Skip to content

Commit 42bd06e

Browse files
torvaldstorvalds
committed
Merge tag 'tags/upstream-4.20-rc1' of git://git.infradead.org/linux-ubifs
Pull UBIFS updates from Richard Weinberger: - Full filesystem authentication feature, UBIFS is now able to have the whole filesystem structure authenticated plus user data encrypted and authenticated. - Minor cleanups * tag 'tags/upstream-4.20-rc1' of git://git.infradead.org/linux-ubifs: (26 commits) ubifs: Remove unneeded semicolon Documentation: ubifs: Add authentication whitepaper ubifs: Enable authentication support ubifs: Do not update inode size in-place in authenticated mode ubifs: Add hashes and HMACs to default filesystem ubifs: authentication: Authenticate super block node ubifs: Create hash for default LPT ubfis: authentication: Authenticate master node ubifs: authentication: Authenticate LPT ubifs: Authenticate replayed journal ubifs: Add auth nodes to garbage collector journal head ubifs: Add authentication nodes to journal ubifs: authentication: Add hashes to index nodes ubifs: Add hashes to the tree node cache ubifs: Create functions to embed a HMAC in a node ubifs: Add helper functions for authentication support ubifs: Add separate functions to init/crc a node ubifs: Format changes for authentication support ubifs: Store read superblock node ubifs: Drop write_node ...
2 parents 4710e78 + 84db119 commit 42bd06e

File tree

25 files changed

+2418
-292
lines changed

25 files changed

+2418
-292
lines changed

Documentation/filesystems/ubifs-authentication.md

Lines changed: 426 additions & 0 deletions
Large diffs are not rendered by default.

Documentation/filesystems/ubifs.txt

Lines changed: 7 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -91,6 +91,13 @@ chk_data_crc do not skip checking CRCs on data nodes
9191
compr=none override default compressor and set it to "none"
9292
compr=lzo override default compressor and set it to "lzo"
9393
compr=zlib override default compressor and set it to "zlib"
94+
auth_key= specify the key used for authenticating the filesystem.
95+
Passing this option makes authentication mandatory.
96+
The passed key must be present in the kernel keyring
97+
and must be of type 'logon'
98+
auth_hash_name= The hash algorithm used for authentication. Used for
99+
both hashing and for creating HMACs. Typical values
100+
include "sha256" or "sha512"
94101

95102

96103
Quick usage instructions

drivers/mtd/ubi/attach.c

Lines changed: 1 addition & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -1072,6 +1072,7 @@ static int scan_peb(struct ubi_device *ubi, struct ubi_attach_info *ai,
10721072
* be a result of power cut during erasure.
10731073
*/
10741074
ai->maybe_bad_peb_count += 1;
1075+
/* fall through */
10751076
case UBI_IO_BAD_HDR:
10761077
/*
10771078
* If we're facing a bad VID header we have to drop *all*

drivers/mtd/ubi/build.c

Lines changed: 2 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -1334,8 +1334,10 @@ static int bytes_str_to_int(const char *str)
13341334
switch (*endp) {
13351335
case 'G':
13361336
result *= 1024;
1337+
/* fall through */
13371338
case 'M':
13381339
result *= 1024;
1340+
/* fall through */
13391341
case 'K':
13401342
result *= 1024;
13411343
if (endp[1] == 'i' && endp[2] == 'B')

fs/ubifs/Kconfig

Lines changed: 11 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -7,6 +7,7 @@ config UBIFS_FS
77
select CRYPTO if UBIFS_FS_ZLIB
88
select CRYPTO_LZO if UBIFS_FS_LZO
99
select CRYPTO_DEFLATE if UBIFS_FS_ZLIB
10+
select CRYPTO_HASH_INFO
1011
depends on MTD_UBI
1112
help
1213
UBIFS is a file system for flash devices which works on top of UBI.
@@ -85,3 +86,13 @@ config UBIFS_FS_SECURITY
8586
the extended attribute support in advance.
8687

8788
If you are not using a security module, say N.
89+
90+
config UBIFS_FS_AUTHENTICATION
91+
bool "UBIFS authentication support"
92+
select CRYPTO_HMAC
93+
help
94+
Enable authentication support for UBIFS. This feature offers protection
95+
against offline changes for both data and metadata of the filesystem.
96+
If you say yes here you should also select a hashing algorithm such as
97+
sha256, these are not selected automatically since there are many
98+
different options.

fs/ubifs/Makefile

Lines changed: 1 addition & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -8,3 +8,4 @@ ubifs-y += recovery.o ioctl.o lpt_commit.o tnc_misc.o debug.o
88
ubifs-y += misc.o
99
ubifs-$(CONFIG_UBIFS_FS_ENCRYPTION) += crypto.o
1010
ubifs-$(CONFIG_UBIFS_FS_XATTR) += xattr.o
11+
ubifs-$(CONFIG_UBIFS_FS_AUTHENTICATION) += auth.o

0 commit comments

Comments
 (0)