From: Johannes Thumshirn <johannes.thumshirn@xxxxxxx>
This series adds file-system authentication to BTRFS.
Unlike other verified file-system techniques like fs-verity the
authenticated version of BTRFS does not need extra meta-data on disk.
This works because in BTRFS every on-disk block has a checksum, for meta-data
the checksum is in the header of each meta-data item. For data blocks, a
separate checksum tree exists, which holds the checksums for each block.
Currently BRTFS supports CRC32C, XXHASH64, SHA256 and Blake2b for checksumming
these blocks. This series adds a new checksum algorithm, HMAC(SHA-256), which
does need an authentication key. When no, or an incoreect authentication key
is supplied no valid checksum can be generated and a read, fsck or scrub
operation would detect invalid or tampered blocks once the file-system is
mounted again with the correct key.
Getting the key inside the kernel is out of scope of this implementation, the
file-system driver assumes the key is already in the kernel's keyring at mount
time.
There was interest in also using a HMAC version of Blake2b from the community,
but as none of the crypto libraries used by user-space BTRFS tools as a
backend does currently implement a HMAC version with Blake2b, it is not (yet)
included.
I have CCed Eric Biggers and Richard Weinberger in the submission, as they
previously have worked on filesystem authentication and I hope we can get
input from them as well.
Example usage:
Create a file-system with authentication key 0123456
mkfs.btrfs --csum hmac-sha256 --auth-key 0123456 /dev/disk
Add the key to the kernel's keyring as keyid 'btrfs:foo'
keyctl add logon btrfs:foo 0123456 @u
Mount the fs using the 'btrfs:foo' key
mount -t btrfs -o auth_key=btrfs:foo /dev/disk /mnt/point
Note, this is a re-base of the work I did when I was still at SUSE, hence the
S-o-b being my SUSE address, while the Author being with my WDC address (to
not generate bouncing mails).
Changes since v1:
- None, only rebased the series
Johannes Thumshirn (2):
btrfs: add authentication support
btrfs: rename btrfs_parse_device_options back to
btrfs_parse_early_options
fs/btrfs/ctree.c | 3 ++-
fs/btrfs/ctree.h | 2 ++
fs/btrfs/disk-io.c | 53 ++++++++++++++++++++++++++++++++++++++++-
fs/btrfs/super.c | 31 +++++++++++++++++++-----
include/uapi/linux/btrfs_tree.h | 1 +
5 files changed, 82 insertions(+), 8 deletions(-)
--
2.16.4
