summaryrefslogtreecommitdiffstats
path: root/Documentation/filesystems/fsverity.rst
diff options
context:
space:
mode:
Diffstat (limited to 'Documentation/filesystems/fsverity.rst')
-rw-r--r--Documentation/filesystems/fsverity.rst6
1 files changed, 5 insertions, 1 deletions
diff --git a/Documentation/filesystems/fsverity.rst b/Documentation/filesystems/fsverity.rst
index 362b7a5dc300..0e2fac7a16da 100644
--- a/Documentation/filesystems/fsverity.rst
+++ b/Documentation/filesystems/fsverity.rst
@@ -92,7 +92,9 @@ authenticating fs-verity file hashes include:
"IPE policy" specifically allows for the authorization of fs-verity
files using properties ``fsverity_digest`` for identifying
files by their verity digest, and ``fsverity_signature`` to authorize
- files with a verified fs-verity's built-in signature.
+ files with a verified fs-verity's built-in signature. For
+ details on configuring IPE policies and understanding its operational
+ modes, please refer to :doc:`IPE admin guide </admin-guide/LSM/ipe>`.
- Trusted userspace code in combination with `Built-in signature
verification`_. This approach should be used only with great care.
@@ -508,6 +510,8 @@ be carefully considered before using them:
files with a verified fs-verity builtin signature to perform certain
operations, such as execution. Note that IPE doesn't require
fs.verity.require_signatures=1.
+ Please refer to :doc:`IPE admin guide </admin-guide/LSM/ipe>` for
+ more details.
- A file's builtin signature can only be set at the same time that
fs-verity is being enabled on the file. Changing or deleting the
generated by cgit v1.2.3 (git 2.25.1) at 2024-10-17 13:34:07 +0000