New comment by ailiop-git on void-packages repository

https://github.com/void-linux/void-packages/pull/28284#issuecomment-782608500

Comment:
> Is this useful as a distro package, currently? I believe android makes use of verify, but iirc it's mostly for the read-only parts...

The advantage of fsverity is that it can be used on a per-file basis, instead of requiring the entire block device to be read-only (as dm-verity does). So one can selectively enable and automatically enforce integrity on specific files (e.g. rotated/sealed log-files, binaries etc).

It is only currently supported on ext4 and f2fs, though. We also do not enable CONFIG_FS_VERITY=y and CONFIG_FS_VERITY_BUILTIN_SIGNATURES=y in the void kernels, but that shouldn't be a problem to enable, since this doesn't affect anything else (and verity needs to be explicitly enabled as an mkfs/tune2fs option in ext4).