From: Victor Hsieh <victorhsieh@google.com>
To: liuj97@gmail.com
Cc: Eric Biggers <ebiggers@google.com>,
Miklos Szeredi <miklos@szeredi.hu>,
"Theodore Y. Ts'o" <tytso@mit.edu>,
linux-fsdevel@vger.kernel.org, linux-fscrypt@vger.kernel.org,
fuse-devel@lists.sourceforge.net
Subject: Re: Feature proposal: support file content integrity verification based on fs-verity
Date: Mon, 28 Nov 2022 16:44:33 -0800 [thread overview]
Message-ID: <CAFCauYOuVrSFmeckMi+2xteCcuuCfsuNtdMB0spo2afcGOxSeg@mail.gmail.com> (raw)
In-Reply-To: <D3AF9D1E-12E1-434F-AEA4-5892E8BC66AB@gmail.com>
On Thu, Nov 17, 2022 at 9:19 PM Gmail <liuj97@gmail.com> wrote:
>
> Hello fuse-devel,
>
> The fs-verity framework provides file content integrity verification services for filesystems. Currently ext4/btrfs/f2fs has enabled support for fs-verity. Here I would like to propose implementing FUSE file content integrity verification based on fs-verity.
>
> Our current main use case is to support integrity verification for confidential containers using virtio-fs. With the new integrity verification feature, we can ensure that files from virtio-fs are trusted and fs-verity root digests are available for remote attestation. The integrity verification feature can also be used to support other FUSE based solutions.
I'd argue FUSE isn't the right layer for supporting fs-verity
verification. The verification can happen in the read path of
virtio-fs (or any FUSE-based filesystem). In fact, Android is already
doing this in "authfs" fully in userspace.
Although FUSE lacks the support of "unrestricted" ioctl, which makes
it impossible for the filesystem to receive the fs-verity ioctls.
Same to statx. I think that's where we'd need a change in FUSE
protocol.
>
> Fs-verity supports generating and verifying file content hash values. For the sake of simplicity, we may only support hash value verification of file content in the first stage, and enable support for hash value generation in the later stage.
>
> The following FUSE protocol changes are therefore proposed to support fs-verity:
> 1) add flag “FUSE_FS_VERITY” to negotiate fs-verity support
> 2) add flag “FUSE_ATTR_FSVERITY” for fuse servers to mark that inodes have associated fs-verity meta data.
> 3) add op “FUSE_FSVERITY” to get/set fs-verity descriptor and hash values.
>
> The FUSE protocol does not specify how fuse servers store fs-verity metadata. The fuse server can store fs-verity metadata in its own ways.
>
> I did a quick prototype and the changes seems moderate, about 250 lines of code changes.
>
> Would love to hear about your feedback:)
>
> Thanks,
> Gerry
>
next prev parent reply other threads:[~2022-11-29 0:45 UTC|newest]
Thread overview: 4+ messages / expand[flat|nested] mbox.gz Atom feed top
2022-11-18 5:19 Feature proposal: support file content integrity verification based on fs-verity Gmail
2022-11-29 0:44 ` Victor Hsieh [this message]
2022-12-01 9:51 ` Gerry Liu
2022-12-01 23:42 ` Victor Hsieh
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=CAFCauYOuVrSFmeckMi+2xteCcuuCfsuNtdMB0spo2afcGOxSeg@mail.gmail.com \
--to=victorhsieh@google.com \
--cc=ebiggers@google.com \
--cc=fuse-devel@lists.sourceforge.net \
--cc=linux-fscrypt@vger.kernel.org \
--cc=linux-fsdevel@vger.kernel.org \
--cc=liuj97@gmail.com \
--cc=miklos@szeredi.hu \
--cc=tytso@mit.edu \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).