Age | Commit message (Collapse) | Author |
|
Add a manual page for the fsverity utility, documenting all subcommands
and options.
The page is written in Markdown and is translated to groff using pandoc.
It can be installed by 'make install-man'.
Link: https://lore.kernel.org/r/20210610072056.35190-1-ebiggers@kernel.org
Acked-by: Luca Boccassi <bluca@debian.org>
Reviewed-by: Victor Hsieh <victorhsieh@google.com>
Signed-off-by: Eric Biggers <ebiggers@google.com>
|
|
Add some minimal compat type defs, and omit the enable/measure
sources. Also add a way to handle the fact that mingw adds a
.exe extension automatically in the Makefile install rules.
Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
Link: https://lore.kernel.org/r/20201222001033.302274-3-bluca@debian.org
Signed-off-by: Eric Biggers <ebiggers@google.com>
|
|
As was done in the kernel, rename "file measurement" to "file digest".
"File digest" has ended up being the more intuitive name, and it avoids
using multiple names for the same thing.
Acked-by: Luca Boccassi <luca.boccassi@microsoft.com>
Link: https://lore.kernel.org/r/20201113213314.73616-3-ebiggers@kernel.org
Signed-off-by: Eric Biggers <ebiggers@google.com>
|
|
Add a 'fsverity digest' subcommand that prints the hex-encoded digest of
the specified file(s), ready to be signed offline. By default the
output is like 'fsverity measure', but if the --for-builtin-sig option
is given, the output is the hex-encoded "struct fsverity_signed_digest"
that the kernel expects to be signed for builtin signatures.
This subcommand is useful in case the integrated signing mechanism with
local cert/key cannot be used.
Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
Link: https://lore.kernel.org/r/20201026191839.3329948-1-luca.boccassi@gmail.com
[EB: commit message, comment, and whitespace tweaks]
Signed-off-by: Eric Biggers <ebiggers@google.com>
|
|
Mention the location of the release tarballs, and make a few other
tweaks.
Signed-off-by: Eric Biggers <ebiggers@google.com>
|
|
Add subject tag suggestion [fsverity-utils PATCH] to the Contributing
section, so that developer can follow this.
Signed-off-by: Po-Hsu Lin <po-hsu.lin@canonical.com>
Link: https://lore.kernel.org/r/20200803040803.10529-1-po-hsu.lin@canonical.com
Signed-off-by: Eric Biggers <ebiggers@google.com>
|
|
This allows libfsverity to be used by software with other common
licenses, e.g. LGPL, MIT, BSD, and Apache 2.0. It also avoids the
incompatibility that some people perceive between OpenSSL and the GPL.
See discussion at
https://lkml.kernel.org/linux-fscrypt/20200211000037.189180-1-Jes.Sorensen@gmail.com/T/#u
Link: https://lkml.kernel.org/linux-fscrypt/20200731191156.22602-1-ebiggers@kernel.org
Acked-by: Chris Mason <clm@fb.com> # FB copyrighted material
Acked-by: Jes Sorensen <jsorensen@fb.com>
Signed-off-by: Eric Biggers <ebiggers@google.com>
|
|
Signed-off-by: Eric Biggers <ebiggers@google.com>
|
|
Update fsverity-utils for the new design where the Merkle tree is built
in the kernel by FS_IOC_ENABLE_VERITY.
'fsverity enable' command is updated to pass the new struct to the
ioctl, and to accept the Merkle tree parameters on the command line.
'fsverity sign' command is added. It calculates a file's fs-verity
measurement and signs it. Previously this functionality was part of
'fsverity setup'.
'fsverity setup' command is removed.
Signed-off-by: Eric Biggers <ebiggers@google.com>
|
|
Signed-off-by: Eric Biggers <ebiggers@google.com>
|
|
Signed-off-by: Eric Biggers <ebiggers@google.com>
|
|
- Root hash is now stored in authenticated extensions
- Magic number is now at the very end of the file too
- 'set_measurement' is replaced with 'measure'
- UAPI header now declares on-disk format
- log_tree_blocksize is stored instead of log_arity
- CRC-32 is changed to CRC-32C
- SHA-512 is now supported too
Signed-off-by: Eric Biggers <ebiggers@google.com>
|
|
Signed-off-by: Eric Biggers <ebiggers@google.com>
|