€•Ù)Œsphinx.addnodes”Œdocument”“”)”}”(Œ rawsource”Œ”Œchildren”]”(Œ translations”Œ LanguagesNode”“”)”}”(hhh]”(hŒ pending_xref”“”)”}”(hhh]”Œdocutils.nodes”ŒText”“”ŒChinese (Simplified)”…””}”Œparent”hsbaŒ attributes”}”(Œids”]”Œclasses”]”Œnames”]”Œdupnames”]”Œbackrefs”]”Œ refdomain”Œstd”Œreftype”Œdoc”Œ reftarget”Œ+/translations/zh_CN/filesystems/ext4/verity”Œmodname”NŒ classname”NŒ refexplicit”ˆuŒtagname”hhh ubh)”}”(hhh]”hŒChinese (Traditional)”…””}”hh2sbah}”(h]”h ]”h"]”h$]”h&]”Œ refdomain”h)Œreftype”h+Œ reftarget”Œ+/translations/zh_TW/filesystems/ext4/verity”Œmodname”NŒ classname”NŒ refexplicit”ˆuh1hhh ubh)”}”(hhh]”hŒItalian”…””}”hhFsbah}”(h]”h ]”h"]”h$]”h&]”Œ refdomain”h)Œreftype”h+Œ reftarget”Œ+/translations/it_IT/filesystems/ext4/verity”Œmodname”NŒ classname”NŒ refexplicit”ˆuh1hhh ubh)”}”(hhh]”hŒJapanese”…””}”hhZsbah}”(h]”h ]”h"]”h$]”h&]”Œ refdomain”h)Œreftype”h+Œ reftarget”Œ+/translations/ja_JP/filesystems/ext4/verity”Œmodname”NŒ classname”NŒ refexplicit”ˆuh1hhh ubh)”}”(hhh]”hŒKorean”…””}”hhnsbah}”(h]”h ]”h"]”h$]”h&]”Œ refdomain”h)Œreftype”h+Œ reftarget”Œ+/translations/ko_KR/filesystems/ext4/verity”Œmodname”NŒ classname”NŒ refexplicit”ˆuh1hhh ubh)”}”(hhh]”hŒPortuguese (Brazilian)”…””}”hh‚sbah}”(h]”h ]”h"]”h$]”h&]”Œ refdomain”h)Œreftype”h+Œ reftarget”Œ+/translations/pt_BR/filesystems/ext4/verity”Œmodname”NŒ classname”NŒ refexplicit”ˆuh1hhh ubh)”}”(hhh]”hŒSpanish”…””}”hh–sbah}”(h]”h ]”h"]”h$]”h&]”Œ refdomain”h)Œreftype”h+Œ reftarget”Œ+/translations/sp_SP/filesystems/ext4/verity”Œmodname”NŒ classname”NŒ refexplicit”ˆuh1hhh ubeh}”(h]”h ]”h"]”h$]”h&]”Œcurrent_language”ŒEnglish”uh1h hhŒ _document”hŒsource”NŒline”NubhŒcomment”“”)”}”(hŒ SPDX-License-Identifier: GPL-2.0”h]”hŒ SPDX-License-Identifier: GPL-2.0”…””}”hh·sbah}”(h]”h ]”h"]”h$]”h&]”Œ xml:space”Œpreserve”uh1hµhhh²hh³ŒE/var/lib/git/docbuild/linux/Documentation/filesystems/ext4/verity.rst”h´KubhŒsection”“”)”}”(hhh]”(hŒtitle”“”)”}”(hŒ Verity files”h]”hŒ Verity files”…””}”(hhÏh²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”uh1hÍhhÊh²hh³hÇh´KubhŒ paragraph”“”)”}”(hXÐext4 supports fs-verity, which is a filesystem feature that provides Merkle tree based hashing for individual readonly files. Most of fs-verity is common to all filesystems that support it; see :ref:`Documentation/filesystems/fsverity.rst ` for the fs-verity documentation. However, the on-disk layout of the verity metadata is filesystem-specific. On ext4, the verity metadata is stored after the end of the file data itself, in the following format:”h]”(hŒÃext4 supports fs-verity, which is a filesystem feature that provides Merkle tree based hashing for individual readonly files. Most of fs-verity is common to all filesystems that support it; see ”…””}”(hhßh²hh³Nh´Nubh)”}”(hŒ8:ref:`Documentation/filesystems/fsverity.rst `”h]”hŒinline”“”)”}”(hhéh]”hŒ&Documentation/filesystems/fsverity.rst”…””}”(hhíh²hh³Nh´Nubah}”(h]”h ]”(Œxref”Œstd”Œstd-ref”eh"]”h$]”h&]”uh1hëhhçubah}”(h]”h ]”h"]”h$]”h&]”Œrefdoc”Œfilesystems/ext4/verity”Œ refdomain”høŒreftype”Œref”Œ refexplicit”ˆŒrefwarn”ˆŒ reftarget”Œfsverity”uh1hh³hÇh´KhhßubhŒÕ for the fs-verity documentation. However, the on-disk layout of the verity metadata is filesystem-specific. On ext4, the verity metadata is stored after the end of the file data itself, in the following format:”…””}”(hhßh²hh³Nh´Nubeh}”(h]”h ]”h"]”h$]”h&]”uh1hÝh³hÇh´KhhÊh²hubhŒ bullet_list”“”)”}”(hhh]”(hŒ list_item”“”)”}”(hŒ{Zero-padding to the next 65536-byte boundary. This padding need not actually be allocated on-disk, i.e. it may be a hole. ”h]”hÞ)”}”(hŒzZero-padding to the next 65536-byte boundary. This padding need not actually be allocated on-disk, i.e. it may be a hole.”h]”hŒzZero-padding to the next 65536-byte boundary. This padding need not actually be allocated on-disk, i.e. it may be a hole.”…””}”(hj!h²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”uh1hÝh³hÇh´Khjubah}”(h]”h ]”h"]”h$]”h&]”uh1jhjh²hh³hÇh´Nubj)”}”(hŒåThe Merkle tree, as documented in :ref:`Documentation/filesystems/fsverity.rst `, with the tree levels stored in order from root to leaf, and the tree blocks within each level stored in their natural order. ”h]”hÞ)”}”(hŒäThe Merkle tree, as documented in :ref:`Documentation/filesystems/fsverity.rst `, with the tree levels stored in order from root to leaf, and the tree blocks within each level stored in their natural order.”h]”(hŒ"The Merkle tree, as documented in ”…””}”(hj9h²hh³Nh´Nubh)”}”(hŒD:ref:`Documentation/filesystems/fsverity.rst `”h]”hì)”}”(hjCh]”hŒ&Documentation/filesystems/fsverity.rst”…””}”(hjEh²hh³Nh´Nubah}”(h]”h ]”(h÷Œstd”Œstd-ref”eh"]”h$]”h&]”uh1hëhjAubah}”(h]”h ]”h"]”h$]”h&]”Œrefdoc”jŒ refdomain”jOŒreftype”Œref”Œ refexplicit”ˆŒrefwarn”ˆj Œfsverity_merkle_tree”uh1hh³hÇh´Khj9ubhŒ~, with the tree levels stored in order from root to leaf, and the tree blocks within each level stored in their natural order.”…””}”(hj9h²hh³Nh´Nubeh}”(h]”h ]”h"]”h$]”h&]”uh1hÝh³hÇh´Khj5ubah}”(h]”h ]”h"]”h$]”h&]”uh1jhjh²hh³hÇh´Nubj)”}”(hŒ4Zero-padding to the next filesystem block boundary. ”h]”hÞ)”}”(hŒ3Zero-padding to the next filesystem block boundary.”h]”hŒ3Zero-padding to the next filesystem block boundary.”…””}”(hjuh²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”uh1hÝh³hÇh´Khjqubah}”(h]”h ]”h"]”h$]”h&]”uh1jhjh²hh³hÇh´Nubj)”}”(hŒ–The verity descriptor, as documented in :ref:`Documentation/filesystems/fsverity.rst `, with optionally appended signature blob. ”h]”hÞ)”}”(hŒ•The verity descriptor, as documented in :ref:`Documentation/filesystems/fsverity.rst `, with optionally appended signature blob.”h]”(hŒ(The verity descriptor, as documented in ”…””}”(hjh²hh³Nh´Nubh)”}”(hŒC:ref:`Documentation/filesystems/fsverity.rst `”h]”hì)”}”(hj—h]”hŒ&Documentation/filesystems/fsverity.rst”…””}”(hj™h²hh³Nh´Nubah}”(h]”h ]”(h÷Œstd”Œstd-ref”eh"]”h$]”h&]”uh1hëhj•ubah}”(h]”h ]”h"]”h$]”h&]”Œrefdoc”jŒ refdomain”j£Œreftype”Œref”Œ refexplicit”ˆŒrefwarn”ˆj Œfsverity_descriptor”uh1hh³hÇh´KhjubhŒ*, with optionally appended signature blob.”…””}”(hjh²hh³Nh´Nubeh}”(h]”h ]”h"]”h$]”h&]”uh1hÝh³hÇh´Khj‰ubah}”(h]”h ]”h"]”h$]”h&]”uh1jhjh²hh³hÇh´Nubj)”}”(hŒTZero-padding to the next offset that is 4 bytes before a filesystem block boundary. ”h]”hÞ)”}”(hŒSZero-padding to the next offset that is 4 bytes before a filesystem block boundary.”h]”hŒSZero-padding to the next offset that is 4 bytes before a filesystem block boundary.”…””}”(hjÉh²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”uh1hÝh³hÇh´KhjÅubah}”(h]”h ]”h"]”h$]”h&]”uh1jhjh²hh³hÇh´Nubj)”}”(hŒOThe size of the verity descriptor in bytes, as a 4-byte little endian integer. ”h]”hÞ)”}”(hŒNThe size of the verity descriptor in bytes, as a 4-byte little endian integer.”h]”hŒNThe size of the verity descriptor in bytes, as a 4-byte little endian integer.”…””}”(hjáh²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”uh1hÝh³hÇh´K hjÝubah}”(h]”h ]”h"]”h$]”h&]”uh1jhjh²hh³hÇh´Nubeh}”(h]”h ]”h"]”h$]”h&]”Œbullet”Œ-”uh1jh³hÇh´KhhÊh²hubhÞ)”}”(hŒ÷Verity inodes have EXT4_VERITY_FL set, and they must use extents, i.e. EXT4_EXTENTS_FL must be set and EXT4_INLINE_DATA_FL must be clear. They can have EXT4_ENCRYPT_FL set, in which case the verity metadata is encrypted as well as the data itself.”h]”hŒ÷Verity inodes have EXT4_VERITY_FL set, and they must use extents, i.e. EXT4_EXTENTS_FL must be set and EXT4_INLINE_DATA_FL must be clear. They can have EXT4_ENCRYPT_FL set, in which case the verity metadata is encrypted as well as the data itself.”…””}”(hjýh²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”uh1hÝh³hÇh´K#hhÊh²hubhÞ)”}”(hŒNVerity files cannot have blocks allocated past the end of the verity metadata.”h]”hŒNVerity files cannot have blocks allocated past the end of the verity metadata.”…””}”(hj h²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”uh1hÝh³hÇh´K(hhÊh²hubhÞ)”}”(hŒ^Verity and DAX are not compatible and attempts to set both of these flags on a file will fail.”h]”hŒ^Verity and DAX are not compatible and attempts to set both of these flags on a file will fail.”…””}”(hjh²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”uh1hÝh³hÇh´K+hhÊh²hubeh}”(h]”Œ verity-files”ah ]”h"]”Œ verity files”ah$]”h&]”uh1hÈhhh²hh³hÇh´Kubeh}”(h]”h ]”h"]”h$]”h&]”Œsource”hÇuh1hŒcurrent_source”NŒ current_line”NŒsettings”Œdocutils.frontend”ŒValues”“”)”}”(hÍNŒ generator”NŒ datestamp”NŒ source_link”NŒ source_url”NŒ toc_backlinks”Œentry”Œfootnote_backlinks”KŒ sectnum_xform”KŒstrip_comments”NŒstrip_elements_with_classes”NŒ strip_classes”NŒ report_level”KŒ halt_level”KŒexit_status_level”KŒdebug”NŒwarning_stream”NŒ traceback”ˆŒinput_encoding”Œ utf-8-sig”Œinput_encoding_error_handler”Œstrict”Œoutput_encoding”Œutf-8”Œoutput_encoding_error_handler”jRŒerror_encoding”Œutf-8”Œerror_encoding_error_handler”Œbackslashreplace”Œ language_code”Œen”Œrecord_dependencies”NŒconfig”NŒ id_prefix”hŒauto_id_prefix”Œid”Œ dump_settings”NŒdump_internals”NŒdump_transforms”NŒdump_pseudo_xml”NŒexpose_internals”NŒstrict_visitor”NŒ_disable_config”NŒ_source”hÇŒ _destination”NŒ _config_files”]”Œ7/var/lib/git/docbuild/linux/Documentation/docutils.conf”aŒfile_insertion_enabled”ˆŒ raw_enabled”KŒline_length_limit”M'Œpep_references”NŒ pep_base_url”Œhttps://peps.python.org/”Œpep_file_url_template”Œpep-%04d”Œrfc_references”NŒ rfc_base_url”Œ&https://datatracker.ietf.org/doc/html/”Œ tab_width”KŒtrim_footnote_reference_space”‰Œsyntax_highlight”Œlong”Œ smart_quotes”ˆŒsmartquotes_locales”]”Œcharacter_level_inline_markup”‰Œdoctitle_xform”‰Œ docinfo_xform”KŒsectsubtitle_xform”‰Œ image_loading”Œlink”Œembed_stylesheet”‰Œcloak_email_addresses”ˆŒsection_self_link”‰Œenv”NubŒreporter”NŒindirect_targets”]”Œsubstitution_defs”}”Œsubstitution_names”}”Œrefnames”}”Œrefids”}”Œnameids”}”j,j)sŒ nametypes”}”j,‰sh}”j)hÊsŒ footnote_refs”}”Œ citation_refs”}”Œ autofootnotes”]”Œautofootnote_refs”]”Œsymbol_footnotes”]”Œsymbol_footnote_refs”]”Œ footnotes”]”Œ citations”]”Œautofootnote_start”KŒsymbol_footnote_start”KŒ id_counter”Œ collections”ŒCounter”“”}”…”R”Œparse_messages”]”Œtransform_messages”]”Œ transformer”NŒ include_log”]”Œ decoration”Nh²hub.