Open
Description
Today the composefs backend basically does "enable fsverity if we can" by default. In the code, there is a proper enum but AFAICS it is not exposed via e.g. storage.conf or otherwise.
In contrast in ostree, we did make this explicitly configurable.
(queue the overall problem that we need to unify ostree and c/storage)
Different system operators, may reasonably want distinct things:
- Some may want to disable fsverity even on filesystems (e.g. btrfs, xfs) that support it today, because they don't want to pay the verification tax
- Some may want to hard require it (and this use case actually quickly gets into the use case of "enforce signatures chaining to fsverity digest of composefs" which is what ostree does today; this touches on Add canonical docs/standards (maybe tooling here) for integration w/OCI composefs/composefs#294 )
Bikeshed: We could just expose this via storage.conf I guess, something like use_composefs = signed | verity | yes | no or so.