From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from imap.thunk.org ([74.207.234.97]:37776 "EHLO imap.thunk.org" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1751127AbeA2EuW (ORCPT ); Sun, 28 Jan 2018 23:50:22 -0500 Date: Sun, 28 Jan 2018 23:50:12 -0500 From: Theodore Ts'o To: Mimi Zohar Cc: James Bottomley , Andreas Dilger , linux-fsdevel , lsf-pc@lists.linux-foundation.org Subject: Re: [Lsf-pc] [LSF/MM TOPIC] fs-verity: file system-level integrity protection Message-ID: <20180129045012.GB9516@thunk.org> References: <275E5E86-635E-4D79-9AC9-3D24318EDDDF@dilger.ca> <1517069959.3012.13.camel@HansenPartnership.com> <20180128024604.GA12320@thunk.org> <1517162590.3082.55.camel@HansenPartnership.com> <20180128214925.GA13621@thunk.org> <1517180692.29187.317.camel@linux.vnet.ibm.com> <20180129003842.GA29839@thunk.org> <1517190821.29187.415.camel@linux.vnet.ibm.com> <20180129023820.GA1565@thunk.org> <1517197150.29187.457.camel@linux.vnet.ibm.com> MIME-Version: 1.0 Content-Type: text/plain; charset=iso-8859-1 Content-Disposition: inline Content-Transfer-Encoding: 8bit In-Reply-To: <1517197150.29187.457.camel@linux.vnet.ibm.com> Sender: linux-fsdevel-owner@vger.kernel.org List-ID: On Sun, Jan 28, 2018 at 10:39:10PM -0500, Mimi Zohar wrote: > At what point is the signature on the Merkle tree hash verified? �I > can't imagine it being done every time a page is read. �It must be > done and the result cached at file open. Sorry, I misread your question. The signature on the Merkle tree hash is verified the file is opened, and then validated Merkle tree hash is cached in the in-memory inode data structure. This is similar to how we cache the per-file key in fscrypt; once the key is derived, we keep it in the inode cache until the inode is dropped from the inode cache, or after a userspace request to revoke all keys derived from a user's login key (which is triggered when the user logs out of their ChromeOS session). - Ted