| 1 | 0[$] Protecting files with fs-verity null/LWN/0000763729 70\r |
| 2 | i [Kernel] Aug 30, 2018 18:50 UTC (Thu) (corbet)\r |
| 3 | i\r |
| 4 | i The developers of the Android system have, among their many\r |
| 5 | i goals, the wish to better protect Android devices against\r |
| 6 | i persistent compromise. It is bad if a device is taken over by\r |
| 7 | i an attacker; it's worse if it remains compromised even after a\r |
| 8 | i reboot. Numerous mechanisms for ensuring the integrity of\r |
| 9 | i installed system files have been proposed and implemented over\r |
| 10 | i the years. But it seems there is always room for one more; to\r |
| 11 | i fill that space, the [1]fs-verity mechanism is being proposed\r |
| 12 | i as a way to protect individual files from malicious\r |
| 13 | i modification.\r |
| 14 | i \r |
| 15 | i \r |
| 16 | i \r |
| 17 | i [1] https://lwn.net/ml/linux-fsdevel/20180824161642.1144-1-ebi-\r |
| 18 | i ggers@kernel.org/\r |
| 19 | i\r |