programs/fsverity: change default block size from PAGE_SIZE to 4096

Even though the kernel currently only supports PAGE_SIZE == Merkle tree
block size, PAGE_SIZE isn't a good default Merkle tree block size for
fsverity-utils, since it means that if someone doesn't explicitly
specify the block size, then the results of 'fsverity sign' and
'fsverity enable' will differ between different architectures.

So change the default Merkle tree block size to 4096, which is the most
common PAGE_SIZE.  This will break anyone using the fsverity program
without the --block-size option on an architecture with a non-4K page
size.  But I don't think anyone is actually doing that yet anyway.

Acked-by: Luca Boccassi <luca.boccassi@microsoft.com>
Link: https://lore.kernel.org/r/20201116205628.262173-2-ebiggers@kernel.org
Signed-off-by: Eric Biggers <ebiggers@google.com>
This commit is contained in:
Eric Biggers
2020-11-16 12:56:25 -08:00
parent 7370b163e7
commit 26a583224a
5 changed files with 3 additions and 18 deletions
+1 -1
View File
@@ -90,7 +90,7 @@ int fsverity_cmd_digest(const struct fsverity_command *cmd,
tree_params.hash_algorithm = FS_VERITY_HASH_ALG_DEFAULT;
if (tree_params.block_size == 0)
tree_params.block_size = get_default_block_size();
tree_params.block_size = 4096;
for (int i = 0; i < argc; i++) {
struct fsverity_signed_digest *d = NULL;
+1 -1
View File
@@ -114,7 +114,7 @@ int fsverity_cmd_enable(const struct fsverity_command *cmd,
arg.hash_algorithm = FS_VERITY_HASH_ALG_DEFAULT;
if (arg.block_size == 0)
arg.block_size = get_default_block_size();
arg.block_size = 4096;
if (!open_file(&file, argv[0], O_RDONLY, 0))
goto out_err;
+1 -1
View File
@@ -105,7 +105,7 @@ int fsverity_cmd_sign(const struct fsverity_command *cmd,
tree_params.hash_algorithm = FS_VERITY_HASH_ALG_DEFAULT;
if (tree_params.block_size == 0)
tree_params.block_size = get_default_block_size();
tree_params.block_size = 4096;
if (sig_params.keyfile == NULL) {
error_msg("Missing --key argument");
-14
View File
@@ -12,7 +12,6 @@
#include "fsverity.h"
#include <limits.h>
#include <unistd.h>
static const struct fsverity_command {
const char *name;
@@ -192,19 +191,6 @@ bool parse_salt_option(const char *arg, u8 **salt_ptr, u32 *salt_size_ptr)
return true;
}
u32 get_default_block_size(void)
{
long n = sysconf(_SC_PAGESIZE);
if (n <= 0 || n >= INT_MAX || !is_power_of_2(n)) {
fprintf(stderr,
"Warning: invalid _SC_PAGESIZE (%ld). Assuming 4K blocks.\n",
n);
return 4096;
}
return n;
}
int main(int argc, char *argv[])
{
const struct fsverity_command *cmd;
-1
View File
@@ -46,6 +46,5 @@ void usage(const struct fsverity_command *cmd, FILE *fp);
bool parse_hash_alg_option(const char *arg, u32 *alg_ptr);
bool parse_block_size_option(const char *arg, u32 *size_ptr);
bool parse_salt_option(const char *arg, u8 **salt_ptr, u32 *salt_size_ptr);
u32 get_default_block_size(void);
#endif /* PROGRAMS_FSVERITY_H */