Explore a comprehensive conference talk on fs-verity, a native file-based authenticity mechanism for Linux file systems. Delve into the intricacies of validating individual file authenticity, its integration with the Integrity Measurement Architecture (IMA), and potential applications in container image content validation. Learn about the Android platform's use of dm-verity for system image protection and the need for incremental updates in critical components. Discover the technical aspects of file measurement, performance impacts, delayed verification, and forward error correction. Gain insights from Google engineers Michael Halcrow and Eric Biggers as they discuss hash firmware, dictionary structures, IO errors, and the concept of partial disk authentication.
Overview
Syllabus
Introduction
Background
Outline
Hash
Firmware
Dictionary structures
IO errors
Android verified boot
DM Verity
Partial disk authentication
fsverity
contents of a file
DMVerde
Data Fields
File Measurement
fsparity
Verification
File measurements
Performance impacts
Smaller files
Performance
Power consumption
Delayed verification
Forward error correction
Protecting against a man on the disc
attestation
Taught by
Linux Foundation
