Date: Mon, 28 May 2012 22:23:49 +0300 From: Efstratios Karatzas <gpf.kira@gmail.com> To: soc-status@freebsd.org Subject: Kernel Level File Integrity Checker report #1 Message-ID: <CAHywV0it4QmKwT2Lgij0%2B2Rx92jiiUf1Guv6a0KoORMBN6THeg@mail.gmail.com>
next in thread | raw e-mail | index | archive | help
The design of the integrity checker changed during community bonding period. The old design from my proposal may be found in the project's wiki page [1]. Major changes: Simple hashes will be used but at the same time, we will require an already encrypted filesystem so that two identical plaintext messages do not produce identical hashes. I still wish to provide an integrity-only mode for pefs with HMACs & different key for integrity; however, this functionality won't be added during this summer. pefs filename MACs will be used as unique file identifiers instead of inode numbers. The gain is that when user dump/restores the filesystem, he won't have to reconstruct the checksum file as filenames will not have changed. Towards the end of GSoC, where design will be more crystal, I will write developer's documentation for the project and upload it at the project's wiki page. Until then, descriptions of svn commits serve as a great guide of what is going on with the codebase. During week #1: * added command 'addchecksum' to sbin/pefs which generates .pefs.checksum file. This file has the form of an indirect map which the kernel driver will be able to use directly without having to reconstruct lookup tree during filesystem mount. For longer descriptions of the command and the internal structure of the checksum file, please refer to the comment headers found in sbin/pefs_ctl.c and sbin/pefs_checksum.c. [1] http://wiki.freebsd.org/SummerOfCode2012/EfstratiosKaratzas -- Efstratios "GPF" Karatzas
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?CAHywV0it4QmKwT2Lgij0%2B2Rx92jiiUf1Guv6a0KoORMBN6THeg>