopenharmony_ci	depends on FS_VERITY
358c2ecf20Sopenharmony_ci	help
368c2ecf20Sopenharmony_ci	  Enable debugging messages related to fs-verity by default.
378c2ecf20Sopenharmony_ci
388c2ecf20Sopenharmony_ci	  Say N unless you are an fs-verity developer.
398c2ecf20Sopenharmony_ci
408c2ecf20Sopenharmony_ciconfig FS_VERITY_BUILTIN_SIGNATURES
418c2ecf20Sopenharmony_ci	bool "FS Verity builtin signature support"
428c2ecf20Sopenharmony_ci	depends on FS_VERITY
438c2ecf20Sopenharmony_ci	select SYSTEM_DATA_VERIFICATION
448c2ecf20Sopenharmony_ci	help
458c2ecf20Sopenharmony_ci	  Support verifying signatures of verity files against the X.509
468c2ecf20Sopenharmony_ci	  certificates that have been loaded into the ".fs-verity"
478c2ecf20Sopenharmony_ci	  kernel keyring.
488c2ecf20Sopenharmony_ci
498c2ecf20Sopenharmony_ci	  This is meant as a relatively simple mechanism that can be
508c2ecf20Sopenharmony_ci	  used to provide an authenticity guarantee for verity files, as
518c2ecf20Sopenharmony_ci	  an alternative to IMA appraisal.  Userspace programs still
528c2ecf20Sopenharmony_ci	  need to check that the verity bit is set in order to get an
538c2ecf20Sopenharmony_ci	  authenticity guarantee.
548c2ecf20Sopenharmony_ci
558c2ecf20Sopenharmony_ci	  If unsure, say N.
56