diff --git a/pkgs/os-specific/linux/fsverity-utils/default.nix b/pkgs/os-specific/linux/fsverity-utils/default.nix
new file mode 100644
index 000000000000..c5bed075338f
--- /dev/null
+++ b/pkgs/os-specific/linux/fsverity-utils/default.nix
@@ -0,0 +1,51 @@
+{ stdenv
+, lib
+, fetchgit
+, openssl
+, enableShared ? !stdenv.hostPlatform.isStatic
+, enableManpages ? false
+, pandoc
+}:
+
+stdenv.mkDerivation rec {
+  pname = "fsverity-utils";
+  version = "1.5";
+
+  outputs = [ "out" "lib" "dev" ] ++ lib.optional enableManpages "man";
+
+  src = fetchgit {
+    url = "https://git.kernel.org/pub/scm/linux/kernel/git/ebiggers/fsverity-utils.git";
+    rev = "v${version}";
+    sha256 = "sha256-ygBOkp2PBe8Z2ak6SXEJ6HHuT4NRKmIsbJDHcY+h8PQ=";
+  };
+
+  patches = lib.optionals (!enableShared) [
+    ./remove-dynamic-libs.patch
+  ];
+
+  enableParallelBuilding = true;
+  strictDeps = true;
+
+  nativeBuildInputs = lib.optional enableManpages pandoc;
+  buildInputs = [ openssl ];
+
+  makeFlags = [ "DESTDIR=$(out)" "PREFIX=" ] ++ lib.optional enableShared "USE_SHARED_LIB=1";
+
+  doCheck = true;
+
+  installTargets = [ "install" ] ++ lib.optional enableManpages "install-man";
+
+  postInstall = ''
+    mkdir -p $lib
+    mv $out/lib $lib/lib
+  '';
+
+  meta = with lib; {
+    homepage = "https://www.kernel.org/doc/html/latest/filesystems/fsverity.html#userspace-utility";
+    changelog = "https://git.kernel.org/pub/scm/linux/kernel/git/ebiggers/fsverity-utils.git/tree/NEWS.md";
+    description = "A set of userspace utilities for fs-verity";
+    license = licenses.mit;
+    maintainers = with maintainers; [ jk ];
+    platforms = platforms.linux;
+  };
+}
diff --git a/pkgs/os-specific/linux/fsverity-utils/remove-dynamic-libs.patch b/pkgs/os-specific/linux/fsverity-utils/remove-dynamic-libs.patch
new file mode 100644
index 000000000000..95635cbccdb8
--- /dev/null
+++ b/pkgs/os-specific/linux/fsverity-utils/remove-dynamic-libs.patch
@@ -0,0 +1,27 @@
+diff --git a/Makefile b/Makefile
+index 2304a21..697ccd4 100644
+--- a/Makefile
++++ b/Makefile
+@@ -149,13 +149,11 @@ libfsverity.so.$(SOVERSION):$(SHARED_LIB_OBJ)
+ 	$(QUIET_CCLD) $(CC) -o $@ -Wl,-soname=$@ -shared $+ \
+ 		$(CFLAGS) $(LDFLAGS) $(LDLIBS)
+ 
+-DEFAULT_TARGETS += libfsverity.so.$(SOVERSION)
+ 
+ # Create the symlink libfsverity.so => libfsverity.so.$(SOVERSION)
+ libfsverity.so:libfsverity.so.$(SOVERSION)
+ 	$(QUIET_LN) ln -sf $+ $@
+ 
+-DEFAULT_TARGETS += libfsverity.so
+ 
+ ##############################################################################
+ 
+@@ -263,8 +261,6 @@ install:all
+ 	install -d $(DESTDIR)$(LIBDIR)/pkgconfig $(DESTDIR)$(INCDIR) $(DESTDIR)$(BINDIR)
+ 	install -m755 $(FSVERITY) $(DESTDIR)$(BINDIR)
+ 	install -m644 libfsverity.a $(DESTDIR)$(LIBDIR)
+-	install -m755 libfsverity.so.$(SOVERSION) $(DESTDIR)$(LIBDIR)
+-	ln -sf libfsverity.so.$(SOVERSION) $(DESTDIR)$(LIBDIR)/libfsverity.so
+ 	install -m644 include/libfsverity.h $(DESTDIR)$(INCDIR)
+ 	sed -e "s|@PREFIX@|$(PREFIX)|" \
+ 		-e "s|@LIBDIR@|$(LIBDIR)|" \
diff --git a/pkgs/top-level/all-packages.nix b/pkgs/top-level/all-packages.nix
index 0fdd0865d0e8..6e7c7cdc3bdb 100644
--- a/pkgs/top-level/all-packages.nix
+++ b/pkgs/top-level/all-packages.nix
@@ -22950,6 +22950,8 @@ with pkgs;
   # unstable until the first 1.x release
   fscrypt-experimental = callPackage ../os-specific/linux/fscrypt { };
 
+  fsverity-utils = callPackage ../os-specific/linux/fsverity-utils { };
+
   fwanalyzer = callPackage ../tools/filesystems/fwanalyzer { };
 
   fwupd = callPackage ../os-specific/linux/firmware/fwupd { };