Lines Matching full:files

14 of read-only files.  Currently, it is supported by the ext4, f2fs, and
20 but works on files rather than block devices.  On regular files on
52 (APK) files, for example.  These typically contain many translations,
62 still be used on read-only filesystems.  fs-verity is for files that
72   files can be trusted to authenticate them.  Consider e.g. an
73   application that wants to authenticate data files before using them,
85   "IMA appraisal" enforces that files contain a valid, matching
90   control decisions based on immutable security properties of files,
93   files using properties ``fsverity_digest`` for identifying
94   files by their verity digest, and ``fsverity_signature`` to authorize
95   files with a verified fs-verity's built-in signature. For
155 take a long time to execute on large files, and it is interruptible by
343 opening the file, and opening verity files can be expensive.
347 Accessing verity files
353 - Verity files are readonly.  They cannot be opened for writing or
357   allowed, since these are not measured by fs-verity.  Verity files
360 - Direct I/O is not supported on verity files.  Attempts to use direct
361   I/O on such files will fall back to buffered I/O.
363 - DAX (Direct Access) is not supported on verity files, because this
375 its "verity"-ness.  fs-verity is primarily meant for files like
387 compute fs-verity file digests itself, e.g. in order to sign files.
423 large files the Merkle tree's size converges to approximately 1/127 of
424 the original file size.  However, for small files, the padding is
479    relies on this behavior to recognize and label fsverity files
483    When set to 1, the kernel requires that all verity files have a
503   that any files actually have fs-verity enabled.  Thus, it is not a
506   code to explicitly check whether files have fs-verity enabled with a
516   files with a verified fs-verity builtin signature to perform certain
527   all fs-verity enabled files on the system.  Different keys cannot be
528   trusted for different files; each key is all or nothing.
587 To create verity files on an ext4 filesystem, the filesystem must have
597 ext4 sets the EXT4_VERITY_FL on-disk inode flag on verity files.  It
607 i_size.  This approach works because (a) verity files are readonly,
616 ext4 only allows verity on extent-based files.
623 To create verity files on an f2fs filesystem, the filesystem must have
626 f2fs sets the FADVISE_VERITY_BIT on-disk inode flag on verity files.
636 f2fs doesn't support enabling verity on files that currently have
721 On many filesystems, files can contain holes.  Normally,
727 Filesystems also disable direct I/O on verity files, since otherwise
739 including examples of setting up fs-verity protected files.
758     hashing individual files using a Merkle tree.  In contrast, IMA
759     specifies a system-wide policy that specifies which files are
780     userspace code that authenticates the files; fs-verity is just a
782     userspace code will consider non-verity files to be inauthentic.
824     wasn't a critical use case.  Files are usually installed once and
855 :Q: Since verity files are immutable, why isn't the immutable bit set?