From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id C38E8C433F5 for ; Fri, 15 Oct 2021 20:12:44 +0000 (UTC) Received: from us-smtp-delivery-124.mimecast.com (us-smtp-delivery-124.mimecast.com [216.205.24.124]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mail.kernel.org (Postfix) with ESMTPS id 335D260E74 for ; Fri, 15 Oct 2021 20:12:44 +0000 (UTC) DMARC-Filter: OpenDMARC Filter v1.4.1 mail.kernel.org 335D260E74 Authentication-Results: mail.kernel.org; dmarc=fail (p=none dis=none) header.from=kernel.org Authentication-Results: mail.kernel.org; spf=pass smtp.mailfrom=redhat.com Received: from mimecast-mx01.redhat.com (mimecast-mx01.redhat.com [209.132.183.4]) (Using TLS) by relay.mimecast.com with ESMTP id us-mta-489-1wWCNFLVOw-UHkVB_8uA5w-1; Fri, 15 Oct 2021 16:12:39 -0400 X-MC-Unique: 1wWCNFLVOw-UHkVB_8uA5w-1 Received: from smtp.corp.redhat.com (int-mx08.intmail.prod.int.phx2.redhat.com [10.5.11.23]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mimecast-mx01.redhat.com (Postfix) with ESMTPS id DF1D518A0728; Fri, 15 Oct 2021 20:12:34 +0000 (UTC) Received: from colo-mx.corp.redhat.com (colo-mx02.intmail.prod.int.phx2.redhat.com [10.5.11.21]) by smtp.corp.redhat.com (Postfix) with ESMTPS id 88960196E2; Fri, 15 Oct 2021 20:12:34 +0000 (UTC) Received: from lists01.pubmisc.prod.ext.phx2.redhat.com (lists01.pubmisc.prod.ext.phx2.redhat.com [10.5.19.33]) by colo-mx.corp.redhat.com (Postfix) with ESMTP id CA6BD4E58E; Fri, 15 Oct 2021 20:12:33 +0000 (UTC) Received: from smtp.corp.redhat.com (int-mx05.intmail.prod.int.rdu2.redhat.com [10.11.54.5]) by lists01.pubmisc.prod.ext.phx2.redhat.com (8.13.8/8.13.8) with ESMTP id 19FKBVCu030368 for ; Fri, 15 Oct 2021 16:11:31 -0400 Received: by smtp.corp.redhat.com (Postfix) id 34C61D7B15; Fri, 15 Oct 2021 20:11:31 +0000 (UTC) Received: from mimecast-mx02.redhat.com (mimecast02.extmail.prod.ext.rdu2.redhat.com [10.11.55.18]) by smtp.corp.redhat.com (Postfix) with ESMTPS id 2F5B3D7B1A for ; Fri, 15 Oct 2021 20:11:28 +0000 (UTC) Received: from us-smtp-1.mimecast.com (us-smtp-delivery-1.mimecast.com [207.211.31.120]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mimecast-mx02.redhat.com (Postfix) with ESMTPS id 7B221800B24 for ; Fri, 15 Oct 2021 20:11:28 +0000 (UTC) Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) (Using TLS) by relay.mimecast.com with ESMTP id us-mta-253-nznMvNcjOKyzgOqKuAnHbA-1; Fri, 15 Oct 2021 16:11:24 -0400 X-MC-Unique: nznMvNcjOKyzgOqKuAnHbA-1 Received: by mail.kernel.org (Postfix) with ESMTPSA id 978ED60F48; Fri, 15 Oct 2021 20:11:22 +0000 (UTC) Date: Fri, 15 Oct 2021 13:11:21 -0700 From: Eric Biggers To: Deven Bowers Message-ID: References: <1634151995-16266-1-git-send-email-deven.desai@linux.microsoft.com> <1634151995-16266-13-git-send-email-deven.desai@linux.microsoft.com> <9089bdb0-b28a-9fa0-c510-00fa275af621@linux.microsoft.com> MIME-Version: 1.0 In-Reply-To: <9089bdb0-b28a-9fa0-c510-00fa275af621@linux.microsoft.com> X-Mimecast-Impersonation-Protect: Policy=CLT - Impersonation Protection Definition; Similar Internal Domain=false; Similar Monitored External Domain=false; Custom External Domain=false; Mimecast External Domain=false; Newly Observed Domain=false; Internal User Name=false; Custom Display Name List=false; Reply-to Address Mismatch=false; Targeted Threat Dictionary=false; Mimecast Threat Dictionary=false; Custom Threat Dictionary=false X-Scanned-By: MIMEDefang 2.79 on 10.11.54.5 X-loop: dm-devel@redhat.com Cc: axboe@kernel.dk, linux-security-module@vger.kernel.org, tytso@mit.edu, paul@paul-moore.com, snitzer@redhat.com, corbet@lwn.net, jannh@google.com, linux-doc@vger.kernel.org, jmorris@namei.org, eparis@redhat.com, linux-kernel@vger.kernel.org, linux-block@vger.kernel.org, dm-devel@redhat.com, linux-audit@redhat.com, linux-fscrypt@vger.kernel.org, agk@redhat.com, serge@hallyn.com Subject: Re: [dm-devel] [RFC PATCH v7 12/16] fsverity|security: add security hooks to fsverity digest and signature X-BeenThere: dm-devel@redhat.com X-Mailman-Version: 2.1.12 Precedence: junk List-Id: device-mapper development List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Sender: dm-devel-bounces@redhat.com Errors-To: dm-devel-bounces@redhat.com X-Scanned-By: MIMEDefang 2.84 on 10.5.11.23 Authentication-Results: relay.mimecast.com; auth=pass smtp.auth=CUSA124A263 smtp.mailfrom=dm-devel-bounces@redhat.com X-Mimecast-Spam-Score: 0 X-Mimecast-Originator: redhat.com Content-Disposition: inline Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: base64 T24gRnJpLCBPY3QgMTUsIDIwMjEgYXQgMTI6MjU6NTNQTSAtMDcwMCwgRGV2ZW4gQm93ZXJzIHdy b3RlOgo+IAo+IE9uIDEwLzEzLzIwMjEgMTI6MjQgUE0sIEVyaWMgQmlnZ2VycyB3cm90ZToKPiA+ IE9uIFdlZCwgT2N0IDEzLCAyMDIxIGF0IDEyOjA2OjMxUE0gLTA3MDAsIGRldmVuLmRlc2FpQGxp bnV4Lm1pY3Jvc29mdC5jb20gd3JvdGU6Cj4gPiA+IEZyb206IEZhbiBXdSA8d3VmYW5AbGludXgu bWljcm9zb2Z0LmNvbT4KPiA+ID4gCj4gPiA+IEFkZCBzZWN1cml0eV9pbm9kZV9zZXRzZWN1cml0 eSB0byBmc3Zlcml0eSBzaWduYXR1cmUgdmVyaWZpY2F0aW9uLgo+ID4gPiBUaGlzIGNhbiBsZXQg TFNNcyBzYXZlIHRoZSBzaWduYXR1cmUgZGF0YSBhbmQgZGlnZXN0IGhhc2hlcyBwcm92aWRlZAo+ ID4gPiBieSBmc3Zlcml0eS4KPiA+IENhbiB5b3UgZWxhYm9yYXRlIG9uIHdoeSBMU01zIG5lZWQg dGhpcyBpbmZvcm1hdGlvbj8KPiAKPiBUaGUgcHJvcG9zZWQgTFNNIChJUEUpIG9mIHRoaXMgc2Vy aWVzIHdpbGwgYmUgdGhlIG9ubHkgb25lIHRvIG5lZWQKPiB0aGlzIGluZm9ybWF0aW9uIGF0IHRo ZcKgIG1vbWVudC4gSVBF4oCZcyBnb2FsIGlzIHRvIGhhdmUgcHJvdmlkZQo+IHRydXN0LWJhc2Vk IGFjY2VzcyBjb250cm9sLiBUcnVzdCBhbmQgSW50ZWdyaXR5IGFyZSB0aWVkIHRvZ2V0aGVyLAo+ IGFzIHlvdSBjYW5ub3QgcHJvdmUgdHJ1c3Qgd2l0aG91dCBwcm92aW5nIGludGVncml0eS4KCkkg dGhpbmsgeW91IG1lYW4gYXV0aGVudGljaXR5LCBub3QgaW50ZWdyaXR5PwoKQWxzbyBob3cgZG9l cyB0aGlzIGRpZmZlciBmcm9tIElNQT8gIEkga25vdyB0aGF0IElNQSBkb2Vzbid0IHN1cHBvcnQg ZnMtdmVyaXR5CmZpbGUgaGFzaGVzLCBidXQgdGhhdCBjb3VsZCBiZSBjaGFuZ2VkLiAgV2h5IG5v dCBleHRlbmQgSU1BIHRvIGNvdmVyIHlvdXIgdXNlCmNhc2Uocyk/Cgo+IElQRSBuZWVkcyB0aGUg ZGlnZXN0IGluZm9ybWF0aW9uIHRvIGJlIGFibGUgdG8gY29tcGFyZSBhIGRpZ2VzdAo+IHByb3Zp ZGVkIGJ5IHRoZSBwb2xpY3kgYXV0aG9yLCBhZ2FpbnN0IHRoZSBkaWdlc3QgY2FsY3VsYXRlZCBi eQo+IGZzdmVyaXR5IHRvIG1ha2UgYSBkZWNpc2lvbiBvbiB3aGV0aGVyIHRoYXQgc3BlY2lmaWMg ZmlsZSwgcmVwcmVzZW50ZWQKPiBieSB0aGUgZGlnZXN0IGlzIGF1dGhvcml6ZWQgZm9yIHRoZSBh Y3Rpb25zIHNwZWNpZmllZCBpbiB0aGUgcG9saWN5Lgo+IAo+IEEgbW9yZSBjb25jcmV0ZSBleGFt cGxlLCBpZiBhbiBJUEUgcG9saWN5IGF1dGhvciB3cml0ZXM6Cj4gCj4gwqDCoMKgIG9wPUVYRUNV VEUgZnN2ZXJpdHlfZGlnZXN0PTxIZXhEaWdlc3QgPiBhY3Rpb249REVOWQo+IAo+IElQRSB0YWtl cyB0aGUgZGlnZXN0IHByb3ZpZGVkIGJ5IHRoaXMgc2VjdXJpdHkgaG9vaywgc3RvcmVzIGl0Cj4g aW4gSVBFJ3Mgc2VjdXJpdHkgYmxvYiBvbiB0aGUgaW5vZGUuIElmIHRoaXMgZmlsZSBpcyBsYXRl cgo+IGV4ZWN1dGVkLCBJUEUgY29tcGFyZXMgdGhlIGRpZ2VzdCBzdG9yZWQgaW4gdGhlIExTTSBi bG9iLAo+IHByb3ZpZGVkIGJ5IHRoaXMgaG9vaywgYWdhaW5zdCA8SGV4RGlnZXN0PiBpbiB0aGUg cG9saWN5LCBpZgo+IGl0IG1hdGNoZXMsIGl0IGRlbmllcyB0aGUgYWNjZXNzLCBwZXJmb3JtaW5n IGEgcmV2b2NhdGlvbgo+IG9mIHRoYXQgZmlsZS4KCkRvIHlvdSBoYXZlIGEgYmV0dGVyIGV4YW1w bGU/ICBUaGlzIG9uZSBpcyBwcmV0dHkgdXNlbGVzcyBzaW5jZSBvbmUgY2FuIGdldAphcm91bmQg aXQganVzdCBieSBleGVjdXRpbmcgYSBmaWxlIHRoYXQgZG9lc24ndCBoYXZlIGZzLXZlcml0eSBl bmFibGVkLgoKPiBUaGlzIGJyaW5ncyBtZSB0byB5b3VyIG5leHQgY29tbWVudDoKPiAKPiA+IFRo ZSBkaWdlc3QgaXNuJ3QgbWVhbmluZ2Z1bCB3aXRob3V0IGtub3dpbmcgdGhlIGhhc2ggYWxnb3Jp dGhtIGl0IHVzZXMuCj4gSXQncyBhdmFpbGFibGUgaGVyZSwgYnV0IHlvdSBhcmVuJ3QgcGFzc2lu ZyBpdCB0byB0aGlzIGZ1bmN0aW9uLgo+IAo+IFRoZSBkaWdlc3QgaXMgbWVhbmluZ2Z1bCB3aXRo b3V0IHRoZSBhbGdvcml0aG0gaW4gdGhpcyBjYXNlLgoKTm8sIGl0J3Mgbm90LgoKRGlnZXN0cyBh cmUgbWVhbmluZ2xlc3Mgd2l0aG91dCBrbm93aW5nIHdoYXQgYWxnb3JpdGhtIHRoZXkgd2VyZSBj cmVhdGVkIHdpdGguCgpJZiB5b3VyIHNlY3VyaXR5IHBvbGljeSBpcyBzb21ldGhpbmcgbGlrZSAi VHJ1c3QgdGhlIGZpbGUgd2l0aCBkaWdlc3QgJGZvbyIgYW5kCm11bHRpcGxlIGhhc2ggYWxnb3Jp dGhtcyBhcmUgcG9zc2libGUsIHRoZW4gdGhlIGFsb3JpdGhtIGludGVuZGVkIHRvIGJlIHVzZWQK bmVlZHMgdG8gYmUgZXhwbGljaXRseSBzcGVjaWZpZWQuICBPdGhlcndpc2UgYW55IGFsZ29yaXRo bSB3aXRoIHRoZSBzYW1lIGxlbmd0aApkaWdlc3Qgd2lsbCBiZSBhY2NlcHRlZC4gIFRoYXQncyBh IGZhdGFsIGZsYXcgaWYgYW55IG9mIHRoZXNlIGFsZ29yaXRobXMgaXMKY3J5cHRvZ3JhcGhpY2Fs bHkgYnJva2VuIG9yIHdhcyBuZXZlciBpbnRlbmRlZCB0byBiZSBhIGNyeXB0b2dyYXBoaWMgYWxn b3JpdGhtCmluIHRoZSBmaXJzdCBwbGFjZSAoZS5nLiwgYSBub24tY3J5cHRvZ3JhcGhpYyBjaGVj a3N1bSkuCgpDcnlwdG9zeXN0ZW1zIGFsd2F5cyBuZWVkIHRvIHNwZWNpZnkgdGhlIGNyeXB0byBh bGdvcml0aG0ocykgdXNlZDsgdGhlIGFkdmVyc2FyeQptdXN0IG5vdCBiZSBhbGxvd2VkIHRvIGNo b29zZSB0aGUgYWxnb3JpdGhtcy4KCkknbSBub3Qgc3VyZSBob3cgdGhlc2UgcGF0Y2hlcyBjYW4g YmUgdGFrZW4gc2VyaW91c2x5IHdoZW4gdGhleSdyZSBnZXR0aW5nIHRoaXMKc29ydCBvZiB0aGlu ZyB3cm9uZy4KCj4gPiA+ICsJCQkJCUZTX1ZFUklUWV9TSUdOQVRVUkVfU0VDX05BTUUsCj4gPiA+ ICsJCQkJCXNpZ25hdHVyZSwgc2lnX3NpemUsIDApOwo+ID4gVGhpcyBpcyBvbmx5IGZvciBmcy12 ZXJpdHkgYnVpbHQtaW4gc2lnbmF0dXJlcyB3aGljaCBhcmVuJ3QgdGhlIG9ubHkgd2F5IHRvIGRv Cj4gPiBzaWduYXR1cmVzIHdpdGggZnMtdmVyaXR5LiAgQXJlIHlvdSBzdXJlIHRoaXMgaXMgd2hh dCB5b3UncmUgbG9va2luZyBmb3I/Cj4gCj4gQ291bGQgeW91IGVsYWJvcmF0ZSBvbiB0aGUgb3Ro ZXIgc2lnbmF0dXJlIHR5cGVzIHRoYXQgY2FuIGJlIHVzZWQKPiB3aXRoIGZzLXZlcml0eT8gSeKA mW0gOTklIHN1cmUgdGhpcyBpcyB3aGF0IEnigJltIGxvb2tpbmcgZm9yIGFzIHRoaXMKPiBpcyBh IHNpZ25hdHVyZSB2YWxpZGF0ZWQgaW4gdGhlIGtlcm5lbCBhZ2FpbnN0IHRoZSBmcy12ZXJpdHkg a2V5cmluZwo+IGFzIHBhcnQgb2YgdGhlIOKAnGZzdmVyaXR5IGVuYWJsZeKAnSB1dGlsaXR5Lgo+ IAo+IEl0J3MgaW1wb3J0YW50IHRoYXQgdGhlIHNpZ25hdHVyZSBpcyB2YWxpZGF0ZWQgaW4gdGhl IGtlcm5lbCwgYXMKPiB1c2Vyc3BhY2UgaXMgY29uc2lkZXJlZCB1bnRydXN0ZWQgdW50aWwgdGhl IHNpZ25hdHVyZSBpcyB2YWxpZGF0ZWQKPiBmb3IgdGhpcyBjYXNlLgo+IAo+ID4gQ2FuIHlvdSBl bGFib3JhdGUgb24geW91ciB1c2UgY2FzZSBmb3IgZnMtdmVyaXR5IGJ1aWx0LWluIHNpZ25hdHVy ZXMsCj4gU3VyZSwgc2lnbmF0dXJlcywgbGlrZSBkaWdlc3RzLCBhbHNvIHByb3ZpZGUgYSB3YXkg dG8gcHJvdmUgaW50ZWdyaXR5LAo+IGFuZCB0aGUgdHJ1c3QgY29tcG9uZW50IGNvbWVzIGZyb20g dGhlIHZhbGlkYXRpb24gYWdhaW5zdCB0aGUga2V5cmluZywKPiBhcyBvcHBvc2VkIHRvIGEgZml4 ZWQgdmFsdWUgaW4gSVBF4oCZcyBwb2xpY3kuIFRoZSB1c2UgY2FzZSBmb3IgZnMtdmVyaXR5Cj4g YnVpbHQtaW4gc2lnbmF0dXJlcyBpcyB0aGF0IHdlIGhhdmUgYSBydyBleHQ0IGZpbGVzeXN0ZW0g dGhhdCBoYXMgc29tZQo+IGV4ZWN1dGFibGUgZmlsZXMsIGFuZCB3ZSB3YW50IHRvIGhhdmUgYSBl eGVjdXRpb24gcG9saWN5ICh0aHJvdWdoIElQRSkKPiB0aGF0IG9ubHkgX3RydXN0ZWRfIGV4ZWN1 dGFibGVzIGNhbiBydW4uIFBlcmYgaXMgaW1wb3J0YW50IGhlcmUsIGhlbmNlCj4gZnMtdmVyaXR5 LgoKTW9zdCB1c2VycyBvZiBmcy12ZXJpdHkgYnVpbHQtaW4gc2lnbmF0dXJlcyBoYXZlIGFjdHVh bGx5IGJlZW4gZW5mb3JjaW5nIHRoZWlyCnNlY3VyaXR5IHBvbGljeSBpbiB1c2Vyc3BhY2UsIGJ5 IGNoZWNraW5nIHdoZXRoZXIgc3BlY2lmaWMgZmlsZXMgaGF2ZSB0aGUKZnMtdmVyaXR5IGJpdCBz ZXQgb3Igbm90LiAgU3VjaCB1c2VycyBjb3VsZCBqdXN0IHN0b3JlIGFuZCB2ZXJpZnkgc2lnbmF0 dXJlcyBpbgp1c2Vyc3BhY2UgaW5zdGVhZCwgd2l0aG91dCBhbnkga2VybmVsIGludm9sdmVtZW50 LiAgU28gdGhhdCdzIHdoYXQgSSd2ZSBiZWVuCnJlY29tbWVuZGluZyAod2l0aCBsaW1pdGVkIHN1 Y2Nlc3MsIHVuZm9ydHVuYXRlbHkpLgoKSWYgeW91IHJlYWxseSBkbyBuZWVkIGluLWtlcm5lbCBz aWduYXR1cmUgdmVyaWZpY2F0aW9uLCB0aGVuIHRoYXQgbWF5IGJlIGEKbGVnaXRpbWF0ZSB1c2Ug Y2FzZSBmb3IgdGhlIGZzLXZlcml0eSBidWlsdC1pbiBzaWduYXR1cmVzLCBhbHRob3VnaCBJIGRv IHdvbmRlcgp3aHkgeW91IGFyZW4ndCB1c2luZyBJTUEgYW5kIGl0cyBzaWduYXR1cmUgbWVjaGFu aXNtIGluc3RlYWQuCgotIEVyaWMKCi0tCmRtLWRldmVsIG1haWxpbmcgbGlzdApkbS1kZXZlbEBy ZWRoYXQuY29tCmh0dHBzOi8vbGlzdG1hbi5yZWRoYXQuY29tL21haWxtYW4vbGlzdGluZm8vZG0t ZGV2ZWw= From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id 1AEDDC433F5 for ; Fri, 15 Oct 2021 20:16:50 +0000 (UTC) Received: from us-smtp-delivery-124.mimecast.com (us-smtp-delivery-124.mimecast.com [170.10.133.124]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mail.kernel.org (Postfix) with ESMTPS id AC974611C1 for ; Fri, 15 Oct 2021 20:16:49 +0000 (UTC) DMARC-Filter: OpenDMARC Filter v1.4.1 mail.kernel.org AC974611C1 Authentication-Results: mail.kernel.org; dmarc=fail (p=none dis=none) header.from=kernel.org Authentication-Results: mail.kernel.org; spf=pass smtp.mailfrom=redhat.com Received: from mimecast-mx01.redhat.com (mimecast-mx01.redhat.com [209.132.183.4]) (Using TLS) by relay.mimecast.com with ESMTP id us-mta-172-c867jm8sPdiK7Gc8kfegMQ-1; Fri, 15 Oct 2021 16:16:45 -0400 X-MC-Unique: c867jm8sPdiK7Gc8kfegMQ-1 Received: from smtp.corp.redhat.com (int-mx07.intmail.prod.int.phx2.redhat.com [10.5.11.22]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mimecast-mx01.redhat.com (Postfix) with ESMTPS id 3E44518D6A25; Fri, 15 Oct 2021 20:16:42 +0000 (UTC) Received: from colo-mx.corp.redhat.com (colo-mx01.intmail.prod.int.phx2.redhat.com [10.5.11.20]) by smtp.corp.redhat.com (Postfix) with ESMTPS id 1AED91002D6A; Fri, 15 Oct 2021 20:16:42 +0000 (UTC) Received: from lists01.pubmisc.prod.ext.phx2.redhat.com (lists01.pubmisc.prod.ext.phx2.redhat.com [10.5.19.33]) by colo-mx.corp.redhat.com (Postfix) with ESMTP id 56C5E1809C81; Fri, 15 Oct 2021 20:16:41 +0000 (UTC) Received: from smtp.corp.redhat.com (int-mx01.intmail.prod.int.rdu2.redhat.com [10.11.54.1]) by lists01.pubmisc.prod.ext.phx2.redhat.com (8.13.8/8.13.8) with ESMTP id 19FKBSgJ030361 for ; Fri, 15 Oct 2021 16:11:28 -0400 Received: by smtp.corp.redhat.com (Postfix) id B314140CFD11; Fri, 15 Oct 2021 20:11:28 +0000 (UTC) Received: from mimecast-mx02.redhat.com (mimecast06.extmail.prod.ext.rdu2.redhat.com [10.11.55.22]) by smtp.corp.redhat.com (Postfix) with ESMTPS id AE24F40CFD0D for ; Fri, 15 Oct 2021 20:11:28 +0000 (UTC) Received: from us-smtp-1.mimecast.com (us-smtp-delivery-1.mimecast.com [207.211.31.120]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mimecast-mx02.redhat.com (Postfix) with ESMTPS id 95A8518A0163 for ; Fri, 15 Oct 2021 20:11:28 +0000 (UTC) Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) (Using TLS) by relay.mimecast.com with ESMTP id us-mta-253-nznMvNcjOKyzgOqKuAnHbA-1; Fri, 15 Oct 2021 16:11:24 -0400 X-MC-Unique: nznMvNcjOKyzgOqKuAnHbA-1 Received: by mail.kernel.org (Postfix) with ESMTPSA id 978ED60F48; Fri, 15 Oct 2021 20:11:22 +0000 (UTC) Date: Fri, 15 Oct 2021 13:11:21 -0700 From: Eric Biggers To: Deven Bowers Subject: Re: [RFC PATCH v7 12/16] fsverity|security: add security hooks to fsverity digest and signature Message-ID: References: <1634151995-16266-1-git-send-email-deven.desai@linux.microsoft.com> <1634151995-16266-13-git-send-email-deven.desai@linux.microsoft.com> <9089bdb0-b28a-9fa0-c510-00fa275af621@linux.microsoft.com> MIME-Version: 1.0 In-Reply-To: <9089bdb0-b28a-9fa0-c510-00fa275af621@linux.microsoft.com> X-Mimecast-Impersonation-Protect: Policy=CLT - Impersonation Protection Definition; Similar Internal Domain=false; Similar Monitored External Domain=false; Custom External Domain=false; Mimecast External Domain=false; Newly Observed Domain=false; Internal User Name=false; Custom Display Name List=false; Reply-to Address Mismatch=false; Targeted Threat Dictionary=false; Mimecast Threat Dictionary=false; Custom Threat Dictionary=false X-Scanned-By: MIMEDefang 2.84 on 10.11.54.1 X-loop: linux-audit@redhat.com X-Mailman-Approved-At: Fri, 15 Oct 2021 16:16:39 -0400 Cc: axboe@kernel.dk, linux-security-module@vger.kernel.org, tytso@mit.edu, snitzer@redhat.com, corbet@lwn.net, jannh@google.com, linux-doc@vger.kernel.org, jmorris@namei.org, eparis@redhat.com, linux-kernel@vger.kernel.org, linux-block@vger.kernel.org, dm-devel@redhat.com, linux-audit@redhat.com, linux-fscrypt@vger.kernel.org, agk@redhat.com, serge@hallyn.com X-BeenThere: linux-audit@redhat.com X-Mailman-Version: 2.1.12 Precedence: junk List-Id: Linux Audit Discussion List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Sender: linux-audit-bounces@redhat.com Errors-To: linux-audit-bounces@redhat.com X-Scanned-By: MIMEDefang 2.84 on 10.5.11.22 Authentication-Results: relay.mimecast.com; auth=pass smtp.auth=CUSA124A263 smtp.mailfrom=linux-audit-bounces@redhat.com X-Mimecast-Spam-Score: 0 X-Mimecast-Originator: redhat.com Content-Disposition: inline Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: base64 T24gRnJpLCBPY3QgMTUsIDIwMjEgYXQgMTI6MjU6NTNQTSAtMDcwMCwgRGV2ZW4gQm93ZXJzIHdy b3RlOgo+IAo+IE9uIDEwLzEzLzIwMjEgMTI6MjQgUE0sIEVyaWMgQmlnZ2VycyB3cm90ZToKPiA+ IE9uIFdlZCwgT2N0IDEzLCAyMDIxIGF0IDEyOjA2OjMxUE0gLTA3MDAsIGRldmVuLmRlc2FpQGxp bnV4Lm1pY3Jvc29mdC5jb20gd3JvdGU6Cj4gPiA+IEZyb206IEZhbiBXdSA8d3VmYW5AbGludXgu bWljcm9zb2Z0LmNvbT4KPiA+ID4gCj4gPiA+IEFkZCBzZWN1cml0eV9pbm9kZV9zZXRzZWN1cml0 eSB0byBmc3Zlcml0eSBzaWduYXR1cmUgdmVyaWZpY2F0aW9uLgo+ID4gPiBUaGlzIGNhbiBsZXQg TFNNcyBzYXZlIHRoZSBzaWduYXR1cmUgZGF0YSBhbmQgZGlnZXN0IGhhc2hlcyBwcm92aWRlZAo+ ID4gPiBieSBmc3Zlcml0eS4KPiA+IENhbiB5b3UgZWxhYm9yYXRlIG9uIHdoeSBMU01zIG5lZWQg dGhpcyBpbmZvcm1hdGlvbj8KPiAKPiBUaGUgcHJvcG9zZWQgTFNNIChJUEUpIG9mIHRoaXMgc2Vy aWVzIHdpbGwgYmUgdGhlIG9ubHkgb25lIHRvIG5lZWQKPiB0aGlzIGluZm9ybWF0aW9uIGF0IHRo ZcKgIG1vbWVudC4gSVBF4oCZcyBnb2FsIGlzIHRvIGhhdmUgcHJvdmlkZQo+IHRydXN0LWJhc2Vk IGFjY2VzcyBjb250cm9sLiBUcnVzdCBhbmQgSW50ZWdyaXR5IGFyZSB0aWVkIHRvZ2V0aGVyLAo+ IGFzIHlvdSBjYW5ub3QgcHJvdmUgdHJ1c3Qgd2l0aG91dCBwcm92aW5nIGludGVncml0eS4KCkkg dGhpbmsgeW91IG1lYW4gYXV0aGVudGljaXR5LCBub3QgaW50ZWdyaXR5PwoKQWxzbyBob3cgZG9l cyB0aGlzIGRpZmZlciBmcm9tIElNQT8gIEkga25vdyB0aGF0IElNQSBkb2Vzbid0IHN1cHBvcnQg ZnMtdmVyaXR5CmZpbGUgaGFzaGVzLCBidXQgdGhhdCBjb3VsZCBiZSBjaGFuZ2VkLiAgV2h5IG5v dCBleHRlbmQgSU1BIHRvIGNvdmVyIHlvdXIgdXNlCmNhc2Uocyk/Cgo+IElQRSBuZWVkcyB0aGUg ZGlnZXN0IGluZm9ybWF0aW9uIHRvIGJlIGFibGUgdG8gY29tcGFyZSBhIGRpZ2VzdAo+IHByb3Zp ZGVkIGJ5IHRoZSBwb2xpY3kgYXV0aG9yLCBhZ2FpbnN0IHRoZSBkaWdlc3QgY2FsY3VsYXRlZCBi eQo+IGZzdmVyaXR5IHRvIG1ha2UgYSBkZWNpc2lvbiBvbiB3aGV0aGVyIHRoYXQgc3BlY2lmaWMg ZmlsZSwgcmVwcmVzZW50ZWQKPiBieSB0aGUgZGlnZXN0IGlzIGF1dGhvcml6ZWQgZm9yIHRoZSBh Y3Rpb25zIHNwZWNpZmllZCBpbiB0aGUgcG9saWN5Lgo+IAo+IEEgbW9yZSBjb25jcmV0ZSBleGFt cGxlLCBpZiBhbiBJUEUgcG9saWN5IGF1dGhvciB3cml0ZXM6Cj4gCj4gwqDCoMKgIG9wPUVYRUNV VEUgZnN2ZXJpdHlfZGlnZXN0PTxIZXhEaWdlc3QgPiBhY3Rpb249REVOWQo+IAo+IElQRSB0YWtl cyB0aGUgZGlnZXN0IHByb3ZpZGVkIGJ5IHRoaXMgc2VjdXJpdHkgaG9vaywgc3RvcmVzIGl0Cj4g aW4gSVBFJ3Mgc2VjdXJpdHkgYmxvYiBvbiB0aGUgaW5vZGUuIElmIHRoaXMgZmlsZSBpcyBsYXRl cgo+IGV4ZWN1dGVkLCBJUEUgY29tcGFyZXMgdGhlIGRpZ2VzdCBzdG9yZWQgaW4gdGhlIExTTSBi bG9iLAo+IHByb3ZpZGVkIGJ5IHRoaXMgaG9vaywgYWdhaW5zdCA8SGV4RGlnZXN0PiBpbiB0aGUg cG9saWN5LCBpZgo+IGl0IG1hdGNoZXMsIGl0IGRlbmllcyB0aGUgYWNjZXNzLCBwZXJmb3JtaW5n IGEgcmV2b2NhdGlvbgo+IG9mIHRoYXQgZmlsZS4KCkRvIHlvdSBoYXZlIGEgYmV0dGVyIGV4YW1w bGU/ICBUaGlzIG9uZSBpcyBwcmV0dHkgdXNlbGVzcyBzaW5jZSBvbmUgY2FuIGdldAphcm91bmQg aXQganVzdCBieSBleGVjdXRpbmcgYSBmaWxlIHRoYXQgZG9lc24ndCBoYXZlIGZzLXZlcml0eSBl bmFibGVkLgoKPiBUaGlzIGJyaW5ncyBtZSB0byB5b3VyIG5leHQgY29tbWVudDoKPiAKPiA+IFRo ZSBkaWdlc3QgaXNuJ3QgbWVhbmluZ2Z1bCB3aXRob3V0IGtub3dpbmcgdGhlIGhhc2ggYWxnb3Jp dGhtIGl0IHVzZXMuCj4gSXQncyBhdmFpbGFibGUgaGVyZSwgYnV0IHlvdSBhcmVuJ3QgcGFzc2lu ZyBpdCB0byB0aGlzIGZ1bmN0aW9uLgo+IAo+IFRoZSBkaWdlc3QgaXMgbWVhbmluZ2Z1bCB3aXRo b3V0IHRoZSBhbGdvcml0aG0gaW4gdGhpcyBjYXNlLgoKTm8sIGl0J3Mgbm90LgoKRGlnZXN0cyBh cmUgbWVhbmluZ2xlc3Mgd2l0aG91dCBrbm93aW5nIHdoYXQgYWxnb3JpdGhtIHRoZXkgd2VyZSBj cmVhdGVkIHdpdGguCgpJZiB5b3VyIHNlY3VyaXR5IHBvbGljeSBpcyBzb21ldGhpbmcgbGlrZSAi VHJ1c3QgdGhlIGZpbGUgd2l0aCBkaWdlc3QgJGZvbyIgYW5kCm11bHRpcGxlIGhhc2ggYWxnb3Jp dGhtcyBhcmUgcG9zc2libGUsIHRoZW4gdGhlIGFsb3JpdGhtIGludGVuZGVkIHRvIGJlIHVzZWQK bmVlZHMgdG8gYmUgZXhwbGljaXRseSBzcGVjaWZpZWQuICBPdGhlcndpc2UgYW55IGFsZ29yaXRo bSB3aXRoIHRoZSBzYW1lIGxlbmd0aApkaWdlc3Qgd2lsbCBiZSBhY2NlcHRlZC4gIFRoYXQncyBh IGZhdGFsIGZsYXcgaWYgYW55IG9mIHRoZXNlIGFsZ29yaXRobXMgaXMKY3J5cHRvZ3JhcGhpY2Fs bHkgYnJva2VuIG9yIHdhcyBuZXZlciBpbnRlbmRlZCB0byBiZSBhIGNyeXB0b2dyYXBoaWMgYWxn b3JpdGhtCmluIHRoZSBmaXJzdCBwbGFjZSAoZS5nLiwgYSBub24tY3J5cHRvZ3JhcGhpYyBjaGVj a3N1bSkuCgpDcnlwdG9zeXN0ZW1zIGFsd2F5cyBuZWVkIHRvIHNwZWNpZnkgdGhlIGNyeXB0byBh bGdvcml0aG0ocykgdXNlZDsgdGhlIGFkdmVyc2FyeQptdXN0IG5vdCBiZSBhbGxvd2VkIHRvIGNo b29zZSB0aGUgYWxnb3JpdGhtcy4KCkknbSBub3Qgc3VyZSBob3cgdGhlc2UgcGF0Y2hlcyBjYW4g YmUgdGFrZW4gc2VyaW91c2x5IHdoZW4gdGhleSdyZSBnZXR0aW5nIHRoaXMKc29ydCBvZiB0aGlu ZyB3cm9uZy4KCj4gPiA+ICsJCQkJCUZTX1ZFUklUWV9TSUdOQVRVUkVfU0VDX05BTUUsCj4gPiA+ ICsJCQkJCXNpZ25hdHVyZSwgc2lnX3NpemUsIDApOwo+ID4gVGhpcyBpcyBvbmx5IGZvciBmcy12 ZXJpdHkgYnVpbHQtaW4gc2lnbmF0dXJlcyB3aGljaCBhcmVuJ3QgdGhlIG9ubHkgd2F5IHRvIGRv Cj4gPiBzaWduYXR1cmVzIHdpdGggZnMtdmVyaXR5LiAgQXJlIHlvdSBzdXJlIHRoaXMgaXMgd2hh dCB5b3UncmUgbG9va2luZyBmb3I/Cj4gCj4gQ291bGQgeW91IGVsYWJvcmF0ZSBvbiB0aGUgb3Ro ZXIgc2lnbmF0dXJlIHR5cGVzIHRoYXQgY2FuIGJlIHVzZWQKPiB3aXRoIGZzLXZlcml0eT8gSeKA mW0gOTklIHN1cmUgdGhpcyBpcyB3aGF0IEnigJltIGxvb2tpbmcgZm9yIGFzIHRoaXMKPiBpcyBh IHNpZ25hdHVyZSB2YWxpZGF0ZWQgaW4gdGhlIGtlcm5lbCBhZ2FpbnN0IHRoZSBmcy12ZXJpdHkg a2V5cmluZwo+IGFzIHBhcnQgb2YgdGhlIOKAnGZzdmVyaXR5IGVuYWJsZeKAnSB1dGlsaXR5Lgo+ IAo+IEl0J3MgaW1wb3J0YW50IHRoYXQgdGhlIHNpZ25hdHVyZSBpcyB2YWxpZGF0ZWQgaW4gdGhl IGtlcm5lbCwgYXMKPiB1c2Vyc3BhY2UgaXMgY29uc2lkZXJlZCB1bnRydXN0ZWQgdW50aWwgdGhl IHNpZ25hdHVyZSBpcyB2YWxpZGF0ZWQKPiBmb3IgdGhpcyBjYXNlLgo+IAo+ID4gQ2FuIHlvdSBl bGFib3JhdGUgb24geW91ciB1c2UgY2FzZSBmb3IgZnMtdmVyaXR5IGJ1aWx0LWluIHNpZ25hdHVy ZXMsCj4gU3VyZSwgc2lnbmF0dXJlcywgbGlrZSBkaWdlc3RzLCBhbHNvIHByb3ZpZGUgYSB3YXkg dG8gcHJvdmUgaW50ZWdyaXR5LAo+IGFuZCB0aGUgdHJ1c3QgY29tcG9uZW50IGNvbWVzIGZyb20g dGhlIHZhbGlkYXRpb24gYWdhaW5zdCB0aGUga2V5cmluZywKPiBhcyBvcHBvc2VkIHRvIGEgZml4 ZWQgdmFsdWUgaW4gSVBF4oCZcyBwb2xpY3kuIFRoZSB1c2UgY2FzZSBmb3IgZnMtdmVyaXR5Cj4g YnVpbHQtaW4gc2lnbmF0dXJlcyBpcyB0aGF0IHdlIGhhdmUgYSBydyBleHQ0IGZpbGVzeXN0ZW0g dGhhdCBoYXMgc29tZQo+IGV4ZWN1dGFibGUgZmlsZXMsIGFuZCB3ZSB3YW50IHRvIGhhdmUgYSBl eGVjdXRpb24gcG9saWN5ICh0aHJvdWdoIElQRSkKPiB0aGF0IG9ubHkgX3RydXN0ZWRfIGV4ZWN1 dGFibGVzIGNhbiBydW4uIFBlcmYgaXMgaW1wb3J0YW50IGhlcmUsIGhlbmNlCj4gZnMtdmVyaXR5 LgoKTW9zdCB1c2VycyBvZiBmcy12ZXJpdHkgYnVpbHQtaW4gc2lnbmF0dXJlcyBoYXZlIGFjdHVh bGx5IGJlZW4gZW5mb3JjaW5nIHRoZWlyCnNlY3VyaXR5IHBvbGljeSBpbiB1c2Vyc3BhY2UsIGJ5 IGNoZWNraW5nIHdoZXRoZXIgc3BlY2lmaWMgZmlsZXMgaGF2ZSB0aGUKZnMtdmVyaXR5IGJpdCBz ZXQgb3Igbm90LiAgU3VjaCB1c2VycyBjb3VsZCBqdXN0IHN0b3JlIGFuZCB2ZXJpZnkgc2lnbmF0 dXJlcyBpbgp1c2Vyc3BhY2UgaW5zdGVhZCwgd2l0aG91dCBhbnkga2VybmVsIGludm9sdmVtZW50 LiAgU28gdGhhdCdzIHdoYXQgSSd2ZSBiZWVuCnJlY29tbWVuZGluZyAod2l0aCBsaW1pdGVkIHN1 Y2Nlc3MsIHVuZm9ydHVuYXRlbHkpLgoKSWYgeW91IHJlYWxseSBkbyBuZWVkIGluLWtlcm5lbCBz aWduYXR1cmUgdmVyaWZpY2F0aW9uLCB0aGVuIHRoYXQgbWF5IGJlIGEKbGVnaXRpbWF0ZSB1c2Ug Y2FzZSBmb3IgdGhlIGZzLXZlcml0eSBidWlsdC1pbiBzaWduYXR1cmVzLCBhbHRob3VnaCBJIGRv IHdvbmRlcgp3aHkgeW91IGFyZW4ndCB1c2luZyBJTUEgYW5kIGl0cyBzaWduYXR1cmUgbWVjaGFu aXNtIGluc3RlYWQuCgotIEVyaWMKCi0tCkxpbnV4LWF1ZGl0IG1haWxpbmcgbGlzdApMaW51eC1h dWRpdEByZWRoYXQuY29tCmh0dHBzOi8vbGlzdG1hbi5yZWRoYXQuY29tL21haWxtYW4vbGlzdGlu Zm8vbGludXgtYXVkaXQ= From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id 7B45DC433F5 for ; Fri, 15 Oct 2021 20:11:26 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by mail.kernel.org (Postfix) with ESMTP id 4ECF161053 for ; Fri, 15 Oct 2021 20:11:26 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S242875AbhJOUNa (ORCPT ); Fri, 15 Oct 2021 16:13:30 -0400 Received: from mail.kernel.org ([198.145.29.99]:56498 "EHLO mail.kernel.org" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S231983AbhJOUNa (ORCPT ); Fri, 15 Oct 2021 16:13:30 -0400 Received: by mail.kernel.org (Postfix) with ESMTPSA id 978ED60F48; Fri, 15 Oct 2021 20:11:22 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=k20201202; t=1634328683; bh=YV58xuGEMPAJRnfXW0+uR8zK5dzxQXDeUcMl4PHCdVM=; h=Date:From:To:Cc:Subject:References:In-Reply-To:From; b=alsnPvU5ETi4f/emqb+tG8JG349Ms5sKj8g4PsjAbM4Kk7qqmvqvRUaA9e6bGfV4s HWW7oQzaYjcefb5ZpzxV5TA7PpqWLRmKDA10y4BUh6WiBgal07/SQONMxA/hCC7f/q AAa0YXLAUgsD19LGOBqmVS7/j4ZwIhHzzT8AmvKJP2TApyiaCKN0qhQps7c+ez2wpM a7VjpP5j9RDXHFlmG7XAiqkbSUSz3MdRys6YdvDK4rd/m4kG0d6mVye1VB74LGoxyf gQCqBDQ3T201P1f7MbIAs20UpsYtmkqssZmDhwpg9rfwJJnqHnE+enZAdkaNjfsmO8 9MMBCCNcWxw3A== Date: Fri, 15 Oct 2021 13:11:21 -0700 From: Eric Biggers To: Deven Bowers Cc: corbet@lwn.net, axboe@kernel.dk, agk@redhat.com, snitzer@redhat.com, tytso@mit.edu, paul@paul-moore.com, eparis@redhat.com, jmorris@namei.org, serge@hallyn.com, jannh@google.com, dm-devel@redhat.com, linux-doc@vger.kernel.org, linux-kernel@vger.kernel.org, linux-block@vger.kernel.org, linux-fscrypt@vger.kernel.org, linux-audit@redhat.com, linux-security-module@vger.kernel.org Subject: Re: [RFC PATCH v7 12/16] fsverity|security: add security hooks to fsverity digest and signature Message-ID: References: <1634151995-16266-1-git-send-email-deven.desai@linux.microsoft.com> <1634151995-16266-13-git-send-email-deven.desai@linux.microsoft.com> <9089bdb0-b28a-9fa0-c510-00fa275af621@linux.microsoft.com> MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Disposition: inline Content-Transfer-Encoding: 8bit In-Reply-To: <9089bdb0-b28a-9fa0-c510-00fa275af621@linux.microsoft.com> Precedence: bulk List-ID: X-Mailing-List: linux-block@vger.kernel.org On Fri, Oct 15, 2021 at 12:25:53PM -0700, Deven Bowers wrote: > > On 10/13/2021 12:24 PM, Eric Biggers wrote: > > On Wed, Oct 13, 2021 at 12:06:31PM -0700, deven.desai@linux.microsoft.com wrote: > > > From: Fan Wu > > > > > > Add security_inode_setsecurity to fsverity signature verification. > > > This can let LSMs save the signature data and digest hashes provided > > > by fsverity. > > Can you elaborate on why LSMs need this information? > > The proposed LSM (IPE) of this series will be the only one to need > this information at the  moment. IPE’s goal is to have provide > trust-based access control. Trust and Integrity are tied together, > as you cannot prove trust without proving integrity. I think you mean authenticity, not integrity? Also how does this differ from IMA? I know that IMA doesn't support fs-verity file hashes, but that could be changed. Why not extend IMA to cover your use case(s)? > IPE needs the digest information to be able to compare a digest > provided by the policy author, against the digest calculated by > fsverity to make a decision on whether that specific file, represented > by the digest is authorized for the actions specified in the policy. > > A more concrete example, if an IPE policy author writes: > >     op=EXECUTE fsverity_digest= action=DENY > > IPE takes the digest provided by this security hook, stores it > in IPE's security blob on the inode. If this file is later > executed, IPE compares the digest stored in the LSM blob, > provided by this hook, against in the policy, if > it matches, it denies the access, performing a revocation > of that file. Do you have a better example? This one is pretty useless since one can get around it just by executing a file that doesn't have fs-verity enabled. > This brings me to your next comment: > > > The digest isn't meaningful without knowing the hash algorithm it uses. > It's available here, but you aren't passing it to this function. > > The digest is meaningful without the algorithm in this case. No, it's not. Digests are meaningless without knowing what algorithm they were created with. If your security policy is something like "Trust the file with digest $foo" and multiple hash algorithms are possible, then the alorithm intended to be used needs to be explicitly specified. Otherwise any algorithm with the same length digest will be accepted. That's a fatal flaw if any of these algorithms is cryptographically broken or was never intended to be a cryptographic algorithm in the first place (e.g., a non-cryptographic checksum). Cryptosystems always need to specify the crypto algorithm(s) used; the adversary must not be allowed to choose the algorithms. I'm not sure how these patches can be taken seriously when they're getting this sort of thing wrong. > > > + FS_VERITY_SIGNATURE_SEC_NAME, > > > + signature, sig_size, 0); > > This is only for fs-verity built-in signatures which aren't the only way to do > > signatures with fs-verity. Are you sure this is what you're looking for? > > Could you elaborate on the other signature types that can be used > with fs-verity? I’m 99% sure this is what I’m looking for as this > is a signature validated in the kernel against the fs-verity keyring > as part of the “fsverity enable” utility. > > It's important that the signature is validated in the kernel, as > userspace is considered untrusted until the signature is validated > for this case. > > > Can you elaborate on your use case for fs-verity built-in signatures, > Sure, signatures, like digests, also provide a way to prove integrity, > and the trust component comes from the validation against the keyring, > as opposed to a fixed value in IPE’s policy. The use case for fs-verity > built-in signatures is that we have a rw ext4 filesystem that has some > executable files, and we want to have a execution policy (through IPE) > that only _trusted_ executables can run. Perf is important here, hence > fs-verity. Most users of fs-verity built-in signatures have actually been enforcing their security policy in userspace, by checking whether specific files have the fs-verity bit set or not. Such users could just store and verify signatures in userspace instead, without any kernel involvement. So that's what I've been recommending (with limited success, unfortunately). If you really do need in-kernel signature verification, then that may be a legitimate use case for the fs-verity built-in signatures, although I do wonder why you aren't using IMA and its signature mechanism instead. - Eric