mirror of
https://github.com/torvalds/linux.git
synced 2024-11-29 07:31:29 +00:00
817aa09484
HMACs can only be generated on the system the UBIFS image is running on. To support offline signed images we add a PKCS#7 signature to the UBIFS image which can be created by mkfs.ubifs. Both the master node and the superblock need to be authenticated, during normal runtime both are protected with HMACs. For offline signature support however only a single signature is desired. We add a signature covering the superblock node directly behind it. To protect the master node a hash of the master node is added to the superblock which is used when the master node doesn't contain a HMAC. Transition to a read/write filesystem is also supported. During transition first the master node is rewritten with a HMAC (implicitly, it is written anyway as the FS is marked dirty). Afterwards the superblock is rewritten with a HMAC. Once after the image has been mounted read/write it is HMAC only, the signature is no longer required or even present on the filesystem. In an offline signed image the master node is authenticated by the superblock. In a transition to r/w we have to make sure that the master node is rewritten before the superblock node. In this case the master node gets a HMAC and its authenticity no longer depends on the superblock node. There are some cases in which the current code first writes the superblock node though, so with this patch writing of the superblock node is delayed until the master node is written. Signed-off-by: Sascha Hauer <s.hauer@pengutronix.de> Signed-off-by: Richard Weinberger <richard@nod.at>
91 lines
2.9 KiB
Plaintext
91 lines
2.9 KiB
Plaintext
# SPDX-License-Identifier: GPL-2.0-only
|
|
config UBIFS_FS
|
|
tristate "UBIFS file system support"
|
|
select CRC16
|
|
select CRC32
|
|
select CRYPTO if UBIFS_FS_ADVANCED_COMPR
|
|
select CRYPTO if UBIFS_FS_LZO
|
|
select CRYPTO if UBIFS_FS_ZLIB
|
|
select CRYPTO_LZO if UBIFS_FS_LZO
|
|
select CRYPTO_DEFLATE if UBIFS_FS_ZLIB
|
|
select CRYPTO_HASH_INFO
|
|
select UBIFS_FS_XATTR if FS_ENCRYPTION
|
|
depends on MTD_UBI
|
|
help
|
|
UBIFS is a file system for flash devices which works on top of UBI.
|
|
|
|
if UBIFS_FS
|
|
|
|
config UBIFS_FS_ADVANCED_COMPR
|
|
bool "Advanced compression options"
|
|
help
|
|
This option allows to explicitly choose which compressions, if any,
|
|
are enabled in UBIFS. Removing compressors means inability to read
|
|
existing file systems.
|
|
|
|
If unsure, say 'N'.
|
|
|
|
config UBIFS_FS_LZO
|
|
bool "LZO compression support" if UBIFS_FS_ADVANCED_COMPR
|
|
default y
|
|
help
|
|
LZO compressor is generally faster than zlib but compresses worse.
|
|
Say 'Y' if unsure.
|
|
|
|
config UBIFS_FS_ZLIB
|
|
bool "ZLIB compression support" if UBIFS_FS_ADVANCED_COMPR
|
|
default y
|
|
help
|
|
Zlib compresses better than LZO but it is slower. Say 'Y' if unsure.
|
|
|
|
config UBIFS_ATIME_SUPPORT
|
|
bool "Access time support"
|
|
default n
|
|
help
|
|
Originally UBIFS did not support atime, because it looked like a bad idea due
|
|
increased flash wear. This option adds atime support and it is disabled by default
|
|
to preserve the old behavior. If you enable this option, UBIFS starts updating atime,
|
|
which means that file-system read operations will cause writes (inode atime
|
|
updates). This may affect file-system performance and increase flash device wear,
|
|
so be careful. How often atime is updated depends on the selected strategy:
|
|
strictatime is the "heavy", relatime is "lighter", etc.
|
|
|
|
If unsure, say 'N'
|
|
|
|
config UBIFS_FS_XATTR
|
|
bool "UBIFS XATTR support"
|
|
default y
|
|
help
|
|
Saying Y here includes support for extended attributes (xattrs).
|
|
Xattrs are name:value pairs associated with inodes by
|
|
the kernel or by users (see the attr(5) manual page).
|
|
|
|
If unsure, say Y.
|
|
|
|
config UBIFS_FS_SECURITY
|
|
bool "UBIFS Security Labels"
|
|
depends on UBIFS_FS_XATTR
|
|
default y
|
|
help
|
|
Security labels provide an access control facility to support Linux
|
|
Security Models (LSMs) accepted by AppArmor, SELinux, Smack and TOMOYO
|
|
Linux. This option enables an extended attribute handler for file
|
|
security labels in the ubifs filesystem, so that it requires enabling
|
|
the extended attribute support in advance.
|
|
|
|
If you are not using a security module, say N.
|
|
|
|
config UBIFS_FS_AUTHENTICATION
|
|
bool "UBIFS authentication support"
|
|
select KEYS
|
|
select CRYPTO_HMAC
|
|
select SYSTEM_DATA_VERIFICATION
|
|
help
|
|
Enable authentication support for UBIFS. This feature offers protection
|
|
against offline changes for both data and metadata of the filesystem.
|
|
If you say yes here you should also select a hashing algorithm such as
|
|
sha256, these are not selected automatically since there are many
|
|
different options.
|
|
|
|
endif # UBIFS_FS
|