diff options
| author | Sascha Hauer <s.hauer@pengutronix.de> | 2018-09-07 14:36:45 +0200 |
|---|---|---|
| committer | Richard Weinberger <richard@nod.at> | 2018-10-23 13:49:01 +0200 |
| commit | d8a22773a12c6d78ee758c9e530f3a488bb7cb29 (patch) | |
| tree | 0c294033e71684c115bd30677155c3c1533751e3 /fs/ubifs/Kconfig | |
| parent | ubifs: Do not update inode size in-place in authenticated mode (diff) | |
| download | linux-d8a22773a12c6d78ee758c9e530f3a488bb7cb29.tar.xz linux-d8a22773a12c6d78ee758c9e530f3a488bb7cb29.zip | |
ubifs: Enable authentication support
With the preparations all being done this patch now enables authentication
support for UBIFS. Authentication is enabled when the newly introduced
auth_key and auth_hash_name mount options are passed. auth_key provides
the key which is used for authentication whereas auth_hash_name provides
the hashing algorithm used for this FS. Passing these options make
authentication mandatory and only UBIFS images that can be authenticated
with the given key are allowed.
Signed-off-by: Sascha Hauer <s.hauer@pengutronix.de>
Signed-off-by: Richard Weinberger <richard@nod.at>
Diffstat (limited to 'fs/ubifs/Kconfig')
| -rw-r--r-- | fs/ubifs/Kconfig | 10 |
1 files changed, 10 insertions, 0 deletions
diff --git a/fs/ubifs/Kconfig b/fs/ubifs/Kconfig index 853c77579b4e..529856fbccd0 100644 --- a/fs/ubifs/Kconfig +++ b/fs/ubifs/Kconfig @@ -86,3 +86,13 @@ config UBIFS_FS_SECURITY the extended attribute support in advance. If you are not using a security module, say N. + +config UBIFS_FS_AUTHENTICATION + bool "UBIFS authentication support" + select CRYPTO_HMAC + help + Enable authentication support for UBIFS. This feature offers protection + against offline changes for both data and metadata of the filesystem. + If you say yes here you should also select a hashing algorithm such as + sha256, these are not selected automatically since there are many + different options. |