€•ö(Œsphinx.addnodes”Œdocument”“”)”}”(Œ rawsource”Œ”Œchildren”]”(Œ translations”Œ LanguagesNode”“”)”}”(hhh]”(hŒ pending_xref”“”)”}”(hhh]”Œdocutils.nodes”ŒText”“”ŒChinese (Simplified)”…””}”Œparent”hsbaŒ attributes”}”(Œids”]”Œclasses”]”Œnames”]”Œdupnames”]”Œbackrefs”]”Œ refdomain”Œstd”Œreftype”Œdoc”Œ reftarget”Œ+/translations/zh_CN/filesystems/ext4/verity”Œmodname”NŒ classname”NŒ refexplicit”ˆuŒtagname”hhh ubh)”}”(hhh]”hŒChinese (Traditional)”…””}”hh2sbah}”(h]”h ]”h"]”h$]”h&]”Œ refdomain”h)Œreftype”h+Œ reftarget”Œ+/translations/zh_TW/filesystems/ext4/verity”Œmodname”NŒ classname”NŒ refexplicit”ˆuh1hhh ubh)”}”(hhh]”hŒItalian”…””}”hhFsbah}”(h]”h ]”h"]”h$]”h&]”Œ refdomain”h)Œreftype”h+Œ reftarget”Œ+/translations/it_IT/filesystems/ext4/verity”Œmodname”NŒ classname”NŒ refexplicit”ˆuh1hhh ubh)”}”(hhh]”hŒJapanese”…””}”hhZsbah}”(h]”h ]”h"]”h$]”h&]”Œ refdomain”h)Œreftype”h+Œ reftarget”Œ+/translations/ja_JP/filesystems/ext4/verity”Œmodname”NŒ classname”NŒ refexplicit”ˆuh1hhh ubh)”}”(hhh]”hŒKorean”…””}”hhnsbah}”(h]”h ]”h"]”h$]”h&]”Œ refdomain”h)Œreftype”h+Œ reftarget”Œ+/translations/ko_KR/filesystems/ext4/verity”Œmodname”NŒ classname”NŒ refexplicit”ˆuh1hhh ubh)”}”(hhh]”hŒSpanish”…””}”hh‚sbah}”(h]”h ]”h"]”h$]”h&]”Œ refdomain”h)Œreftype”h+Œ reftarget”Œ+/translations/sp_SP/filesystems/ext4/verity”Œmodname”NŒ classname”NŒ refexplicit”ˆuh1hhh ubeh}”(h]”h ]”h"]”h$]”h&]”Œcurrent_language”ŒEnglish”uh1h hhŒ _document”hŒsource”NŒline”NubhŒcomment”“”)”}”(hŒ SPDX-License-Identifier: GPL-2.0”h]”hŒ SPDX-License-Identifier: GPL-2.0”…””}”hh£sbah}”(h]”h ]”h"]”h$]”h&]”Œ xml:space”Œpreserve”uh1h¡hhhžhhŸŒE/var/lib/git/docbuild/linux/Documentation/filesystems/ext4/verity.rst”h KubhŒsection”“”)”}”(hhh]”(hŒtitle”“”)”}”(hŒ Verity files”h]”hŒ Verity files”…””}”(hh»hžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”uh1h¹hh¶hžhhŸh³h KubhŒ paragraph”“”)”}”(hXÐext4 supports fs-verity, which is a filesystem feature that provides Merkle tree based hashing for individual readonly files. Most of fs-verity is common to all filesystems that support it; see :ref:`Documentation/filesystems/fsverity.rst ` for the fs-verity documentation. However, the on-disk layout of the verity metadata is filesystem-specific. On ext4, the verity metadata is stored after the end of the file data itself, in the following format:”h]”(hŒÃext4 supports fs-verity, which is a filesystem feature that provides Merkle tree based hashing for individual readonly files. Most of fs-verity is common to all filesystems that support it; see ”…””}”(hhËhžhhŸNh Nubh)”}”(hŒ8:ref:`Documentation/filesystems/fsverity.rst `”h]”hŒinline”“”)”}”(hhÕh]”hŒ&Documentation/filesystems/fsverity.rst”…””}”(hhÙhžhhŸNh Nubah}”(h]”h ]”(Œxref”Œstd”Œstd-ref”eh"]”h$]”h&]”uh1h×hhÓubah}”(h]”h ]”h"]”h$]”h&]”Œrefdoc”Œfilesystems/ext4/verity”Œ refdomain”häŒreftype”Œref”Œ refexplicit”ˆŒrefwarn”ˆŒ reftarget”Œfsverity”uh1hhŸh³h KhhËubhŒÕ for the fs-verity documentation. However, the on-disk layout of the verity metadata is filesystem-specific. On ext4, the verity metadata is stored after the end of the file data itself, in the following format:”…””}”(hhËhžhhŸNh Nubeh}”(h]”h ]”h"]”h$]”h&]”uh1hÉhŸh³h Khh¶hžhubhŒ bullet_list”“”)”}”(hhh]”(hŒ list_item”“”)”}”(hŒ{Zero-padding to the next 65536-byte boundary. This padding need not actually be allocated on-disk, i.e. it may be a hole. ”h]”hÊ)”}”(hŒzZero-padding to the next 65536-byte boundary. This padding need not actually be allocated on-disk, i.e. it may be a hole.”h]”hŒzZero-padding to the next 65536-byte boundary. This padding need not actually be allocated on-disk, i.e. it may be a hole.”…””}”(hj hžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”uh1hÉhŸh³h Khj ubah}”(h]”h ]”h"]”h$]”h&]”uh1jhjhžhhŸh³h Nubj)”}”(hŒåThe Merkle tree, as documented in :ref:`Documentation/filesystems/fsverity.rst `, with the tree levels stored in order from root to leaf, and the tree blocks within each level stored in their natural order. ”h]”hÊ)”}”(hŒäThe Merkle tree, as documented in :ref:`Documentation/filesystems/fsverity.rst `, with the tree levels stored in order from root to leaf, and the tree blocks within each level stored in their natural order.”h]”(hŒ"The Merkle tree, as documented in ”…””}”(hj%hžhhŸNh Nubh)”}”(hŒD:ref:`Documentation/filesystems/fsverity.rst `”h]”hØ)”}”(hj/h]”hŒ&Documentation/filesystems/fsverity.rst”…””}”(hj1hžhhŸNh Nubah}”(h]”h ]”(hãŒstd”Œstd-ref”eh"]”h$]”h&]”uh1h×hj-ubah}”(h]”h ]”h"]”h$]”h&]”Œrefdoc”hðŒ refdomain”j;Œreftype”Œref”Œ refexplicit”ˆŒrefwarn”ˆhöŒfsverity_merkle_tree”uh1hhŸh³h Khj%ubhŒ~, with the tree levels stored in order from root to leaf, and the tree blocks within each level stored in their natural order.”…””}”(hj%hžhhŸNh Nubeh}”(h]”h ]”h"]”h$]”h&]”uh1hÉhŸh³h Khj!ubah}”(h]”h ]”h"]”h$]”h&]”uh1jhjhžhhŸh³h Nubj)”}”(hŒ4Zero-padding to the next filesystem block boundary. ”h]”hÊ)”}”(hŒ3Zero-padding to the next filesystem block boundary.”h]”hŒ3Zero-padding to the next filesystem block boundary.”…””}”(hjahžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”uh1hÉhŸh³h Khj]ubah}”(h]”h ]”h"]”h$]”h&]”uh1jhjhžhhŸh³h Nubj)”}”(hŒ–The verity descriptor, as documented in :ref:`Documentation/filesystems/fsverity.rst `, with optionally appended signature blob. ”h]”hÊ)”}”(hŒ•The verity descriptor, as documented in :ref:`Documentation/filesystems/fsverity.rst `, with optionally appended signature blob.”h]”(hŒ(The verity descriptor, as documented in ”…””}”(hjyhžhhŸNh Nubh)”}”(hŒC:ref:`Documentation/filesystems/fsverity.rst `”h]”hØ)”}”(hjƒh]”hŒ&Documentation/filesystems/fsverity.rst”…””}”(hj…hžhhŸNh Nubah}”(h]”h ]”(hãŒstd”Œstd-ref”eh"]”h$]”h&]”uh1h×hjubah}”(h]”h ]”h"]”h$]”h&]”Œrefdoc”hðŒ refdomain”jŒreftype”Œref”Œ refexplicit”ˆŒrefwarn”ˆhöŒfsverity_descriptor”uh1hhŸh³h KhjyubhŒ*, with optionally appended signature blob.”…””}”(hjyhžhhŸNh Nubeh}”(h]”h ]”h"]”h$]”h&]”uh1hÉhŸh³h Khjuubah}”(h]”h ]”h"]”h$]”h&]”uh1jhjhžhhŸh³h Nubj)”}”(hŒTZero-padding to the next offset that is 4 bytes before a filesystem block boundary. ”h]”hÊ)”}”(hŒSZero-padding to the next offset that is 4 bytes before a filesystem block boundary.”h]”hŒSZero-padding to the next offset that is 4 bytes before a filesystem block boundary.”…””}”(hjµhžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”uh1hÉhŸh³h Khj±ubah}”(h]”h ]”h"]”h$]”h&]”uh1jhjhžhhŸh³h Nubj)”}”(hŒOThe size of the verity descriptor in bytes, as a 4-byte little endian integer. ”h]”hÊ)”}”(hŒNThe size of the verity descriptor in bytes, as a 4-byte little endian integer.”h]”hŒNThe size of the verity descriptor in bytes, as a 4-byte little endian integer.”…””}”(hjÍhžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”uh1hÉhŸh³h K hjÉubah}”(h]”h ]”h"]”h$]”h&]”uh1jhjhžhhŸh³h Nubeh}”(h]”h ]”h"]”h$]”h&]”Œbullet”Œ-”uh1jhŸh³h Khh¶hžhubhÊ)”}”(hŒ÷Verity inodes have EXT4_VERITY_FL set, and they must use extents, i.e. EXT4_EXTENTS_FL must be set and EXT4_INLINE_DATA_FL must be clear. They can have EXT4_ENCRYPT_FL set, in which case the verity metadata is encrypted as well as the data itself.”h]”hŒ÷Verity inodes have EXT4_VERITY_FL set, and they must use extents, i.e. EXT4_EXTENTS_FL must be set and EXT4_INLINE_DATA_FL must be clear. They can have EXT4_ENCRYPT_FL set, in which case the verity metadata is encrypted as well as the data itself.”…””}”(hjéhžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”uh1hÉhŸh³h K#hh¶hžhubhÊ)”}”(hŒNVerity files cannot have blocks allocated past the end of the verity metadata.”h]”hŒNVerity files cannot have blocks allocated past the end of the verity metadata.”…””}”(hj÷hžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”uh1hÉhŸh³h K(hh¶hžhubhÊ)”}”(hŒ^Verity and DAX are not compatible and attempts to set both of these flags on a file will fail.”h]”hŒ^Verity and DAX are not compatible and attempts to set both of these flags on a file will fail.”…””}”(hjhžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”uh1hÉhŸh³h K+hh¶hžhubeh}”(h]”Œ verity-files”ah ]”h"]”Œ verity files”ah$]”h&]”uh1h´hhhžhhŸh³h Kubeh}”(h]”h ]”h"]”h$]”h&]”Œsource”h³uh1hŒcurrent_source”NŒ current_line”NŒsettings”Œdocutils.frontend”ŒValues”“”)”}”(h¹NŒ generator”NŒ datestamp”NŒ source_link”NŒ source_url”NŒ toc_backlinks”Œentry”Œfootnote_backlinks”KŒ sectnum_xform”KŒstrip_comments”NŒstrip_elements_with_classes”NŒ strip_classes”NŒ report_level”KŒ halt_level”KŒexit_status_level”KŒdebug”NŒwarning_stream”NŒ traceback”ˆŒinput_encoding”Œ utf-8-sig”Œinput_encoding_error_handler”Œstrict”Œoutput_encoding”Œutf-8”Œoutput_encoding_error_handler”j>Œerror_encoding”Œutf-8”Œerror_encoding_error_handler”Œbackslashreplace”Œ language_code”Œen”Œrecord_dependencies”NŒconfig”NŒ id_prefix”hŒauto_id_prefix”Œid”Œ dump_settings”NŒdump_internals”NŒdump_transforms”NŒdump_pseudo_xml”NŒexpose_internals”NŒstrict_visitor”NŒ_disable_config”NŒ_source”h³Œ _destination”NŒ _config_files”]”Œ7/var/lib/git/docbuild/linux/Documentation/docutils.conf”aŒfile_insertion_enabled”ˆŒ raw_enabled”KŒline_length_limit”M'Œpep_references”NŒ pep_base_url”Œhttps://peps.python.org/”Œpep_file_url_template”Œpep-%04d”Œrfc_references”NŒ rfc_base_url”Œ&https://datatracker.ietf.org/doc/html/”Œ tab_width”KŒtrim_footnote_reference_space”‰Œsyntax_highlight”Œlong”Œ smart_quotes”ˆŒsmartquotes_locales”]”Œcharacter_level_inline_markup”‰Œdoctitle_xform”‰Œ docinfo_xform”KŒsectsubtitle_xform”‰Œ image_loading”Œlink”Œembed_stylesheet”‰Œcloak_email_addresses”ˆŒsection_self_link”‰Œenv”NubŒreporter”NŒindirect_targets”]”Œsubstitution_defs”}”Œsubstitution_names”}”Œrefnames”}”Œrefids”}”Œnameids”}”jjsŒ nametypes”}”j‰sh}”jh¶sŒ footnote_refs”}”Œ citation_refs”}”Œ autofootnotes”]”Œautofootnote_refs”]”Œsymbol_footnotes”]”Œsymbol_footnote_refs”]”Œ footnotes”]”Œ citations”]”Œautofootnote_start”KŒsymbol_footnote_start”KŒ id_counter”Œ collections”ŒCounter”“”}”…”R”Œparse_messages”]”Œtransform_messages”]”Œ transformer”NŒ include_log”]”Œ decoration”Nhžhub.