| .. SPDX-License-Identifier: GPL-2.0 |
| |
| Verity files |
| ------------ |
| |
| ext4 supports fs-verity, which is a filesystem feature that provides |
| Merkle tree based hashing for individual readonly files. Most of |
| fs-verity is common to all filesystems that support it; see |
| :ref:`Documentation/filesystems/fsverity.rst <fsverity>` for the |
| fs-verity documentation. However, the on-disk layout of the verity |
| metadata is filesystem-specific. On ext4, the verity metadata is |
| stored after the end of the file data itself, in the following format: |
| |
| - Zero-padding to the next 65536-byte boundary. This padding need not |
| actually be allocated on-disk, i.e. it may be a hole. |
| |
| - The Merkle tree, as documented in |
| :ref:`Documentation/filesystems/fsverity.rst |
| <fsverity_merkle_tree>`, with the tree levels stored in order from |
| root to leaf, and the tree blocks within each level stored in their |
| natural order. |
| |
| - Zero-padding to the next filesystem block boundary. |
| |
| - The verity descriptor, as documented in |
| :ref:`Documentation/filesystems/fsverity.rst <fsverity_descriptor>`, |
| with optionally appended signature blob. |
| |
| - Zero-padding to the next offset that is 4 bytes before a filesystem |
| block boundary. |
| |
| - The size of the verity descriptor in bytes, as a 4-byte little |
| endian integer. |
| |
| Verity inodes have EXT4_VERITY_FL set, and they must use extents, i.e. |
| EXT4_EXTENTS_FL must be set and EXT4_INLINE_DATA_FL must be clear. |
| They can have EXT4_ENCRYPT_FL set, in which case the verity metadata |
| is encrypted as well as the data itself. |
| |
| Verity files cannot have blocks allocated past the end of the verity |
| metadata. |
| |
| Verity and DAX are not compatible and attempts to set both of these flags |
| on a file will fail. |
