Is there a file system standard (like LUKS) that allows anyone who can plug in the hard drive to read files, but requires a passphrase to modify or write? For example, I can do something similar by signing an unencrypted file with gpg
whenever I save it.
I admit it's impossible to prevent a malicious OS from modifying the files anyway. Therefore I'm looking for a file system that can detect malicious changes in such a way that an attacker without the passphrase cannot simulate an authorized change without breaking a modern cryptographic function.