diff options
author | Eric Biggers <ebiggers@google.com> | 2018-03-13 11:57:29 -0700 |
---|---|---|
committer | Eric Biggers <ebiggers@google.com> | 2018-03-13 11:57:29 -0700 |
commit | 2924095f998b6d8f60118846a717b7c6db6a0dd7 (patch) | |
tree | 3fcccd744b2b63cb1366b6e6aac4f7295cd33973 | |
parent | 54319186573ff84c936c4b3fe6fb27d8d3fe4734 (diff) | |
download | fsverity-utils-2924095f998b6d8f60118846a717b7c6db6a0dd7.tar.gz |
Add the fsverity API definition
Signed-off-by: Eric Biggers <ebiggers@google.com>
-rw-r--r-- | fsverity_api.h | 44 |
1 files changed, 44 insertions, 0 deletions
diff --git a/fsverity_api.h b/fsverity_api.h new file mode 100644 index 0000000..db0483f --- /dev/null +++ b/fsverity_api.h @@ -0,0 +1,44 @@ +#ifndef _FSVERITY_KERNEL_DEFS_H +#define _FSVERITY_KERNEL_DEFS_H + +#include <linux/limits.h> +#include <linux/ioctl.h> +#include <linux/types.h> + +/* file-based verity support */ + +/* + * TODO(ebiggers): What is the purpose of this structure? It's not actually + * used for anything. + */ +struct fsverity_set { + __u64 offset; + __u64 flags; +}; + +/* + * TODO(ebiggers): why isn't this using the same type code as used in the + * fsverity_header? + */ +#define FS_VERITY_ROOT_HASH_ALGO_SHA256 0x0000 + +/* + * TODO(ebiggers): rename this to 'struct fsverity_measurement' to avoid + * confusion with the Merkle tree root hash? + */ +struct fsverity_root_hash { + __u32 root_hash_algorithm; + __u32 flags; + __u8 reserved[4]; + __u8 root_hash[64]; +}; + +/* + * TODO(ebiggers): is there a less confusing name for this? "measure" makes it + * sound like it's returning something... + */ +#define FS_IOC_MEASURE_FSVERITY _IOW('f', 133, \ + struct fsverity_root_hash) +#define FS_IOC_SET_FSVERITY _IOW('f', 134, struct fsverity_set) + +#endif /* _FSVERITY_KERNEL_DEFS_H */ |