ext4.5: document the verity feature

Signed-off-by: Eric Biggers <ebiggers@google.com> Signed-off-by: Theodore Ts'o <tytso@mit.edu>
author: Eric Biggers <ebiggers@google.com> 2019-09-20 14:29:51 -0700
committer: Theodore Ts'o <tytso@mit.edu> 2019-09-23 13:28:36 -0400
commit: 4cc90574e4cd012281a7a6b0befdecc764a2af03 (patch)
tree: 9b6c0e053a9ea5220ba3656b82a500fbd5221cfa
parent: 4ecbee2cfd5a89df86ba7a32da983547204628e6 (diff)
download: e2fsprogs-4cc90574e4cd012281a7a6b0befdecc764a2af03.tar.gz
1 files changed, 14 insertions, 0 deletions
diff --git a/misc/ext4.5.in b/misc/ext4.5.in
index 40e75f811..627c0dadf 100644
--- a/misc/ext4.5.in
+++ b/misc/ext4.5.in
@@ -312,6 +312,18 @@ the file system using
 and it also speeds up the time required for
 .BR mke2fs (8)
 to create the file system.
+.TP
+.B verity
+.br
+Enables support for verity protected files.  Verity files are readonly,
+and their data is transparently verified against a Merkle tree hidden
+past the end of the file.  Using the Merkle tree's root hash, a verity
+file can be efficiently authenticated, independent of the file's size.
+.IP
+This feature is most useful for authenticating important read-only files
+on read-write file systems.  If the file system itself is read-only,
+then using dm-verity to authenticate the entire block device may provide
+much better security.
 .SH MOUNT OPTIONS
 This section describes mount options which are specific to ext2, ext3,
 and ext4.  Other generic mount options may be used as well; see
@@ -774,6 +786,8 @@ ext4, 4.13
 ext4, 4.13
 .IP "\fBcasefold\fR" 2i
 ext4, 5.2
+.IP "\fBverity\fR" 2i
+ext4, 5.4
 .SH SEE ALSO
 .BR mke2fs (8),
 .BR mke2fs.conf (5),
author	Eric Biggers <ebiggers@google.com>	2019-09-20 14:29:51 -0700
committer	Theodore Ts'o <tytso@mit.edu>	2019-09-23 13:28:36 -0400
commit	4cc90574e4cd012281a7a6b0befdecc764a2af03 (patch)
tree	9b6c0e053a9ea5220ba3656b82a500fbd5221cfa
parent	4ecbee2cfd5a89df86ba7a32da983547204628e6 (diff)
download	e2fsprogs-4cc90574e4cd012281a7a6b0befdecc764a2af03.tar.gz