Talos™ II Linux sources for OpenPOWER https://git.raptorcs.com/git/talos-op-linux/atom?h=master 2019-08-13T02:33:50+00:00 2019-08-13T02:33:50+00:00 Eric Biggers ebiggers@google.com 2019-07-22T16:26:23+00:00 urn:sha1:432434c9f8e18cb4cf0fe05bc3eeceada0e10dc6 To meet some users' needs, add optional support for having fs-verity handle a portion of the authentication policy in the kernel. An ".fs-verity" keyring is created to which X.509 certificates can be added; then a sysctl 'fs.verity.require_signatures' can be set to cause the kernel to enforce that all fs-verity files contain a signature of their file measurement by a key in this keyring. See the "Built-in signature verification" section of Documentation/filesystems/fsverity.rst for the full documentation. Reviewed-by: Theodore Ts'o <tytso@mit.edu> Signed-off-by: Eric Biggers <ebiggers@google.com> 2019-07-28T23:59:16+00:00 Eric Biggers ebiggers@google.com 2019-07-22T16:26:21+00:00 urn:sha1:671e67b47e9fffd12c8f69eda853a202cb5b3fc5 Add the beginnings of the fs/verity/ support layer, including the Kconfig option and various helper functions for hashing. To start, only SHA-256 is supported, but other hash algorithms can easily be added. Reviewed-by: Theodore Ts'o <tytso@mit.edu> Reviewed-by: Jaegeuk Kim <jaegeuk@kernel.org> Signed-off-by: Eric Biggers <ebiggers@google.com>