F Parent topic: F

fsf-merkle.so

Shared object that supports the Merkle filesystem filter (QNX Neutrino)

Syntax:

mount -t fsf-merkle -o [verify],[stats],[verbose],[cache=size],
      key=public_key, fstype=fstype

Runs on:

QNX Neutrino

Mount options:

cache
The hash tree cache size is the number of hashes stored. Caching helps performance by avoiding the hashing of frequently accessed metadata hash blocks. The default cache size is five percent of the total number of hash blocks. (Use the stats option to obtain information about the hash blocks.) To disable caching, set the cache size to 0. To allocate the maximum required amount to hold all cache nodes (without knowing how many there are), set the cache size to max.
Note: Calculate the memory overhead of each element in the cache using 4*pointer_size + sizeof(hash). For example, the overhead with SHA-256 on x86 is 4*4 + 32 = 48 bytes and the overhead with SHA-512 on x86_64 is 4*8 + 64 = 96 bytes.
fstype
The filesystem type used in the Merkle filesystem image. For example, qnx6.
key
The public key filepath used to verify the Merkle metadata signature.
stats
Publish statistics on mount of the Merkle tree geometry.
verify
Execute a full disk verification on mount.
Note: This option can stall the mount for a very long time if the filesystem size is large. Don't use it when speed matters.
verbose
Provide additional information during the filter operation.
Note: This option is useful for debugging purposes.

Description:

The fsf-merkle.so shared object provides support for Merkle filesystems. QNX recommends that you replace Merkle filesystems with QNX Trusted Disk (see “QNX Trusted Disk” in the System Architecture reference).

This module is loaded by the io-blk module from a devb-* driver when mounting a Merkle filesystem, for example with the following command: 

mount -t fsf-merkle -o verify,stats,key=/proc/boot/pub_key,fstype=qnx6 
       vfs-filter /partition
Note: The Merkle filesystem filter is mounted on top of the partition and below the real filesystem mount, which is executed as an additional step.

Examples:

To mount a QNX 6 wrapped Merkle filesystem:

mount -t fsf-merkle -o fstype=qnx6,stats,key=/proc/boot/public_key.pem 
             vfs-filter /dev/lo0t179
mount -t qnx6 -o ro /dev/lo0t179 /q6

In this example /dev/lo0t179 is the partition containing the QNX 6 Merkle filesystem image.

Related reference
mkmerklefs
Parent topic: F