diff options
author | Eric Biggers <ebiggers@google.com> | 2019-09-20 14:29:51 -0700 |
---|---|---|
committer | Theodore Ts'o <tytso@mit.edu> | 2019-09-23 13:28:36 -0400 |
commit | 4cc90574e4cd012281a7a6b0befdecc764a2af03 (patch) | |
tree | 9b6c0e053a9ea5220ba3656b82a500fbd5221cfa | |
parent | 4ecbee2cfd5a89df86ba7a32da983547204628e6 (diff) | |
download | e2fsprogs-4cc90574e4cd012281a7a6b0befdecc764a2af03.tar.gz |
ext4.5: document the verity feature
Signed-off-by: Eric Biggers <ebiggers@google.com>
Signed-off-by: Theodore Ts'o <tytso@mit.edu>
-rw-r--r-- | misc/ext4.5.in | 14 |
1 files changed, 14 insertions, 0 deletions
diff --git a/misc/ext4.5.in b/misc/ext4.5.in index 40e75f811..627c0dadf 100644 --- a/misc/ext4.5.in +++ b/misc/ext4.5.in @@ -312,6 +312,18 @@ the file system using and it also speeds up the time required for .BR mke2fs (8) to create the file system. +.TP +.B verity +.br +Enables support for verity protected files. Verity files are readonly, +and their data is transparently verified against a Merkle tree hidden +past the end of the file. Using the Merkle tree's root hash, a verity +file can be efficiently authenticated, independent of the file's size. +.IP +This feature is most useful for authenticating important read-only files +on read-write file systems. If the file system itself is read-only, +then using dm-verity to authenticate the entire block device may provide +much better security. .SH MOUNT OPTIONS This section describes mount options which are specific to ext2, ext3, and ext4. Other generic mount options may be used as well; see @@ -774,6 +786,8 @@ ext4, 4.13 ext4, 4.13 .IP "\fBcasefold\fR" 2i ext4, 5.2 +.IP "\fBverity\fR" 2i +ext4, 5.4 .SH SEE ALSO .BR mke2fs (8), .BR mke2fs.conf (5), |