f77c5729a6
The new chunked reader uses a Merkle tree to verify each chunk read of the corresponding backing file. The reader also accepts an autheneticator for signature verification, though it is currently a fake implementation due to the lack of PKCS#7 signature support in BoringSSL (b/170494765). Test: atest authfs_host_test_src_lib Bug: 171310075 Change-Id: Ibf4151ab2a93f7515ad8c9c0462df6c21c10d767 |
||
|---|---|---|
| .. | ||
| README.md | ||
| cert.der | ||
| cert.pem | ||
| input.4k | ||
| input.4k.fsv_sig | ||
| input.4k.merkle_dump | ||
| input.4k1 | ||
| input.4k1.fsv_sig | ||
| input.4k1.merkle_dump | ||
| input.4m | ||
| input.4m.fsv_sig | ||
| input.4m.merkle_dump | ||
| input.4m.merkle_dump.bad | ||
| key.pem | ||
README.md
fs-verity signing
With a key pair, fs-verity signature can be generated by simply running
fsverity command line tool from
fsverity-util.
fsverity sign test.data test.data.fsv_sig --key=key.pem --cert=cert.pem