fs-verity: support reading signature with ioctl
authorEric Biggers <ebiggers@google.com>
Fri, 15 Jan 2021 18:18:19 +0000 (10:18 -0800)
committerEric Biggers <ebiggers@google.com>
Sun, 7 Feb 2021 22:51:19 +0000 (14:51 -0800)
commit07c99001312cbf90a357d4877a358f796eede65b
tree12c2787f495d8fdbf605e1fa1bbd835aa204458a
parent947191ac8caba85e25e0e036b0f097fee9e817f3
fs-verity: support reading signature with ioctl

Add support for FS_VERITY_METADATA_TYPE_SIGNATURE to
FS_IOC_READ_VERITY_METADATA.  This allows a userspace server program to
retrieve the built-in signature (if present) of a verity file for
serving to a client which implements fs-verity compatible verification.
See the patch which introduced FS_IOC_READ_VERITY_METADATA for more
details.

The ability for userspace to read the built-in signatures is also useful
because it allows a system that is using the in-kernel signature
verification to migrate to userspace signature verification.

This has been tested using a new xfstest which calls this ioctl via a
new subcommand for the 'fsverity' program from fsverity-utils.

Link: https://lore.kernel.org/r/20210115181819.34732-7-ebiggers@kernel.org
Reviewed-by: Victor Hsieh <victorhsieh@google.com>
Reviewed-by: Jaegeuk Kim <jaegeuk@kernel.org>
Reviewed-by: Chao Yu <yuchao0@huawei.com>
Signed-off-by: Eric Biggers <ebiggers@google.com>
Documentation/filesystems/fsverity.rst
fs/verity/read_metadata.c
include/uapi/linux/fsverity.h