xref: /linux-6.3-rc2/Documentation/filesystems/ubifs-authentication.rst

33 can be used to get full data authentication at the block layer.
37 authentication for UBIFS. Since UBIFS uses fscrypt for file contents and file
38 name encryption, the authentication system could be tied into fscrypt such that
40 be possible to use UBIFS authentication without using encryption.
209 This chapter introduces UBIFS authentication which enables UBIFS to verify
216 UBIFS authentication enables detection of offline data modification. While it
221 UBIFS authentication will not protect against rollback of full flash contents.
235 UBIFS authentication does not cover attacks where an attacker is able to
236 execute code on the device after the authentication key was provided.
327 it is necessary to also add authentication information frequently to the
331 nodes. From time to time whenever it is suitable authentication nodes are added
334 authentication node. The tail of the journal which may not have a authentication
337 We get this picture for journal authentication::
388 For simplicity, UBIFS authentication uses a single key to compute the HMACs
394 UBIFS authentication is intended to operate side-by-side with UBIFS encryption
398 UBIFS authentication on the other hand has an all-or-nothing approach in the
400 Because of this and because UBIFS authentication should also be usable without
402 a dedicated authentication key.
404 The API for providing the authentication key has yet to be defined, but the
411 or key in userspace that covers UBIFS authentication and encryption. This can
413 authentication in addition to the derived fscrypt master key used for
417 superblock node will additionally store a hash of the authentication key. This
427 UBIFS authentication key. Instead, in addition the each HMAC a digital

Last Index update Sun Aug 20 00:18:20 CST 2023