0001 .. SPDX-License-Identifier: GPL-2.0
0002
0003 Verity files
0004 ------------
0005
0006 ext4 supports fs-verity, which is a filesystem feature that provides
0007 Merkle tree based hashing for individual readonly files. Most of
0008 fs-verity is common to all filesystems that support it; see
0009 :ref:`Documentation/filesystems/fsverity.rst <fsverity>` for the
0010 fs-verity documentation. However, the on-disk layout of the verity
0011 metadata is filesystem-specific. On ext4, the verity metadata is
0012 stored after the end of the file data itself, in the following format:
0013
0014 - Zero-padding to the next 65536-byte boundary. This padding need not
0015 actually be allocated on-disk, i.e. it may be a hole.
0016
0017 - The Merkle tree, as documented in
0018 :ref:`Documentation/filesystems/fsverity.rst
0019 <fsverity_merkle_tree>`, with the tree levels stored in order from
0020 root to leaf, and the tree blocks within each level stored in their
0021 natural order.
0022
0023 - Zero-padding to the next filesystem block boundary.
0024
0025 - The verity descriptor, as documented in
0026 :ref:`Documentation/filesystems/fsverity.rst <fsverity_descriptor>`,
0027 with optionally appended signature blob.
0028
0029 - Zero-padding to the next offset that is 4 bytes before a filesystem
0030 block boundary.
0031
0032 - The size of the verity descriptor in bytes, as a 4-byte little
0033 endian integer.
0034
0035 Verity inodes have EXT4_VERITY_FL set, and they must use extents, i.e.
0036 EXT4_EXTENTS_FL must be set and EXT4_INLINE_DATA_FL must be clear.
0037 They can have EXT4_ENCRYPT_FL set, in which case the verity metadata
0038 is encrypted as well as the data itself.
0039
0040 Verity files cannot have blocks allocated past the end of the verity
0041 metadata.
0042
0043 Verity and DAX are not compatible and attempts to set both of these flags
0044 on a file will fail.
