rsphinx.addnodesdocument)}( rawsourcechildren]( translations LanguagesNode)}(hhh](h pending_xref)}(hhh]docutils.nodesTextChinese (Simplified)}parenthsba attributes}(ids]classes]names]dupnames]backrefs] refdomainstdreftypedoc reftarget4/translations/zh_CN/filesystems/ubifs-authenticationmodnameN classnameN refexplicitutagnamehhh ubh)}(hhh]hChinese (Traditional)}hh2sbah}(h]h ]h"]h$]h&] refdomainh)reftypeh+ reftarget4/translations/zh_TW/filesystems/ubifs-authenticationmodnameN classnameN refexplicituh1hhh ubh)}(hhh]hItalian}hhFsbah}(h]h ]h"]h$]h&] refdomainh)reftypeh+ reftarget4/translations/it_IT/filesystems/ubifs-authenticationmodnameN classnameN refexplicituh1hhh ubh)}(hhh]hJapanese}hhZsbah}(h]h ]h"]h$]h&] refdomainh)reftypeh+ reftarget4/translations/ja_JP/filesystems/ubifs-authenticationmodnameN classnameN refexplicituh1hhh ubh)}(hhh]hKorean}hhnsbah}(h]h ]h"]h$]h&] refdomainh)reftypeh+ reftarget4/translations/ko_KR/filesystems/ubifs-authenticationmodnameN classnameN refexplicituh1hhh ubh)}(hhh]hSpanish}hhsbah}(h]h ]h"]h$]h&] refdomainh)reftypeh+ reftarget4/translations/sp_SP/filesystems/ubifs-authenticationmodnameN classnameN refexplicituh1hhh ubeh}(h]h ]h"]h$]h&]current_languageEnglishuh1h hh _documenthsourceNlineNubhcomment)}(h SPDX-License-Identifier: GPL-2.0h]h SPDX-License-Identifier: GPL-2.0}hhsbah}(h]h ]h"]h$]h&] xml:spacepreserveuh1hhhhhhN/var/lib/git/docbuild/linux/Documentation/filesystems/ubifs-authentication.rsthKubh)}(hUBIFS Authenticationh]hUBIFS Authentication}hhsbah}(h]h ]h"]h$]h&]hhuh1hhhhhhhhKubh)}(hsigma star gmbhh]hsigma star gmbh}hhsbah}(h]h ]h"]h$]h&]hhuh1hhhhhhhhKubh)}(h2018h]h2018}hhsbah}(h]h ]h"]h$]h&]hhuh1hhhhhhhhKubhsection)}(hhh](htitle)}(hUBIFS Authentication Supporth]hUBIFS Authentication Support}(hhhhhNhNubah}(h]h ]h"]h$]h&]uh1hhhhhhhhK ubh)}(hhh](h)}(h Introductionh]h Introduction}(hhhhhNhNubah}(h]h ]h"]h$]h&]uh1hhhhhhhhK ubh paragraph)}(hXeUBIFS utilizes the fscrypt framework to provide confidentiality for file contents and file names. This prevents attacks where an attacker is able to read contents of the filesystem on a single point in time. A classic example is a lost smartphone where the attacker is unable to read personal data stored on the device without the filesystem decryption key.h]hXeUBIFS utilizes the fscrypt framework to provide confidentiality for file contents and file names. This prevents attacks where an attacker is able to read contents of the filesystem on a single point in time. A classic example is a lost smartphone where the attacker is unable to read personal data stored on the device without the filesystem decryption key.}(hjhhhNhNubah}(h]h ]h"]h$]h&]uh1jhhhKhhhhubj)}(hXAt the current state, UBIFS encryption however does not prevent attacks where the attacker is able to modify the filesystem contents and the user uses the device afterwards. In such a scenario an attacker can modify filesystem contents arbitrarily without the user noticing. One example is to modify a binary to perform a malicious action when executed [DMC-CBC-ATTACK]. Since most of the filesystem metadata of UBIFS is stored in plain, this makes it fairly easy to swap files and replace their contents.h]hXAt the current state, UBIFS encryption however does not prevent attacks where the attacker is able to modify the filesystem contents and the user uses the device afterwards. In such a scenario an attacker can modify filesystem contents arbitrarily without the user noticing. One example is to modify a binary to perform a malicious action when executed [DMC-CBC-ATTACK]. Since most of the filesystem metadata of UBIFS is stored in plain, this makes it fairly easy to swap files and replace their contents.}(hjhhhNhNubah}(h]h ]h"]h$]h&]uh1jhhhKhhhhubj)}(hXOther full disk encryption systems like dm-crypt cover all filesystem metadata, which makes such kinds of attacks more complicated, but not impossible. Especially, if the attacker is given access to the device multiple points in time. For dm-crypt and other filesystems that build upon the Linux block IO layer, the dm-integrity or dm-verity subsystems [DM-INTEGRITY, DM-VERITY] can be used to get full data authentication at the block layer. These can also be combined with dm-crypt [CRYPTSETUP2].h]hXOther full disk encryption systems like dm-crypt cover all filesystem metadata, which makes such kinds of attacks more complicated, but not impossible. Especially, if the attacker is given access to the device multiple points in time. For dm-crypt and other filesystems that build upon the Linux block IO layer, the dm-integrity or dm-verity subsystems [DM-INTEGRITY, DM-VERITY] can be used to get full data authentication at the block layer. These can also be combined with dm-crypt [CRYPTSETUP2].}(hj"hhhNhNubah}(h]h ]h"]h$]h&]uh1jhhhKhhhhubj)}(hXzThis document describes an approach to get file contents _and_ full metadata authentication for UBIFS. Since UBIFS uses fscrypt for file contents and file name encryption, the authentication system could be tied into fscrypt such that existing features like key derivation can be utilized. It should however also be possible to use UBIFS authentication without using encryption.h]hXzThis document describes an approach to get file contents _and_ full metadata authentication for UBIFS. Since UBIFS uses fscrypt for file contents and file name encryption, the authentication system could be tied into fscrypt such that existing features like key derivation can be utilized. It should however also be possible to use UBIFS authentication without using encryption.}(hj0hhhNhNubah}(h]h ]h"]h$]h&]uh1jhhhK$hhhhubh)}(hhh](h)}(hMTD, UBI & UBIFSh]hMTD, UBI & UBIFS}(hjAhhhNhNubah}(h]h ]h"]h$]h&]uh1hhj>hhhhhK,ubj)}(hXOn Linux, the MTD (Memory Technology Devices) subsystem provides a uniform interface to access raw flash devices. One of the more prominent subsystems that work on top of MTD is UBI (Unsorted Block Images). It provides volume management for flash devices and is thus somewhat similar to LVM for block devices. In addition, it deals with flash-specific wear-leveling and transparent I/O error handling. UBI offers logical erase blocks (LEBs) to the layers on top of it and maps them transparently to physical erase blocks (PEBs) on the flash.h]hXOn Linux, the MTD (Memory Technology Devices) subsystem provides a uniform interface to access raw flash devices. One of the more prominent subsystems that work on top of MTD is UBI (Unsorted Block Images). It provides volume management for flash devices and is thus somewhat similar to LVM for block devices. In addition, it deals with flash-specific wear-leveling and transparent I/O error handling. UBI offers logical erase blocks (LEBs) to the layers on top of it and maps them transparently to physical erase blocks (PEBs) on the flash.}(hjOhhhNhNubah}(h]h ]h"]h$]h&]uh1jhhhK.hj>hhubj)}(hUBIFS is a filesystem for raw flash which operates on top of UBI. Thus, wear leveling and some flash specifics are left to UBI, while UBIFS focuses on scalability, performance and recoverability.h]hUBIFS is a filesystem for raw flash which operates on top of UBI. Thus, wear leveling and some flash specifics are left to UBI, while UBIFS focuses on scalability, performance and recoverability.}(hj]hhhNhNubah}(h]h ]h"]h$]h&]uh1jhhhK6hj>hhubh literal_block)}(hX;+------------+ +*******+ +-----------+ +-----+ | | * UBIFS * | UBI-BLOCK | | ... | | JFFS/JFFS2 | +*******+ +-----------+ +-----+ | | +-----------------------------+ +-----------+ +-----+ | | | UBI | | MTD-BLOCK | | ... | +------------+ +-----------------------------+ +-----------+ +-----+ +------------------------------------------------------------------+ | MEMORY TECHNOLOGY DEVICES (MTD) | +------------------------------------------------------------------+ +-----------------------------+ +--------------------------+ +-----+ | NAND DRIVERS | | NOR DRIVERS | | ... | +-----------------------------+ +--------------------------+ +-----+ Figure 1: Linux kernel subsystems for dealing with raw flashh]hX;+------------+ +*******+ +-----------+ +-----+ | | * UBIFS * | UBI-BLOCK | | ... | | JFFS/JFFS2 | +*******+ +-----------+ +-----+ | | +-----------------------------+ +-----------+ +-----+ | | | UBI | | MTD-BLOCK | | ... | +------------+ +-----------------------------+ +-----------+ +-----+ +------------------------------------------------------------------+ | MEMORY TECHNOLOGY DEVICES (MTD) | +------------------------------------------------------------------+ +-----------------------------+ +--------------------------+ +-----+ | NAND DRIVERS | | NOR DRIVERS | | ... | +-----------------------------+ +--------------------------+ +-----+ Figure 1: Linux kernel subsystems for dealing with raw flash}hjmsbah}(h]h ]h"]h$]h&]hhuh1jkhhhKhhubj)}(hVInternally, UBIFS maintains multiple data structures which are persisted on the flash:h]hVInternally, UBIFS maintains multiple data structures which are persisted on the flash:}(hj{hhhNhNubah}(h]h ]h"]h$]h&]uh1jhhhKMhj>hhubh bullet_list)}(hhh](h list_item)}(hI*Index*: an on-flash B+ tree where the leaf nodes contain filesystem datah]j)}(hjh](hemphasis)}(h*Index*h]hIndex}(hjhhhNhNubah}(h]h ]h"]h$]h&]uh1jhjubhB: an on-flash B+ tree where the leaf nodes contain filesystem data}(hjhhhNhNubeh}(h]h ]h"]h$]h&]uh1jhhhKPhjubah}(h]h ]h"]h$]h&]uh1jhjhhhhhNubj)}(hw*Journal*: an additional data structure to collect FS changes before updating the on-flash index and reduce flash wear.h]j)}(hw*Journal*: an additional data structure to collect FS changes before updating the on-flash index and reduce flash wear.h](j)}(h *Journal*h]hJournal}(hjhhhNhNubah}(h]h ]h"]h$]h&]uh1jhjubhn: an additional data structure to collect FS changes before updating the on-flash index and reduce flash wear.}(hjhhhNhNubeh}(h]h ]h"]h$]h&]uh1jhhhKQhjubah}(h]h ]h"]h$]h&]uh1jhjhhhhhNubj)}(h*Tree Node Cache (TNC)*: an in-memory B+ tree that reflects the current FS state to avoid frequent flash reads. It is basically the in-memory representation of the index, but contains additional attributes.h]j)}(h*Tree Node Cache (TNC)*: an in-memory B+ tree that reflects the current FS state to avoid frequent flash reads. It is basically the in-memory representation of the index, but contains additional attributes.h](j)}(h*Tree Node Cache (TNC)*h]hTree Node Cache (TNC)}(hjhhhNhNubah}(h]h ]h"]h$]h&]uh1jhjubh: an in-memory B+ tree that reflects the current FS state to avoid frequent flash reads. It is basically the in-memory representation of the index, but contains additional attributes.}(hjhhhNhNubeh}(h]h ]h"]h$]h&]uh1jhhhKShjubah}(h]h ]h"]h$]h&]uh1jhjhhhhhNubj)}(hV*LEB property tree (LPT)*: an on-flash B+ tree for free space accounting per UBI LEB. h]j)}(hU*LEB property tree (LPT)*: an on-flash B+ tree for free space accounting per UBI LEB.h](j)}(h*LEB property tree (LPT)*h]hLEB property tree (LPT)}(hj hhhNhNubah}(h]h ]h"]h$]h&]uh1jhjubh<: an on-flash B+ tree for free space accounting per UBI LEB.}(hjhhhNhNubeh}(h]h ]h"]h$]h&]uh1jhhhKVhjubah}(h]h ]h"]h$]h&]uh1jhjhhhhhNubeh}(h]h ]h"]h$]h&]bullet-uh1jhhhKPhj>hhubj)}(hIn the remainder of this section we will cover the on-flash UBIFS data structures in more detail. The TNC is of less importance here since it is never persisted onto the flash directly. More details on UBIFS can also be found in [UBIFS-WP].h]hIn the remainder of this section we will cover the on-flash UBIFS data structures in more detail. The TNC is of less importance here since it is never persisted onto the flash directly. More details on UBIFS can also be found in [UBIFS-WP].}(hj1hhhNhNubah}(h]h ]h"]h$]h&]uh1jhhhKYhj>hhubh)}(hhh](h)}(hUBIFS Index & Tree Node Cacheh]hUBIFS Index & Tree Node Cache}(hjBhhhNhNubah}(h]h ]h"]h$]h&]uh1hhj?hhhhhK`ubj)}(hXEBasic on-flash UBIFS entities are called *nodes*. UBIFS knows different types of nodes. Eg. data nodes (``struct ubifs_data_node``) which store chunks of file contents or inode nodes (``struct ubifs_ino_node``) which represent VFS inodes. Almost all types of nodes share a common header (``ubifs_ch``) containing basic information like node type, node length, a sequence number, etc. (see ``fs/ubifs/ubifs-media.h`` in kernel source). Exceptions are entries of the LPT and some less important node types like padding nodes which are used to pad unusable content at the end of LEBs.h](h)Basic on-flash UBIFS entities are called }(hjPhhhNhNubj)}(h*nodes*h]hnodes}(hjXhhhNhNubah}(h]h ]h"]h$]h&]uh1jhjPubh8. UBIFS knows different types of nodes. Eg. data nodes (}(hjPhhhNhNubhliteral)}(h``struct ubifs_data_node``h]hstruct ubifs_data_node}(hjlhhhNhNubah}(h]h ]h"]h$]h&]uh1jjhjPubh6) which store chunks of file contents or inode nodes (}(hjPhhhNhNubjk)}(h``struct ubifs_ino_node``h]hstruct ubifs_ino_node}(hj~hhhNhNubah}(h]h ]h"]h$]h&]uh1jjhjPubhO) which represent VFS inodes. Almost all types of nodes share a common header (}(hjPhhhNhNubjk)}(h ``ubifs_ch``h]hubifs_ch}(hjhhhNhNubah}(h]h ]h"]h$]h&]uh1jjhjPubhY) containing basic information like node type, node length, a sequence number, etc. (see }(hjPhhhNhNubjk)}(h``fs/ubifs/ubifs-media.h``h]hfs/ubifs/ubifs-media.h}(hjhhhNhNubah}(h]h ]h"]h$]h&]uh1jjhjPubh in kernel source). Exceptions are entries of the LPT and some less important node types like padding nodes which are used to pad unusable content at the end of LEBs.}(hjPhhhNhNubeh}(h]h ]h"]h$]h&]uh1jhhhKbhj?hhubj)}(hX.To avoid re-writing the whole B+ tree on every single change, it is implemented as *wandering tree*, where only the changed nodes are re-written and previous versions of them are obsoleted without erasing them right away. As a result, the index is not stored in a single place on the flash, but *wanders* around and there are obsolete parts on the flash as long as the LEB containing them is not reused by UBIFS. To find the most recent version of the index, UBIFS stores a special node called *master node* into UBI LEB 1 which always points to the most recent root node of the UBIFS index. For recoverability, the master node is additionally duplicated to LEB 2. Mounting UBIFS is thus a simple read of LEB 1 and 2 to get the current master node and from there get the location of the most recent on-flash index.h](hSTo avoid re-writing the whole B+ tree on every single change, it is implemented as }(hjhhhNhNubj)}(h*wandering tree*h]hwandering tree}(hjhhhNhNubah}(h]h ]h"]h$]h&]uh1jhjubh, where only the changed nodes are re-written and previous versions of them are obsoleted without erasing them right away. As a result, the index is not stored in a single place on the flash, but }(hjhhhNhNubj)}(h *wanders*h]hwanders}(hjhhhNhNubah}(h]h ]h"]h$]h&]uh1jhjubh around and there are obsolete parts on the flash as long as the LEB containing them is not reused by UBIFS. To find the most recent version of the index, UBIFS stores a special node called }(hjhhhNhNubj)}(h *master node*h]h master node}(hjhhhNhNubah}(h]h ]h"]h$]h&]uh1jhjubhX3 into UBI LEB 1 which always points to the most recent root node of the UBIFS index. For recoverability, the master node is additionally duplicated to LEB 2. Mounting UBIFS is thus a simple read of LEB 1 and 2 to get the current master node and from there get the location of the most recent on-flash index.}(hjhhhNhNubeh}(h]h ]h"]h$]h&]uh1jhhhKkhj?hhubj)}(hXThe TNC is the in-memory representation of the on-flash index. It contains some additional runtime attributes per node which are not persisted. One of these is a dirty-flag which marks nodes that have to be persisted the next time the index is written onto the flash. The TNC acts as a write-back cache and all modifications of the on-flash index are done through the TNC. Like other caches, the TNC does not have to mirror the full index into memory, but reads parts of it from flash whenever needed. A *commit* is the UBIFS operation of updating the on-flash filesystem structures like the index. On every commit, the TNC nodes marked as dirty are written to the flash to update the persisted index.h](hXThe TNC is the in-memory representation of the on-flash index. It contains some additional runtime attributes per node which are not persisted. One of these is a dirty-flag which marks nodes that have to be persisted the next time the index is written onto the flash. The TNC acts as a write-back cache and all modifications of the on-flash index are done through the TNC. Like other caches, the TNC does not have to mirror the full index into memory, but reads parts of it from flash whenever needed. A }(hjhhhNhNubj)}(h*commit*h]hcommit}(hjhhhNhNubah}(h]h ]h"]h$]h&]uh1jhjubh is the UBIFS operation of updating the on-flash filesystem structures like the index. On every commit, the TNC nodes marked as dirty are written to the flash to update the persisted index.}(hjhhhNhNubeh}(h]h ]h"]h$]h&]uh1jhhhKwhj?hhubeh}(h]ubifs-index-tree-node-cacheah ]h"]ubifs index & tree node cacheah$]h&]uh1hhj>hhhhhK`ubh)}(hhh](h)}(hJournalh]hJournal}(hj)hhhNhNubah}(h]h ]h"]h$]h&]uh1hhj&hhhhhKubj)}(hXuTo avoid wearing out the flash, the index is only persisted (*committed*) when certain conditions are met (eg. ``fsync(2)``). The journal is used to record any changes (in form of inode nodes, data nodes etc.) between commits of the index. During mount, the journal is read from the flash and replayed onto the TNC (which will be created on-demand from the on-flash index).h](h=To avoid wearing out the flash, the index is only persisted (}(hj7hhhNhNubj)}(h *committed*h]h committed}(hj?hhhNhNubah}(h]h ]h"]h$]h&]uh1jhj7ubh') when certain conditions are met (eg. }(hj7hhhNhNubjk)}(h ``fsync(2)``h]hfsync(2)}(hjQhhhNhNubah}(h]h ]h"]h$]h&]uh1jjhj7ubh). The journal is used to record any changes (in form of inode nodes, data nodes etc.) between commits of the index. During mount, the journal is read from the flash and replayed onto the TNC (which will be created on-demand from the on-flash index).}(hj7hhhNhNubeh}(h]h ]h"]h$]h&]uh1jhhhKhj&hhubj)}(hXUBIFS reserves a bunch of LEBs just for the journal called *log area*. The amount of log area LEBs is configured on filesystem creation (using ``mkfs.ubifs``) and stored in the superblock node. The log area contains only two types of nodes: *reference nodes* and *commit start nodes*. A commit start node is written whenever an index commit is performed. Reference nodes are written on every journal update. Each reference node points to the position of other nodes (inode nodes, data nodes etc.) on the flash that are part of this journal entry. These nodes are called *buds* and describe the actual filesystem changes including their data.h](h;UBIFS reserves a bunch of LEBs just for the journal called }(hjihhhNhNubj)}(h *log area*h]hlog area}(hjqhhhNhNubah}(h]h ]h"]h$]h&]uh1jhjiubhJ. The amount of log area LEBs is configured on filesystem creation (using }(hjihhhNhNubjk)}(h``mkfs.ubifs``h]h mkfs.ubifs}(hjhhhNhNubah}(h]h ]h"]h$]h&]uh1jjhjiubhT) and stored in the superblock node. The log area contains only two types of nodes: }(hjihhhNhNubj)}(h*reference nodes*h]hreference nodes}(hjhhhNhNubah}(h]h ]h"]h$]h&]uh1jhjiubh and }(hjihhhNhNubj)}(h*commit start nodes*h]hcommit start nodes}(hjhhhNhNubah}(h]h ]h"]h$]h&]uh1jhjiubhX. A commit start node is written whenever an index commit is performed. Reference nodes are written on every journal update. Each reference node points to the position of other nodes (inode nodes, data nodes etc.) on the flash that are part of this journal entry. These nodes are called }(hjihhhNhNubj)}(h*buds*h]hbuds}(hjhhhNhNubah}(h]h ]h"]h$]h&]uh1jhjiubhA and describe the actual filesystem changes including their data.}(hjihhhNhNubeh}(h]h ]h"]h$]h&]uh1jhhhKhj&hhubj)}(hXuThe log area is maintained as a ring. Whenever the journal is almost full, a commit is initiated. This also writes a commit start node so that during mount, UBIFS will seek for the most recent commit start node and just replay every reference node after that. Every reference node before the commit start node will be ignored as they are already part of the on-flash index.h]hXuThe log area is maintained as a ring. Whenever the journal is almost full, a commit is initiated. This also writes a commit start node so that during mount, UBIFS will seek for the most recent commit start node and just replay every reference node after that. Every reference node before the commit start node will be ignored as they are already part of the on-flash index.}(hjhhhNhNubah}(h]h ]h"]h$]h&]uh1jhhhKhj&hhubj)}(hXWhen writing a journal entry, UBIFS first ensures that enough space is available to write the reference node and buds part of this entry. Then, the reference node is written and afterwards the buds describing the file changes. On replay, UBIFS will record every reference node and inspect the location of the referenced LEBs to discover the buds. If these are corrupt or missing, UBIFS will attempt to recover them by re-reading the LEB. This is however only done for the last referenced LEB of the journal. Only this can become corrupt because of a power cut. If the recovery fails, UBIFS will not mount. An error for every other LEB will directly cause UBIFS to fail the mount operation.h]hXWhen writing a journal entry, UBIFS first ensures that enough space is available to write the reference node and buds part of this entry. Then, the reference node is written and afterwards the buds describing the file changes. On replay, UBIFS will record every reference node and inspect the location of the referenced LEBs to discover the buds. If these are corrupt or missing, UBIFS will attempt to recover them by re-reading the LEB. This is however only done for the last referenced LEB of the journal. Only this can become corrupt because of a power cut. If the recovery fails, UBIFS will not mount. An error for every other LEB will directly cause UBIFS to fail the mount operation.}(hjhhhNhNubah}(h]h ]h"]h$]h&]uh1jhhhKhj&hhubjl)}(hXf| ---- LOG AREA ---- | ---------- MAIN AREA ------------ | -----+------+-----+--------+---- ------+-----+-----+--------------- \ | | | | / / | | | \ / CS | REF | REF | | \ \ DENT | INO | INO | / \ | | | | / / | | | \ ----+------+-----+--------+--- -------+-----+-----+---------------- | | ^ ^ | | | | +------------------------+ | | | +-------------------------------+ Figure 2: UBIFS flash layout of log area with commit start nodes (CS) and reference nodes (REF) pointing to main area containing their budsh]hXf| ---- LOG AREA ---- | ---------- MAIN AREA ------------ | -----+------+-----+--------+---- ------+-----+-----+--------------- \ | | | | / / | | | \ / CS | REF | REF | | \ \ DENT | INO | INO | / \ | | | | / / | | | \ ----+------+-----+--------+--- -------+-----+-----+---------------- | | ^ ^ | | | | +------------------------+ | | | +-------------------------------+ Figure 2: UBIFS flash layout of log area with commit start nodes (CS) and reference nodes (REF) pointing to main area containing their buds}hjsbah}(h]h ]h"]h$]h&]hhuh1jkhhhKhj&hhubeh}(h]journalah ]h"]journalah$]h&]uh1hhj>hhhhhKubh)}(hhh](h)}(hLEB Property Tree/Tableh]hLEB Property Tree/Table}(hjhhhNhNubah}(h]h ]h"]h$]h&]uh1hhjhhhhhKubj)}(hX~The LEB property tree is used to store per-LEB information. This includes the LEB type and amount of free and *dirty* (old, obsolete content) space [1]_ on the LEB. The type is important, because UBIFS never mixes index nodes with data nodes on a single LEB and thus each LEB has a specific purpose. This again is useful for free space calculations. See [UBIFS-WP] for more details.h](hnThe LEB property tree is used to store per-LEB information. This includes the LEB type and amount of free and }(hjhhhNhNubj)}(h*dirty*h]hdirty}(hjhhhNhNubah}(h]h ]h"]h$]h&]uh1jhjubh (old, obsolete content) space }(hjhhhNhNubhfootnote_reference)}(h[1]_h]h1}(hj0hhhNhNubah}(h]id1ah ]h"]h$]h&]refidid2docname filesystems/ubifs-authenticationuh1j.hjresolvedKubh on the LEB. The type is important, because UBIFS never mixes index nodes with data nodes on a single LEB and thus each LEB has a specific purpose. This again is useful for free space calculations. See [UBIFS-WP] for more details.}(hjhhhNhNubeh}(h]h ]h"]h$]h&]uh1jhhhKhjhhubj)}(hThe LEB property tree again is a B+ tree, but it is much smaller than the index. Due to its smaller size it is always written as one chunk on every commit. Thus, saving the LPT is an atomic operation.h]hThe LEB property tree again is a B+ tree, but it is much smaller than the index. Due to its smaller size it is always written as one chunk on every commit. Thus, saving the LPT is an atomic operation.}(hjNhhhNhNubah}(h]h ]h"]h$]h&]uh1jhhhKhjhhubhfootnote)}(hXSince LEBs can only be appended and never overwritten, there is a difference between free space ie. the remaining space left on the LEB to be written to without erasing it and previously written content that is obsolete but can't be overwritten without erasing the full LEB. h](hlabel)}(h1h]h1}(hjdhhhNhNubah}(h]h ]h"]h$]h&]uh1jbhj^ubj)}(hXSince LEBs can only be appended and never overwritten, there is a difference between free space ie. the remaining space left on the LEB to be written to without erasing it and previously written content that is obsolete but can't be overwritten without erasing the full LEB.h]hXSince LEBs can only be appended and never overwritten, there is a difference between free space ie. the remaining space left on the LEB to be written to without erasing it and previously written content that is obsolete but can’t be overwritten without erasing the full LEB.}(hjrhhhNhNubah}(h]h ]h"]h$]h&]uh1jhhhKhj^ubeh}(h]j@ah ]h"]1ah$]h&]j:ajAjBuh1j\hhhKhjhhjCKubeh}(h]leb-property-tree-tableah ]h"]leb property tree/tableah$]h&]uh1hhj>hhhhhKubeh}(h] mtd-ubi-ubifsah ]h"]mtd, ubi & ubifsah$]h&]uh1hhhhhhhhK,ubeh}(h] introductionah ]h"] introductionah$]h&]uh1hhhhhhhhK ubh)}(hhh](h)}(hUBIFS Authenticationh]hUBIFS Authentication}(hjhhhNhNubah}(h]h ]h"]h$]h&]uh1hhjhhhhhKubj)}(hThis chapter introduces UBIFS authentication which enables UBIFS to verify the authenticity and integrity of metadata and file contents stored on flash.h]hThis chapter introduces UBIFS authentication which enables UBIFS to verify the authenticity and integrity of metadata and file contents stored on flash.}(hjhhhNhNubah}(h]h ]h"]h$]h&]uh1jhhhKhjhhubh)}(hhh](h)}(h Threat Modelh]h Threat Model}(hjhhhNhNubah}(h]h ]h"]h$]h&]uh1hhjhhhhhKubj)}(hX UBIFS authentication enables detection of offline data modification. While it does not prevent it, it enables (trusted) code to check the integrity and authenticity of on-flash file contents and filesystem metadata. This covers attacks where file contents are swapped.h]hX UBIFS authentication enables detection of offline data modification. While it does not prevent it, it enables (trusted) code to check the integrity and authenticity of on-flash file contents and filesystem metadata. This covers attacks where file contents are swapped.}(hjhhhNhNubah}(h]h ]h"]h$]h&]uh1jhhhKhjhhubj)}(hXUBIFS authentication will not protect against rollback of full flash contents. Ie. an attacker can still dump the flash and restore it at a later time without detection. It will also not protect against partial rollback of individual index commits. That means that an attacker is able to partially undo changes. This is possible because UBIFS does not immediately overwrites obsolete versions of the index tree or the journal, but instead marks them as obsolete and garbage collection erases them at a later time. An attacker can use this by erasing parts of the current tree and restoring old versions that are still on the flash and have not yet been erased. This is possible, because every commit will always write a new version of the index root node and the master node without overwriting the previous version. This is further helped by the wear-leveling operations of UBI which copies contents from one physical eraseblock to another and does not atomically erase the first eraseblock.h]hXUBIFS authentication will not protect against rollback of full flash contents. Ie. an attacker can still dump the flash and restore it at a later time without detection. It will also not protect against partial rollback of individual index commits. That means that an attacker is able to partially undo changes. This is possible because UBIFS does not immediately overwrites obsolete versions of the index tree or the journal, but instead marks them as obsolete and garbage collection erases them at a later time. An attacker can use this by erasing parts of the current tree and restoring old versions that are still on the flash and have not yet been erased. This is possible, because every commit will always write a new version of the index root node and the master node without overwriting the previous version. This is further helped by the wear-leveling operations of UBI which copies contents from one physical eraseblock to another and does not atomically erase the first eraseblock.}(hjhhhNhNubah}(h]h ]h"]h$]h&]uh1jhhhKhjhhubj)}(hXUBIFS authentication does not cover attacks where an attacker is able to execute code on the device after the authentication key was provided. Additional measures like secure boot and trusted boot have to be taken to ensure that only trusted code is executed on a device.h]hXUBIFS authentication does not cover attacks where an attacker is able to execute code on the device after the authentication key was provided. Additional measures like secure boot and trusted boot have to be taken to ensure that only trusted code is executed on a device.}(hjhhhNhNubah}(h]h ]h"]h$]h&]uh1jhhhKhjhhubeh}(h] threat-modelah ]h"] threat modelah$]h&]uh1hhjhhhhhKubh)}(hhh](h)}(hAuthenticationh]hAuthentication}(hjhhhNhNubah}(h]h ]h"]h$]h&]uh1hhjhhhhhKubj)}(huTo be able to fully trust data read from flash, all UBIFS data structures stored on flash are authenticated. That is:h]huTo be able to fully trust data read from flash, all UBIFS data structures stored on flash are authenticated. That is:}(hjhhhNhNubah}(h]h ]h"]h$]h&]uh1jhhhKhjhhubj)}(hhh](j)}(h`The index which includes file contents, file metadata like extended attributes, file length etc.h]j)}(h`The index which includes file contents, file metadata like extended attributes, file length etc.h]h`The index which includes file contents, file metadata like extended attributes, file length etc.}(hj'hhhNhNubah}(h]h ]h"]h$]h&]uh1jhhhKhj#ubah}(h]h ]h"]h$]h&]uh1jhj hhhhhNubj)}(haThe journal which also contains file contents and metadata by recording changes to the filesystemh]j)}(haThe journal which also contains file contents and metadata by recording changes to the filesystemh]haThe journal which also contains file contents and metadata by recording changes to the filesystem}(hj?hhhNhNubah}(h]h ]h"]h$]h&]uh1jhhhKhj;ubah}(h]h ]h"]h$]h&]uh1jhj hhhhhNubj)}(hRThe LPT which stores UBI LEB metadata which UBIFS uses for free space accounting h]j)}(hPThe LPT which stores UBI LEB metadata which UBIFS uses for free space accountingh]hPThe LPT which stores UBI LEB metadata which UBIFS uses for free space accounting}(hjWhhhNhNubah}(h]h ]h"]h$]h&]uh1jhhhKhjSubah}(h]h ]h"]h$]h&]uh1jhj hhhhhNubeh}(h]h ]h"]h$]h&]j/j0uh1jhhhKhjhhubh)}(hhh](h)}(hIndex Authenticationh]hIndex Authentication}(hjthhhNhNubah}(h]h ]h"]h$]h&]uh1hhjqhhhhhKubj)}(hX8Through UBIFS' concept of a wandering tree, it already takes care of only updating and persisting changed parts from leaf node up to the root node of the full B+ tree. This enables us to augment the index nodes of the tree with a hash over each node's child nodes. As a result, the index basically also a Merkle tree. Since the leaf nodes of the index contain the actual filesystem data, the hashes of their parent index nodes thus cover all the file contents and file metadata. When a file changes, the UBIFS index is updated accordingly from the leaf nodes up to the root node including the master node. This process can be hooked to recompute the hash only for each changed node at the same time. Whenever a file is read, UBIFS can verify the hashes from each leaf node up to the root node to ensure the node's integrity.h]hX>Through UBIFS’ concept of a wandering tree, it already takes care of only updating and persisting changed parts from leaf node up to the root node of the full B+ tree. This enables us to augment the index nodes of the tree with a hash over each node’s child nodes. As a result, the index basically also a Merkle tree. Since the leaf nodes of the index contain the actual filesystem data, the hashes of their parent index nodes thus cover all the file contents and file metadata. When a file changes, the UBIFS index is updated accordingly from the leaf nodes up to the root node including the master node. This process can be hooked to recompute the hash only for each changed node at the same time. Whenever a file is read, UBIFS can verify the hashes from each leaf node up to the root node to ensure the node’s integrity.}(hjhhhNhNubah}(h]h ]h"]h$]h&]uh1jhhhMhjqhhubj)}(hXTo ensure the authenticity of the whole index, the UBIFS master node stores a keyed hash (HMAC) over its own contents and a hash of the root node of the index tree. As mentioned above, the master node is always written to the flash whenever the index is persisted (ie. on index commit).h]hXTo ensure the authenticity of the whole index, the UBIFS master node stores a keyed hash (HMAC) over its own contents and a hash of the root node of the index tree. As mentioned above, the master node is always written to the flash whenever the index is persisted (ie. on index commit).}(hjhhhNhNubah}(h]h ]h"]h$]h&]uh1jhhhM hjqhhubj)}(hUsing this approach only UBIFS index nodes and the master node are changed to include a hash. All other types of nodes will remain unchanged. This reduces the storage overhead which is precious for users of UBIFS (ie. embedded devices).h]hUsing this approach only UBIFS index nodes and the master node are changed to include a hash. All other types of nodes will remain unchanged. This reduces the storage overhead which is precious for users of UBIFS (ie. embedded devices).}(hjhhhNhNubah}(h]h ]h"]h$]h&]uh1jhhhMhjqhhubjl)}(hX +---------------+ | Master Node | | (hash) | +---------------+ | v +-------------------+ | Index Node #1 | | | | branch0 branchn | | (hash) (hash) | +-------------------+ | ... | (fanout: 8) | | +-------+ +------+ | | v v +-------------------+ +-------------------+ | Index Node #2 | | Index Node #3 | | | | | | branch0 branchn | | branch0 branchn | | (hash) (hash) | | (hash) (hash) | +-------------------+ +-------------------+ | ... | ... | v v v +-----------+ +----------+ +-----------+ | Data Node | | INO Node | | DENT Node | +-----------+ +----------+ +-----------+ Figure 3: Coverage areas of index node hash and master node HMACh]hX +---------------+ | Master Node | | (hash) | +---------------+ | v +-------------------+ | Index Node #1 | | | | branch0 branchn | | (hash) (hash) | +-------------------+ | ... | (fanout: 8) | | +-------+ +------+ | | v v +-------------------+ +-------------------+ | Index Node #2 | | Index Node #3 | | | | | | branch0 branchn | | branch0 branchn | | (hash) (hash) | | (hash) (hash) | +-------------------+ +-------------------+ | ... | ... | v v v +-----------+ +----------+ +-----------+ | Data Node | | INO Node | | DENT Node | +-----------+ +----------+ +-----------+ Figure 3: Coverage areas of index node hash and master node HMAC}hjsbah}(h]h ]h"]h$]h&]hhuh1jkhhhMhjqhhubj)}(hXThe most important part for robustness and power-cut safety is to atomically persist the hash and file contents. Here the existing UBIFS logic for how changed nodes are persisted is already designed for this purpose such that UBIFS can safely recover if a power-cut occurs while persisting. Adding hashes to index nodes does not change this since each hash will be persisted atomically together with its respective node.h]hXThe most important part for robustness and power-cut safety is to atomically persist the hash and file contents. Here the existing UBIFS logic for how changed nodes are persisted is already designed for this purpose such that UBIFS can safely recover if a power-cut occurs while persisting. Adding hashes to index nodes does not change this since each hash will be persisted atomically together with its respective node.}(hjhhhNhNubah}(h]h ]h"]h$]h&]uh1jhhhM;hjqhhubeh}(h]index-authenticationah ]h"]index authenticationah$]h&]uh1hhjhhhhhKubh)}(hhh](h)}(hJournal Authenticationh]hJournal Authentication}(hjhhhNhNubah}(h]h ]h"]h$]h&]uh1hhjhhhhhMDubj)}(hXThe journal is authenticated too. Since the journal is continuously written it is necessary to also add authentication information frequently to the journal so that in case of a powercut not too much data can't be authenticated. This is done by creating a continuous hash beginning from the commit start node over the previous reference nodes, the current reference node, and the bud nodes. From time to time whenever it is suitable authentication nodes are added between the bud nodes. This new node type contains a HMAC over the current state of the hash chain. That way a journal can be authenticated up to the last authentication node. The tail of the journal which may not have a authentication node cannot be authenticated and is skipped during journal replay.h]hXThe journal is authenticated too. Since the journal is continuously written it is necessary to also add authentication information frequently to the journal so that in case of a powercut not too much data can’t be authenticated. This is done by creating a continuous hash beginning from the commit start node over the previous reference nodes, the current reference node, and the bud nodes. From time to time whenever it is suitable authentication nodes are added between the bud nodes. This new node type contains a HMAC over the current state of the hash chain. That way a journal can be authenticated up to the last authentication node. The tail of the journal which may not have a authentication node cannot be authenticated and is skipped during journal replay.}(hjhhhNhNubah}(h]h ]h"]h$]h&]uh1jhhhMFhjhhubj)}(h0We get this picture for journal authentication::h]h/We get this picture for journal authentication:}(hjhhhNhNubah}(h]h ]h"]h$]h&]uh1jhhhMQhjhhubjl)}(hX3,,,,,,,, ,......,........................................... ,. CS , hash1.----. hash2.----. ,. | , . |hmac . |hmac ,. v , . v . v ,.REF#0,-> bud -> bud -> bud.-> auth -> bud -> bud.-> auth ... ,..|...,........................................... , | , , | ,,,,,,,,,,,,,,, . | hash3,----. , | , |hmac , v , v , REF#1 -> bud -> bud,-> auth ... ,,,|,,,,,,,,,,,,,,,,,, v REF#2 -> ... | V ...h]hX3,,,,,,,, ,......,........................................... ,. CS , hash1.----. hash2.----. ,. | , . |hmac . |hmac ,. v , . v . v ,.REF#0,-> bud -> bud -> bud.-> auth -> bud -> bud.-> auth ... ,..|...,........................................... , | , , | ,,,,,,,,,,,,,,, . | hash3,----. , | , |hmac , v , v , REF#1 -> bud -> bud,-> auth ... ,,,|,,,,,,,,,,,,,,,,,, v REF#2 -> ... | V ...}hjsbah}(h]h ]h"]h$]h&]hhuh1jkhhhMShjhhubj)}(hXSince the hash also includes the reference nodes an attacker cannot reorder or skip any journal heads for replay. An attacker can only remove bud nodes or reference nodes from the end of the journal, effectively rewinding the filesystem at maximum back to the last commit.h]hXSince the hash also includes the reference nodes an attacker cannot reorder or skip any journal heads for replay. An attacker can only remove bud nodes or reference nodes from the end of the journal, effectively rewinding the filesystem at maximum back to the last commit.}(hj hhhNhNubah}(h]h ]h"]h$]h&]uh1jhhhMghjhhubj)}(hXThe location of the log area is stored in the master node. Since the master node is authenticated with a HMAC as described above, it is not possible to tamper with that without detection. The size of the log area is specified when the filesystem is created using `mkfs.ubifs` and stored in the superblock node. To avoid tampering with this and other values stored there, a HMAC is added to the superblock struct. The superblock node is stored in LEB 0 and is only modified on feature flag or similar changes, but never on file changes.h](hXThe location of the log area is stored in the master node. Since the master node is authenticated with a HMAC as described above, it is not possible to tamper with that without detection. The size of the log area is specified when the filesystem is created using }(hjhhhNhNubhtitle_reference)}(h `mkfs.ubifs`h]h mkfs.ubifs}(hj#hhhNhNubah}(h]h ]h"]h$]h&]uh1j!hjubhX and stored in the superblock node. To avoid tampering with this and other values stored there, a HMAC is added to the superblock struct. The superblock node is stored in LEB 0 and is only modified on feature flag or similar changes, but never on file changes.}(hjhhhNhNubeh}(h]h ]h"]h$]h&]uh1jhhhMlhjhhubeh}(h]journal-authenticationah ]h"]journal authenticationah$]h&]uh1hhjhhhhhMDubh)}(hhh](h)}(hLPT Authenticationh]hLPT Authentication}(hjFhhhNhNubah}(h]h ]h"]h$]h&]uh1hhjChhhhhMvubj)}(hXThe location of the LPT root node on the flash is stored in the UBIFS master node. Since the LPT is written and read atomically on every commit, there is no need to authenticate individual nodes of the tree. It suffices to protect the integrity of the full LPT by a simple hash stored in the master node. Since the master node itself is authenticated, the LPTs authenticity can be verified by verifying the authenticity of the master node and comparing the LTP hash stored there with the hash computed from the read on-flash LPT.h]hXThe location of the LPT root node on the flash is stored in the UBIFS master node. Since the LPT is written and read atomically on every commit, there is no need to authenticate individual nodes of the tree. It suffices to protect the integrity of the full LPT by a simple hash stored in the master node. Since the master node itself is authenticated, the LPTs authenticity can be verified by verifying the authenticity of the master node and comparing the LTP hash stored there with the hash computed from the read on-flash LPT.}(hjThhhNhNubah}(h]h ]h"]h$]h&]uh1jhhhMxhjChhubeh}(h]lpt-authenticationah ]h"]lpt authenticationah$]h&]uh1hhjhhhhhMvubeh}(h]authenticationah ]h"]authenticationah$]h&]uh1hhjhhhhhKubh)}(hhh](h)}(hKey Managementh]hKey Management}(hjuhhhNhNubah}(h]h ]h"]h$]h&]uh1hhjrhhhhhMubj)}(hXpFor simplicity, UBIFS authentication uses a single key to compute the HMACs of superblock, master, commit start and reference nodes. This key has to be available on creation of the filesystem (`mkfs.ubifs`) to authenticate the superblock node. Further, it has to be available on mount of the filesystem to verify authenticated nodes and generate new HMACs for changes.h](hFor simplicity, UBIFS authentication uses a single key to compute the HMACs of superblock, master, commit start and reference nodes. This key has to be available on creation of the filesystem (}(hjhhhNhNubj")}(h `mkfs.ubifs`h]h mkfs.ubifs}(hjhhhNhNubah}(h]h ]h"]h$]h&]uh1j!hjubh) to authenticate the superblock node. Further, it has to be available on mount of the filesystem to verify authenticated nodes and generate new HMACs for changes.}(hjhhhNhNubeh}(h]h ]h"]h$]h&]uh1jhhhMhjrhhubj)}(hXUBIFS authentication is intended to operate side-by-side with UBIFS encryption (fscrypt) to provide confidentiality and authenticity. Since UBIFS encryption has a different approach of encryption policies per directory, there can be multiple fscrypt master keys and there might be folders without encryption. UBIFS authentication on the other hand has an all-or-nothing approach in the sense that it either authenticates everything of the filesystem or nothing. Because of this and because UBIFS authentication should also be usable without encryption, it does not share the same master key with fscrypt, but manages a dedicated authentication key.h]hXUBIFS authentication is intended to operate side-by-side with UBIFS encryption (fscrypt) to provide confidentiality and authenticity. Since UBIFS encryption has a different approach of encryption policies per directory, there can be multiple fscrypt master keys and there might be folders without encryption. UBIFS authentication on the other hand has an all-or-nothing approach in the sense that it either authenticates everything of the filesystem or nothing. Because of this and because UBIFS authentication should also be usable without encryption, it does not share the same master key with fscrypt, but manages a dedicated authentication key.}(hjhhhNhNubah}(h]h ]h"]h$]h&]uh1jhhhMhjrhhubj)}(hXGThe API for providing the authentication key has yet to be defined, but the key can eg. be provided by userspace through a keyring similar to the way it is currently done in fscrypt. It should however be noted that the current fscrypt approach has shown its flaws and the userspace API will eventually change [FSCRYPT-POLICY2].h]hXGThe API for providing the authentication key has yet to be defined, but the key can eg. be provided by userspace through a keyring similar to the way it is currently done in fscrypt. It should however be noted that the current fscrypt approach has shown its flaws and the userspace API will eventually change [FSCRYPT-POLICY2].}(hjhhhNhNubah}(h]h ]h"]h$]h&]uh1jhhhMhjrhhubj)}(hX8Nevertheless, it will be possible for a user to provide a single passphrase or key in userspace that covers UBIFS authentication and encryption. This can be solved by the corresponding userspace tools which derive a second key for authentication in addition to the derived fscrypt master key used for encryption.h]hX8Nevertheless, it will be possible for a user to provide a single passphrase or key in userspace that covers UBIFS authentication and encryption. This can be solved by the corresponding userspace tools which derive a second key for authentication in addition to the derived fscrypt master key used for encryption.}(hjhhhNhNubah}(h]h ]h"]h$]h&]uh1jhhhMhjrhhubj)}(hTo be able to check if the proper key is available on mount, the UBIFS superblock node will additionally store a hash of the authentication key. This approach is similar to the approach proposed for fscrypt encryption policy v2 [FSCRYPT-POLICY2].h]hTo be able to check if the proper key is available on mount, the UBIFS superblock node will additionally store a hash of the authentication key. This approach is similar to the approach proposed for fscrypt encryption policy v2 [FSCRYPT-POLICY2].}(hjhhhNhNubah}(h]h ]h"]h$]h&]uh1jhhhMhjrhhubeh}(h]key-managementah ]h"]key managementah$]h&]uh1hhjhhhhhMubeh}(h]ubifs-authenticationah ]h"]ubifs authenticationah$]h&]uh1hhhhhhhhKubh)}(hhh](h)}(hFuture Extensionsh]hFuture Extensions}(hjhhhNhNubah}(h]h ]h"]h$]h&]uh1hhjhhhhhMubj)}(hXKIn certain cases where a vendor wants to provide an authenticated filesystem image to customers, it should be possible to do so without sharing the secret UBIFS authentication key. Instead, in addition the each HMAC a digital signature could be stored where the vendor shares the public key alongside the filesystem image. In case this filesystem has to be modified afterwards, UBIFS can exchange all digital signatures with HMACs on first mount similar to the way the IMA/EVM subsystem deals with such situations. The HMAC key will then have to be provided beforehand in the normal way.h]hXKIn certain cases where a vendor wants to provide an authenticated filesystem image to customers, it should be possible to do so without sharing the secret UBIFS authentication key. Instead, in addition the each HMAC a digital signature could be stored where the vendor shares the public key alongside the filesystem image. In case this filesystem has to be modified afterwards, UBIFS can exchange all digital signatures with HMACs on first mount similar to the way the IMA/EVM subsystem deals with such situations. The HMAC key will then have to be provided beforehand in the normal way.}(hjhhhNhNubah}(h]h ]h"]h$]h&]uh1jhhhMhjhhubeh}(h]future-extensionsah ]h"]future extensionsah$]h&]uh1hhhhhhhhMubh)}(hhh](h)}(h Referencesh]h References}(hjhhhNhNubah}(h]h ]h"]h$]h&]uh1hhjhhhhhMubj)}(hV[CRYPTSETUP2] https://www.saout.de/pipermail/dm-crypt/2017-November/005745.htmlh](h[CRYPTSETUP2] }(hj#hhhNhNubh reference)}(hAhttps://www.saout.de/pipermail/dm-crypt/2017-November/005745.htmlh]hAhttps://www.saout.de/pipermail/dm-crypt/2017-November/005745.html}(hj-hhhNhNubah}(h]h ]h"]h$]h&]refurij/uh1j+hj#ubeh}(h]h ]h"]h$]h&]uh1jhhhMhjhhubj)}(h[DMC-CBC-ATTACK] https://www.jakoblell.com/blog/2013/12/22/practical-malleability-attack-against-cbc-encrypted-luks-partitions/h](h[DMC-CBC-ATTACK] }(hjBhhhNhNubj,)}(hnhttps://www.jakoblell.com/blog/2013/12/22/practical-malleability-attack-against-cbc-encrypted-luks-partitions/h]hnhttps://www.jakoblell.com/blog/2013/12/22/practical-malleability-attack-against-cbc-encrypted-luks-partitions/}(hjJhhhNhNubah}(h]h ]h"]h$]h&]refurijLuh1j+hjBubeh}(h]h ]h"]h$]h&]uh1jhhhMhjhhubj)}(h\[DM-INTEGRITY] https://www.kernel.org/doc/Documentation/device-mapper/dm-integrity.rsth](h[DM-INTEGRITY] }(hj_hhhNhNubj,)}(hGhttps://www.kernel.org/doc/Documentation/device-mapper/dm-integrity.rsth]hGhttps://www.kernel.org/doc/Documentation/device-mapper/dm-integrity.rst}(hjghhhNhNubah}(h]h ]h"]h$]h&]refurijiuh1j+hj_ubeh}(h]h ]h"]h$]h&]uh1jhhhMhjhhubj)}(hV[DM-VERITY] https://www.kernel.org/doc/Documentation/device-mapper/verity.rsth](h[DM-VERITY] }(hj|hhhNhNubj,)}(hAhttps://www.kernel.org/doc/Documentation/device-mapper/verity.rsth]hAhttps://www.kernel.org/doc/Documentation/device-mapper/verity.rst}(hjhhhNhNubah}(h]h ]h"]h$]h&]refurijuh1j+hj|ubeh}(h]h ]h"]h$]h&]uh1jhhhMhjhhubj)}(hK[FSCRYPT-POLICY2] https://www.spinics.net/lists/linux-ext4/msg58710.htmlh](h[FSCRYPT-POLICY2] }(hjhhhNhNubj,)}(h6https://www.spinics.net/lists/linux-ext4/msg58710.htmlh]h6https://www.spinics.net/lists/linux-ext4/msg58710.html}(hjhhhNhNubah}(h]h ]h"]h$]h&]refurijuh1j+hjubeh}(h]h ]h"]h$]h&]uh1jhhhMhjhhubj)}(hP[UBIFS-WP] http://www.linux-mtd.infradead.org/doc/ubifs_whitepaper.pdfh](h[UBIFS-WP] }(hjhhhNhNubj,)}(h;http://www.linux-mtd.infradead.org/doc/ubifs_whitepaper.pdfh]h;http://www.linux-mtd.infradead.org/doc/ubifs_whitepaper.pdf}(hjhhhNhNubah}(h]h ]h"]h$]h&]refurijuh1j+hjubeh}(h]h ]h"]h$]h&]uh1jhhhMhjhhubeh}(h] referencesah ]h"] referencesah$]h&]uh1hhhhhhhhMubeh}(h]ubifs-authentication-supportah ]h"]ubifs authentication supportah$]h&]uh1hhhhhhhhK ubeh}(h]h ]h"]h$]h&]sourcehuh1hcurrent_sourceN current_lineNsettingsdocutils.frontendValues)}(hN generatorN datestampN source_linkN source_urlN toc_backlinksentryfootnote_backlinksK sectnum_xformKstrip_commentsNstrip_elements_with_classesN strip_classesN report_levelK halt_levelKexit_status_levelKdebugNwarning_streamN tracebackinput_encoding utf-8-siginput_encoding_error_handlerstrictoutput_encodingutf-8output_encoding_error_handlerjerror_encodingutf-8error_encoding_error_handlerbackslashreplace language_codeenrecord_dependenciesNconfigN id_prefixhauto_id_prefixid dump_settingsNdump_internalsNdump_transformsNdump_pseudo_xmlNexpose_internalsNstrict_visitorN_disable_configN_sourceh _destinationN _config_files]7/var/lib/git/docbuild/linux/Documentation/docutils.confafile_insertion_enabled raw_enabledKline_length_limitM'pep_referencesN pep_base_urlhttps://peps.python.org/pep_file_url_templatepep-%04drfc_referencesN rfc_base_url&https://datatracker.ietf.org/doc/html/ tab_widthKtrim_footnote_reference_spacesyntax_highlightlong smart_quotessmartquotes_locales]character_level_inline_markupdoctitle_xform docinfo_xformKsectsubtitle_xform image_loadinglinkembed_stylesheetcloak_email_addressessection_self_linkenvNubreporterNindirect_targets]substitution_defs}substitution_names}refnames}1]j0asrefids}nameids}(jjjjjjj#j jjjjjj@jjjjjojljjj@j=jgjdjjjj jju nametypes}(jjjj#jjjjjjojj@jgjjjuh}(jhjhjj>j j?jj&jjj:j0j@j^jjjjjljjjqj=jjdjCjjrj jjju footnote_refs}jF]j0as citation_refs} autofootnotes]autofootnote_refs]symbol_footnotes]symbol_footnote_refs] footnotes]j^a citations]autofootnote_startKsymbol_footnote_startK id_counter collectionsCounter}jKsRparse_messages]transform_messages] transformerN include_log] decorationNhhub.