On Fr, 06.12.19 18:58, Lata Lante (latalante(a)cock.li) wrote:
> If you use LUKS/dm-crypt without dm-integrity and you have a
clue
> where things are located then you can change files without anything
> being able to detect that. (On btrfs you might have some luck, since
> it has data checksumming, but ext4 and other traditional file systems
> do not).
Of course Ext4 can.
https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit...
Uh? fs-verity is read-only integrity protection, i.e. akin to
dm-verity, not akin to dm-integrity.
Also fs-verity applies to individual files only, it thus only has very
specific usecases. You cannot sensibly do fs-verity across the whole
OS tree, you'd spent agres to set it up at boot...
Lennart
--
Lennart Poettering, Berlin