Documentation: add a usecase for FS_IOC_READ_VERITY_METADATA

Mention another potential usecase for FS_IOC_READ_VERITY_METADATA: creating filesystem images which contain fs-verity-enabled files, without having to redo all of the work in userspace. Signed-off-by: Allison Karlitskaya <allison.karlitskaya@redhat.com> Link: https://lore.kernel.org/r/20241126084833.70538-1-allison.karlitskaya@redhat.com Signed-off-by: Eric Biggers <ebiggers@google.com>
2026-01-12 01:20:14 +00:00 · 2024-11-26 09:48:33 +01:00 · 2024-11-26 09:48:33 +01:00 · 212df80e01
commit 212df80e01
parent 0ad2507d5d
1 changed files with 11 additions and 5 deletions
--- a/Documentation/filesystems/fsverity.rst
+++ b/Documentation/filesystems/fsverity.rst
@ -248,11 +248,17 @@ FS_IOC_READ_VERITY_METADATA
 The FS_IOC_READ_VERITY_METADATA ioctl reads verity metadata from a
 verity file.  This ioctl is available since Linux v5.12.

-This ioctl allows writing a server program that takes a verity file
-and serves it to a client program, such that the client can do its own
-fs-verity compatible verification of the file.  This only makes sense
-if the client doesn't trust the server and if the server needs to
-provide the storage for the client.
+This ioctl is useful for cases where the verity verification should be
+performed somewhere other than the currently running kernel.
+
+One example is a server program that takes a verity file and serves it
+to a client program, such that the client can do its own fs-verity
+compatible verification of the file.  This only makes sense if the
+client doesn't trust the server and if the server needs to provide the
+storage for the client.
+
+Another example is copying verity metadata when creating filesystem
+images in userspace (such as with ``mkfs.ext4 -d``).

 This is a fairly specialized use case, and most fs-verity users won't
 need this ioctl.