From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id 60558C433F5 for ; Fri, 22 Oct 2021 16:31:37 +0000 (UTC) Received: from us-smtp-delivery-124.mimecast.com (us-smtp-delivery-124.mimecast.com [170.10.133.124]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mail.kernel.org (Postfix) with ESMTPS id C0B49610A4 for ; Fri, 22 Oct 2021 16:31:36 +0000 (UTC) DMARC-Filter: OpenDMARC Filter v1.4.1 mail.kernel.org C0B49610A4 Authentication-Results: mail.kernel.org; dmarc=fail (p=none dis=none) header.from=huawei.com Authentication-Results: mail.kernel.org; spf=pass smtp.mailfrom=redhat.com Received: from mimecast-mx01.redhat.com (mimecast-mx01.redhat.com [209.132.183.4]) (Using TLS) by relay.mimecast.com with ESMTP id us-mta-184-ZDTRHqLWPdikc7YuZElqYg-1; Fri, 22 Oct 2021 12:31:31 -0400 X-MC-Unique: ZDTRHqLWPdikc7YuZElqYg-1 Received: from smtp.corp.redhat.com (int-mx01.intmail.prod.int.phx2.redhat.com [10.5.11.11]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mimecast-mx01.redhat.com (Postfix) with ESMTPS id 7188110A8E16; Fri, 22 Oct 2021 16:31:25 +0000 (UTC) Received: from colo-mx.corp.redhat.com (colo-mx02.intmail.prod.int.phx2.redhat.com [10.5.11.21]) by smtp.corp.redhat.com (Postfix) with ESMTPS id 2B1D55B826; Fri, 22 Oct 2021 16:31:24 +0000 (UTC) Received: from lists01.pubmisc.prod.ext.phx2.redhat.com (lists01.pubmisc.prod.ext.phx2.redhat.com [10.5.19.33]) by colo-mx.corp.redhat.com (Postfix) with ESMTP id 940994E58F; Fri, 22 Oct 2021 16:31:17 +0000 (UTC) Received: from smtp.corp.redhat.com (int-mx06.intmail.prod.int.rdu2.redhat.com [10.11.54.6]) by lists01.pubmisc.prod.ext.phx2.redhat.com (8.13.8/8.13.8) with ESMTP id 19MGVEN3030482 for ; Fri, 22 Oct 2021 12:31:15 -0400 Received: by smtp.corp.redhat.com (Postfix) id BCCE32166B2D; Fri, 22 Oct 2021 16:31:14 +0000 (UTC) Received: from mimecast-mx02.redhat.com (mimecast06.extmail.prod.ext.rdu2.redhat.com [10.11.55.22]) by smtp.corp.redhat.com (Postfix) with ESMTPS id B720F2166B25 for ; Fri, 22 Oct 2021 16:31:11 +0000 (UTC) Received: from us-smtp-1.mimecast.com (us-smtp-2.mimecast.com [207.211.31.81]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mimecast-mx02.redhat.com (Postfix) with ESMTPS id 6717A1881442 for ; Fri, 22 Oct 2021 16:31:11 +0000 (UTC) Received: from frasgout.his.huawei.com (frasgout.his.huawei.com [185.176.79.56]) (Using TLS) by relay.mimecast.com with ESMTP id us-mta-435-xwxiwPq9OLqcT2coAX5JPg-1; Fri, 22 Oct 2021 12:31:05 -0400 X-MC-Unique: xwxiwPq9OLqcT2coAX5JPg-1 Received: from fraeml711-chm.china.huawei.com (unknown [172.18.147.201]) by frasgout.his.huawei.com (SkyGuard) with ESMTP id 4HbVBg2v7pz67Nc8; Sat, 23 Oct 2021 00:27:55 +0800 (CST) Received: from fraeml714-chm.china.huawei.com (10.206.15.33) by fraeml711-chm.china.huawei.com (10.206.15.60) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2308.15; Fri, 22 Oct 2021 18:31:02 +0200 Received: from fraeml714-chm.china.huawei.com ([10.206.15.33]) by fraeml714-chm.china.huawei.com ([10.206.15.33]) with mapi id 15.01.2308.015; Fri, 22 Oct 2021 18:31:02 +0200 From: Roberto Sassu To: Eric Biggers , Deven Bowers Thread-Topic: [RFC PATCH v7 12/16] fsverity|security: add security hooks to fsverity digest and signature Thread-Index: AQHXwGWUN6BqcPCg3Uma5jdt5usPz6vRLYAAgAMlHYCAAAy0gIAHoD6wgAM9LeA= Date: Fri, 22 Oct 2021 16:31:02 +0000 Message-ID: References: <1634151995-16266-1-git-send-email-deven.desai@linux.microsoft.com> <1634151995-16266-13-git-send-email-deven.desai@linux.microsoft.com> <9089bdb0-b28a-9fa0-c510-00fa275af621@linux.microsoft.com> <5c1f800ba554485cb3659da689d2079a@huawei.com> In-Reply-To: <5c1f800ba554485cb3659da689d2079a@huawei.com> Accept-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: x-originating-ip: [10.221.98.153] MIME-Version: 1.0 X-CFilter-Loop: Reflected X-Mimecast-Impersonation-Protect: Policy=CLT - Impersonation Protection Definition; Similar Internal Domain=false; Similar Monitored External Domain=false; Custom External Domain=false; Mimecast External Domain=false; Newly Observed Domain=false; Internal User Name=false; Custom Display Name List=false; Reply-to Address Mismatch=false; Targeted Threat Dictionary=false; Mimecast Threat Dictionary=false; Custom Threat Dictionary=false X-Scanned-By: MIMEDefang 2.78 on 10.11.54.6 X-MIME-Autoconverted: from base64 to 8bit by lists01.pubmisc.prod.ext.phx2.redhat.com id 19MGVEN3030482 X-loop: dm-devel@redhat.com Cc: "axboe@kernel.dk" , "linux-security-module@vger.kernel.org" , "tytso@mit.edu" , "paul@paul-moore.com" , "snitzer@redhat.com" , "corbet@lwn.net" , "jannh@google.com" , "linux-doc@vger.kernel.org" , "jmorris@namei.org" , "eparis@redhat.com" , "linux-kernel@vger.kernel.org" , "linux-block@vger.kernel.org" , "dm-devel@redhat.com" , "linux-audit@redhat.com" , "linux-fscrypt@vger.kernel.org" , "linux-integrity@vger.kernel.org" , "agk@redhat.com" , "serge@hallyn.com" Subject: Re: [dm-devel] [RFC PATCH v7 12/16] fsverity|security: add security hooks to fsverity digest and signature X-BeenThere: dm-devel@redhat.com X-Mailman-Version: 2.1.12 Precedence: junk List-Id: device-mapper development List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Sender: dm-devel-bounces@redhat.com Errors-To: dm-devel-bounces@redhat.com X-Scanned-By: MIMEDefang 2.79 on 10.5.11.11 Authentication-Results: relay.mimecast.com; auth=pass smtp.auth=CUSA124A263 smtp.mailfrom=dm-devel-bounces@redhat.com X-Mimecast-Spam-Score: 0 X-Mimecast-Originator: redhat.com Content-Language: en-US Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: base64 PiBGcm9tOiBSb2JlcnRvIFNhc3N1IFttYWlsdG86cm9iZXJ0by5zYXNzdUBodWF3ZWkuY29tXQo+ IFNlbnQ6IFdlZG5lc2RheSwgT2N0b2JlciAyMCwgMjAyMSA1OjA5IFBNCj4gPiBGcm9tOiBFcmlj IEJpZ2dlcnMgW21haWx0bzplYmlnZ2Vyc0BrZXJuZWwub3JnXQo+ID4gU2VudDogRnJpZGF5LCBP Y3RvYmVyIDE1LCAyMDIxIDEwOjExIFBNCj4gPiBPbiBGcmksIE9jdCAxNSwgMjAyMSBhdCAxMjoy NTo1M1BNIC0wNzAwLCBEZXZlbiBCb3dlcnMgd3JvdGU6Cj4gPiA+Cj4gPiA+IE9uIDEwLzEzLzIw MjEgMTI6MjQgUE0sIEVyaWMgQmlnZ2VycyB3cm90ZToKPiA+ID4gPiBPbiBXZWQsIE9jdCAxMywg MjAyMSBhdCAxMjowNjozMVBNIC0wNzAwLAo+ID4gZGV2ZW4uZGVzYWlAbGludXgubWljcm9zb2Z0 LmNvbSB3cm90ZToKPiA+ID4gPiA+IEZyb206IEZhbiBXdSA8d3VmYW5AbGludXgubWljcm9zb2Z0 LmNvbT4KPiA+ID4gPiA+Cj4gPiA+ID4gPiBBZGQgc2VjdXJpdHlfaW5vZGVfc2V0c2VjdXJpdHkg dG8gZnN2ZXJpdHkgc2lnbmF0dXJlIHZlcmlmaWNhdGlvbi4KPiA+ID4gPiA+IFRoaXMgY2FuIGxl dCBMU01zIHNhdmUgdGhlIHNpZ25hdHVyZSBkYXRhIGFuZCBkaWdlc3QgaGFzaGVzIHByb3ZpZGVk Cj4gPiA+ID4gPiBieSBmc3Zlcml0eS4KPiA+ID4gPiBDYW4geW91IGVsYWJvcmF0ZSBvbiB3aHkg TFNNcyBuZWVkIHRoaXMgaW5mb3JtYXRpb24/Cj4gPiA+Cj4gPiA+IFRoZSBwcm9wb3NlZCBMU00g KElQRSkgb2YgdGhpcyBzZXJpZXMgd2lsbCBiZSB0aGUgb25seSBvbmUgdG8gbmVlZAo+ID4gPiB0 aGlzIGluZm9ybWF0aW9uIGF0IHRoZcKgIG1vbWVudC4gSVBF4oCZcyBnb2FsIGlzIHRvIGhhdmUg cHJvdmlkZQo+ID4gPiB0cnVzdC1iYXNlZCBhY2Nlc3MgY29udHJvbC4gVHJ1c3QgYW5kIEludGVn cml0eSBhcmUgdGllZCB0b2dldGhlciwKPiA+ID4gYXMgeW91IGNhbm5vdCBwcm92ZSB0cnVzdCB3 aXRob3V0IHByb3ZpbmcgaW50ZWdyaXR5Lgo+ID4KPiA+IEkgdGhpbmsgeW91IG1lYW4gYXV0aGVu dGljaXR5LCBub3QgaW50ZWdyaXR5Pwo+ID4KPiA+IEFsc28gaG93IGRvZXMgdGhpcyBkaWZmZXIg ZnJvbSBJTUE/ICBJIGtub3cgdGhhdCBJTUEgZG9lc24ndCBzdXBwb3J0IGZzLXZlcml0eQo+ID4g ZmlsZSBoYXNoZXMsIGJ1dCB0aGF0IGNvdWxkIGJlIGNoYW5nZWQuICBXaHkgbm90IGV4dGVuZCBJ TUEgdG8gY292ZXIgeW91ciB1c2UKPiA+IGNhc2Uocyk/Cj4gPgo+ID4gPiBJUEUgbmVlZHMgdGhl IGRpZ2VzdCBpbmZvcm1hdGlvbiB0byBiZSBhYmxlIHRvIGNvbXBhcmUgYSBkaWdlc3QKPiA+ID4g cHJvdmlkZWQgYnkgdGhlIHBvbGljeSBhdXRob3IsIGFnYWluc3QgdGhlIGRpZ2VzdCBjYWxjdWxh dGVkIGJ5Cj4gPiA+IGZzdmVyaXR5IHRvIG1ha2UgYSBkZWNpc2lvbiBvbiB3aGV0aGVyIHRoYXQg c3BlY2lmaWMgZmlsZSwgcmVwcmVzZW50ZWQKPiA+ID4gYnkgdGhlIGRpZ2VzdCBpcyBhdXRob3Jp emVkIGZvciB0aGUgYWN0aW9ucyBzcGVjaWZpZWQgaW4gdGhlIHBvbGljeS4KPiA+ID4KPiA+ID4g QSBtb3JlIGNvbmNyZXRlIGV4YW1wbGUsIGlmIGFuIElQRSBwb2xpY3kgYXV0aG9yIHdyaXRlczoK PiA+ID4KPiA+ID4gwqDCoMKgIG9wPUVYRUNVVEUgZnN2ZXJpdHlfZGlnZXN0PTxIZXhEaWdlc3Qg PiBhY3Rpb249REVOWQo+ID4gPgo+ID4gPiBJUEUgdGFrZXMgdGhlIGRpZ2VzdCBwcm92aWRlZCBi eSB0aGlzIHNlY3VyaXR5IGhvb2ssIHN0b3JlcyBpdAo+ID4gPiBpbiBJUEUncyBzZWN1cml0eSBi bG9iIG9uIHRoZSBpbm9kZS4gSWYgdGhpcyBmaWxlIGlzIGxhdGVyCj4gPiA+IGV4ZWN1dGVkLCBJ UEUgY29tcGFyZXMgdGhlIGRpZ2VzdCBzdG9yZWQgaW4gdGhlIExTTSBibG9iLAo+ID4gPiBwcm92 aWRlZCBieSB0aGlzIGhvb2ssIGFnYWluc3QgPEhleERpZ2VzdD4gaW4gdGhlIHBvbGljeSwgaWYK PiA+ID4gaXQgbWF0Y2hlcywgaXQgZGVuaWVzIHRoZSBhY2Nlc3MsIHBlcmZvcm1pbmcgYSByZXZv Y2F0aW9uCj4gPiA+IG9mIHRoYXQgZmlsZS4KPiA+Cj4gPiBEbyB5b3UgaGF2ZSBhIGJldHRlciBl eGFtcGxlPyAgVGhpcyBvbmUgaXMgcHJldHR5IHVzZWxlc3Mgc2luY2Ugb25lIGNhbiBnZXQKPiA+ IGFyb3VuZCBpdCBqdXN0IGJ5IGV4ZWN1dGluZyBhIGZpbGUgdGhhdCBkb2Vzbid0IGhhdmUgZnMt dmVyaXR5IGVuYWJsZWQuCj4gCj4gSSB3YXMgd29uZGVyaW5nIGlmIHRoZSBmb2xsb3dpbmcgdXNl IGNhc2UgY2FuIGJlIHN1cHBvcnRlZDoKPiBhbGxvdyB0aGUgZXhlY3V0aW9uIG9mIGZpbGVzIHBy b3RlY3RlZCB3aXRoIGZzdmVyaXR5IGlmIHRoZSByb290Cj4gZGlnZXN0IGlzIGZvdW5kIGFtb25n IHJlZmVyZW5jZSB2YWx1ZXMgKGluc3RlYWQgb2YgcHJvdmlkaW5nCj4gdGhlbSBvbmUgYnkgb25l IGluIHRoZSBwb2xpY3kpLgo+IAo+IFNvbWV0aGluZyBsaWtlOgo+IAo+IG9wPUVYRUNVVEUgZnN2 ZXJpdHlfZGlnZXN0PWRpZ2xpbSBhY3Rpb249QUxMT1cKCkxvb2tzIGxpa2UgaXQgd29ya3MuIEkg bW9kaWZpZWQgSVBFIHRvIHF1ZXJ5IHRoZSByb290IGRpZ2VzdApvZiBhbiBmc3Zlcml0eS1wcm90 ZWN0ZWQgZmlsZSBpbiBESUdMSU0uCgojIGNhdCBpcGUtcG9saWN5CnBvbGljeV9uYW1lPSJBbGxv d0ZTVmVyaXR5S21vZHVsZXMiIHBvbGljeV92ZXJzaW9uPTAuMC4xCkRFRkFVTFQgYWN0aW9uPUFM TE9XCkRFRkFVTFQgb3A9S01PRFVMRSBhY3Rpb249REVOWQpvcD1LTU9EVUxFIGZzdmVyaXR5X2Rp Z2VzdD1kaWdsaW0gYWN0aW9uPUFMTE9XCgpJUEUgc2V0dXA6CiMgY2F0IGlwZS1wb2xpY3kucDdz ID4gL3N5cy9rZXJuZWwvc2VjdXJpdHkvaXBlL25ld19wb2xpY3kKIyBlY2hvIC1uIDEgPiAgL3N5 cy9rZXJuZWwvc2VjdXJpdHkvaXBlL3BvbGljaWVzL0FsbG93RlNWZXJpdHlLbW9kdWxlcy9hY3Rp dmUKIyBlY2hvIDEgPiAvc3lzL2tlcm5lbC9zZWN1cml0eS9pcGUvZW5mb3JjZQoKSVBFIGRlbmll cyBsb2FkaW5nIG9mIGtlcm5lbCBtb2R1bGVzIG5vdCBwcm90ZWN0ZWQgYnkgZnN2ZXJpdHk6CiMg aW5zbW9kICAvbGliL21vZHVsZXMvNS4xNS4wLXJjMSsva2VybmVsL2ZzL2ZhdC9mYXQua28KaW5z bW9kOiBFUlJPUjogY291bGQgbm90IGluc2VydCBtb2R1bGUgL2xpYi9tb2R1bGVzLzUuMTUuMC1y YzErL2tlcm5lbC9mcy9mYXQvZmF0LmtvOiBQZXJtaXNzaW9uIGRlbmllZAoKUHJvdGVjdCBmYXQu a28gd2l0aCBmc3Zlcml0eToKIyBjcCAvbGliL21vZHVsZXMvNS4xNS4wLXJjMSsva2VybmVsL2Zz L2ZhdC9mYXQua28gL2ZzdmVyaXR5CiMgZnN2ZXJpdHkgZW5hYmxlIC9mc3Zlcml0eS9mYXQua28K IyBmc3Zlcml0eSBtZWFzdXJlIC9mc3Zlcml0eS9mYXQua28Kc2hhMjU2OjA3OWJlNmQ4ODYzOGU1 ODE0MWVlMjRiYmE4OTgxMzkxN2M0NGZhYTU1YWRhNGJmNWQ4MDMzNWVmZTE1NDc4MDMgL2ZzdmVy aXR5L2ZhdC5rbwoKSVBFIHN0aWxsIGRlbmllcyB0aGUgbG9hZGluZyBvZiBmYXQua28gKHJvb3Qg ZGlnZXN0IG5vdCB1cGxvYWRlZCB0byB0aGUga2VybmVsKToKIyBpbnNtb2QgL2ZzdmVyaXR5L2Zh dC5rbwppbnNtb2Q6IEVSUk9SOiBjb3VsZCBub3QgaW5zZXJ0IG1vZHVsZSAvZnN2ZXJpdHkvZmF0 LmtvOiBQZXJtaXNzaW9uIGRlbmllZAoKR2VuZXJhdGUgYSBkaWdlc3QgbGlzdCB3aXRoIHRoZSBy b290IGRpZ2VzdCBhYm92ZSBhbmQgdXBsb2FkIGl0IHRvIHRoZSBrZXJuZWw6CiMgLi9jb21wYWN0 X2dlbiAtaSAwNzliZTZkODg2MzhlNTgxNDFlZTI0YmJhODk4MTM5MTdjNDRmYWE1NWFkYTRiZjVk ODAzMzVlZmUxNTQ3ODAzIC1hIHNoYTI1NiAtZCB0ZXN0IC1zIC10IGZpbGUgLWYKIyBlY2hvICRQ V0QvdGVzdC8wLWZpbGVfbGlzdC1jb21wYWN0LTA3OWJlNmQ4ODYzOGU1ODE0MWVlMjRiYmE4OTgx MzkxN2M0NGZhYTU1YWRhNGJmNWQ4MDMzNWVmZTE1NDc4MDMgPiAvc3lzL2tlcm5lbC9zZWN1cml0 eS9pbnRlZ3JpdHkvZGlnbGltL2RpZ2VzdF9saXN0X2FkZAoKSVBFIGFsbG93cyB0aGUgbG9hZGlu ZyBvZiBmYXQua286CiMgaW5zbW9kIC9mc3Zlcml0eS9mYXQua28KIwoKUmVnYXJkaW5nIGF1dGhl bnRpY2l0eSwgbm90IHNob3duIGluIHRoaXMgZGVtbywgSVBFIHdpbGwgYWxzbwplbnN1cmUgdGhh dCB0aGUgcm9vdCBkaWdlc3QgaXMgc2lnbmVkIChkaWdsaW1fZGlnZXN0X2dldF9pbmZvKCkKcmVw b3J0cyB0aGlzIGluZm9ybWF0aW9uKS4KClJvYmVydG8KCkhVQVdFSSBURUNITk9MT0dJRVMgRHVl c3NlbGRvcmYgR21iSCwgSFJCIDU2MDYzCk1hbmFnaW5nIERpcmVjdG9yOiBMaSBQZW5nLCBaaG9u ZyBSb25naHVhCgo+IERJR0xJTSBpcyBhIGNvbXBvbmVudCBJJ20gd29ya2luZyBvbiB0aGF0IGdl bmVyaWNhbGx5Cj4gc3RvcmVzIGRpZ2VzdHMuIFRoZSBjdXJyZW50IHVzZSBjYXNlIGlzIHRvIHN0 b3JlIGZpbGUgZGlnZXN0cwo+IGZyb20gUlBNVEFHX0ZJTEVESUdFU1RTIGFuZCB1c2UgdGhlbSB3 aXRoIElNQSwgYnV0Cj4gdGhlIGZzdmVyaXR5IHVzZSBjYXNlIGNvdWxkIGJlIGVhc2lseSBzdXBw b3J0ZWQgKGlmIHRoZSByb290Cj4gZGlnZXN0IGlzIHN0b3JlZCBpbiB0aGUgUlBNIGhlYWRlciku Cj4gCj4gRElHTElNIGFsc28gdGVsbHMgd2hldGhlciBvciBub3QgdGhlIHNpZ25hdHVyZSBvZiB0 aGUgc291cmNlCj4gY29udGFpbmluZyBmaWxlIGRpZ2VzdHMgKG9yIGZzdmVyaXR5IGRpZ2VzdHMp IGlzIHZhbGlkICh0aGUgc2lnbmF0dXJlCj4gb2YgdGhlIFJQTSBoZWFkZXIgaXMgdGFrZW4gZnJv bSBSUE1UQUdfUlNBSEVBREVSKS4KPiAKPiBUaGUgbWVtb3J5IG9jY3VwYXRpb24gaXMgcmVsYXRp dmVseSBzbWFsbCBmb3IgZXhlY3V0YWJsZXMKPiBhbmQgc2hhcmVkIGxpYnJhcmllcy4gSSBwdWJs aXNoZWQgYSBkZW1vIGZvciBGZWRvcmEgYW5kCj4gb3BlblNVU0Ugc29tZSB0aW1lIGFnbzoKPiAK PiBodHRwczovL2xvcmUua2VybmVsLm9yZy9saW51eC0KPiBpbnRlZ3JpdHkvNDhjZDczN2M1MDRk NDUyMDgzNzdkYWEyN2Q2MjU1MzFAaHVhd2VpLmNvbS8KPiAKPiBUaGFua3MKPiAKPiBSb2JlcnRv Cj4gCj4gSFVBV0VJIFRFQ0hOT0xPR0lFUyBEdWVzc2VsZG9yZiBHbWJILCBIUkIgNTYwNjMKPiBN YW5hZ2luZyBEaXJlY3RvcjogTGkgUGVuZywgWmhvbmcgUm9uZ2h1YQo+IAo+ID4gPiBUaGlzIGJy aW5ncyBtZSB0byB5b3VyIG5leHQgY29tbWVudDoKPiA+ID4KPiA+ID4gPiBUaGUgZGlnZXN0IGlz bid0IG1lYW5pbmdmdWwgd2l0aG91dCBrbm93aW5nIHRoZSBoYXNoIGFsZ29yaXRobSBpdCB1c2Vz Lgo+ID4gPiBJdCdzIGF2YWlsYWJsZSBoZXJlLCBidXQgeW91IGFyZW4ndCBwYXNzaW5nIGl0IHRv IHRoaXMgZnVuY3Rpb24uCj4gPiA+Cj4gPiA+IFRoZSBkaWdlc3QgaXMgbWVhbmluZ2Z1bCB3aXRo b3V0IHRoZSBhbGdvcml0aG0gaW4gdGhpcyBjYXNlLgo+ID4KPiA+IE5vLCBpdCdzIG5vdC4KPiA+ Cj4gPiBEaWdlc3RzIGFyZSBtZWFuaW5nbGVzcyB3aXRob3V0IGtub3dpbmcgd2hhdCBhbGdvcml0 aG0gdGhleSB3ZXJlIGNyZWF0ZWQKPiA+IHdpdGguCj4gPgo+ID4gSWYgeW91ciBzZWN1cml0eSBw b2xpY3kgaXMgc29tZXRoaW5nIGxpa2UgIlRydXN0IHRoZSBmaWxlIHdpdGggZGlnZXN0ICRmb28i IGFuZAo+ID4gbXVsdGlwbGUgaGFzaCBhbGdvcml0aG1zIGFyZSBwb3NzaWJsZSwgdGhlbiB0aGUg YWxvcml0aG0gaW50ZW5kZWQgdG8gYmUgdXNlZAo+ID4gbmVlZHMgdG8gYmUgZXhwbGljaXRseSBz cGVjaWZpZWQuICBPdGhlcndpc2UgYW55IGFsZ29yaXRobSB3aXRoIHRoZSBzYW1lIGxlbmd0aAo+ ID4gZGlnZXN0IHdpbGwgYmUgYWNjZXB0ZWQuICBUaGF0J3MgYSBmYXRhbCBmbGF3IGlmIGFueSBv ZiB0aGVzZSBhbGdvcml0aG1zIGlzCj4gPiBjcnlwdG9ncmFwaGljYWxseSBicm9rZW4gb3Igd2Fz IG5ldmVyIGludGVuZGVkIHRvIGJlIGEgY3J5cHRvZ3JhcGhpYwo+IGFsZ29yaXRobQo+ID4gaW4g dGhlIGZpcnN0IHBsYWNlIChlLmcuLCBhIG5vbi1jcnlwdG9ncmFwaGljIGNoZWNrc3VtKS4KPiA+ Cj4gPiBDcnlwdG9zeXN0ZW1zIGFsd2F5cyBuZWVkIHRvIHNwZWNpZnkgdGhlIGNyeXB0byBhbGdv cml0aG0ocykgdXNlZDsgdGhlCj4gPiBhZHZlcnNhcnkKPiA+IG11c3Qgbm90IGJlIGFsbG93ZWQg dG8gY2hvb3NlIHRoZSBhbGdvcml0aG1zLgo+ID4KPiA+IEknbSBub3Qgc3VyZSBob3cgdGhlc2Ug cGF0Y2hlcyBjYW4gYmUgdGFrZW4gc2VyaW91c2x5IHdoZW4gdGhleSdyZSBnZXR0aW5nCj4gdGhp cwo+ID4gc29ydCBvZiB0aGluZyB3cm9uZy4KPiA+Cj4gPiA+ID4gPiArCj4gCUZTX1ZFUklUWV9T SUdOQVRVUkVfU0VDX05BTUUsCj4gPiA+ID4gPiArCQkJCQlzaWduYXR1cmUsIHNpZ19zaXplLCAw KTsKPiA+ID4gPiBUaGlzIGlzIG9ubHkgZm9yIGZzLXZlcml0eSBidWlsdC1pbiBzaWduYXR1cmVz IHdoaWNoIGFyZW4ndCB0aGUgb25seSB3YXkgdG8gZG8KPiA+ID4gPiBzaWduYXR1cmVzIHdpdGgg ZnMtdmVyaXR5LiAgQXJlIHlvdSBzdXJlIHRoaXMgaXMgd2hhdCB5b3UncmUgbG9va2luZyBmb3I/ Cj4gPiA+Cj4gPiA+IENvdWxkIHlvdSBlbGFib3JhdGUgb24gdGhlIG90aGVyIHNpZ25hdHVyZSB0 eXBlcyB0aGF0IGNhbiBiZSB1c2VkCj4gPiA+IHdpdGggZnMtdmVyaXR5PyBJ4oCZbSA5OSUgc3Vy ZSB0aGlzIGlzIHdoYXQgSeKAmW0gbG9va2luZyBmb3IgYXMgdGhpcwo+ID4gPiBpcyBhIHNpZ25h dHVyZSB2YWxpZGF0ZWQgaW4gdGhlIGtlcm5lbCBhZ2FpbnN0IHRoZSBmcy12ZXJpdHkga2V5cmlu Zwo+ID4gPiBhcyBwYXJ0IG9mIHRoZSDigJxmc3Zlcml0eSBlbmFibGXigJ0gdXRpbGl0eS4KPiA+ ID4KPiA+ID4gSXQncyBpbXBvcnRhbnQgdGhhdCB0aGUgc2lnbmF0dXJlIGlzIHZhbGlkYXRlZCBp biB0aGUga2VybmVsLCBhcwo+ID4gPiB1c2Vyc3BhY2UgaXMgY29uc2lkZXJlZCB1bnRydXN0ZWQg dW50aWwgdGhlIHNpZ25hdHVyZSBpcyB2YWxpZGF0ZWQKPiA+ID4gZm9yIHRoaXMgY2FzZS4KPiA+ ID4KPiA+ID4gPiBDYW4geW91IGVsYWJvcmF0ZSBvbiB5b3VyIHVzZSBjYXNlIGZvciBmcy12ZXJp dHkgYnVpbHQtaW4gc2lnbmF0dXJlcywKPiA+ID4gU3VyZSwgc2lnbmF0dXJlcywgbGlrZSBkaWdl c3RzLCBhbHNvIHByb3ZpZGUgYSB3YXkgdG8gcHJvdmUgaW50ZWdyaXR5LAo+ID4gPiBhbmQgdGhl IHRydXN0IGNvbXBvbmVudCBjb21lcyBmcm9tIHRoZSB2YWxpZGF0aW9uIGFnYWluc3QgdGhlIGtl eXJpbmcsCj4gPiA+IGFzIG9wcG9zZWQgdG8gYSBmaXhlZCB2YWx1ZSBpbiBJUEXigJlzIHBvbGlj eS4gVGhlIHVzZSBjYXNlIGZvciBmcy12ZXJpdHkKPiA+ID4gYnVpbHQtaW4gc2lnbmF0dXJlcyBp cyB0aGF0IHdlIGhhdmUgYSBydyBleHQ0IGZpbGVzeXN0ZW0gdGhhdCBoYXMgc29tZQo+ID4gPiBl eGVjdXRhYmxlIGZpbGVzLCBhbmQgd2Ugd2FudCB0byBoYXZlIGEgZXhlY3V0aW9uIHBvbGljeSAo dGhyb3VnaCBJUEUpCj4gPiA+IHRoYXQgb25seSBfdHJ1c3RlZF8gZXhlY3V0YWJsZXMgY2FuIHJ1 bi4gUGVyZiBpcyBpbXBvcnRhbnQgaGVyZSwgaGVuY2UKPiA+ID4gZnMtdmVyaXR5Lgo+ID4KPiA+ IE1vc3QgdXNlcnMgb2YgZnMtdmVyaXR5IGJ1aWx0LWluIHNpZ25hdHVyZXMgaGF2ZSBhY3R1YWxs eSBiZWVuIGVuZm9yY2luZyB0aGVpcgo+ID4gc2VjdXJpdHkgcG9saWN5IGluIHVzZXJzcGFjZSwg YnkgY2hlY2tpbmcgd2hldGhlciBzcGVjaWZpYyBmaWxlcyBoYXZlIHRoZQo+ID4gZnMtdmVyaXR5 IGJpdCBzZXQgb3Igbm90LiAgU3VjaCB1c2VycyBjb3VsZCBqdXN0IHN0b3JlIGFuZCB2ZXJpZnkg c2lnbmF0dXJlcyBpbgo+ID4gdXNlcnNwYWNlIGluc3RlYWQsIHdpdGhvdXQgYW55IGtlcm5lbCBp bnZvbHZlbWVudC4gIFNvIHRoYXQncyB3aGF0IEkndmUgYmVlbgo+ID4gcmVjb21tZW5kaW5nICh3 aXRoIGxpbWl0ZWQgc3VjY2VzcywgdW5mb3J0dW5hdGVseSkuCj4gPgo+ID4gSWYgeW91IHJlYWxs eSBkbyBuZWVkIGluLWtlcm5lbCBzaWduYXR1cmUgdmVyaWZpY2F0aW9uLCB0aGVuIHRoYXQgbWF5 IGJlIGEKPiA+IGxlZ2l0aW1hdGUgdXNlIGNhc2UgZm9yIHRoZSBmcy12ZXJpdHkgYnVpbHQtaW4g c2lnbmF0dXJlcywgYWx0aG91Z2ggSSBkbyB3b25kZXIKPiA+IHdoeSB5b3UgYXJlbid0IHVzaW5n IElNQSBhbmQgaXRzIHNpZ25hdHVyZSBtZWNoYW5pc20gaW5zdGVhZC4KPiA+Cj4gPiAtIEVyaWMK Ci0tCmRtLWRldmVsIG1haWxpbmcgbGlzdApkbS1kZXZlbEByZWRoYXQuY29tCmh0dHBzOi8vbGlz dG1hbi5yZWRoYXQuY29tL21haWxtYW4vbGlzdGluZm8vZG0tZGV2ZWw= From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id 4FFB3C433F5 for ; Sun, 24 Oct 2021 23:40:43 +0000 (UTC) Received: from us-smtp-delivery-124.mimecast.com (us-smtp-delivery-124.mimecast.com [216.205.24.124]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mail.kernel.org (Postfix) with ESMTPS id 737AE60E52 for ; Sun, 24 Oct 2021 23:40:42 +0000 (UTC) DMARC-Filter: OpenDMARC Filter v1.4.1 mail.kernel.org 737AE60E52 Authentication-Results: mail.kernel.org; dmarc=fail (p=none dis=none) header.from=huawei.com Authentication-Results: mail.kernel.org; spf=pass smtp.mailfrom=redhat.com Received: from mimecast-mx01.redhat.com (mimecast-mx01.redhat.com [209.132.183.4]) (Using TLS) by relay.mimecast.com with ESMTP id us-mta-255-OmWEFbjwP8aciDzmZuBJCw-1; Sun, 24 Oct 2021 19:40:37 -0400 X-MC-Unique: OmWEFbjwP8aciDzmZuBJCw-1 Received: from smtp.corp.redhat.com (int-mx08.intmail.prod.int.phx2.redhat.com [10.5.11.23]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mimecast-mx01.redhat.com (Postfix) with ESMTPS id C5E38362F8; Sun, 24 Oct 2021 23:40:33 +0000 (UTC) Received: from colo-mx.corp.redhat.com (colo-mx02.intmail.prod.int.phx2.redhat.com [10.5.11.21]) by smtp.corp.redhat.com (Postfix) with ESMTPS id 7BEFB1972E; Sun, 24 Oct 2021 23:40:32 +0000 (UTC) Received: from lists01.pubmisc.prod.ext.phx2.redhat.com (lists01.pubmisc.prod.ext.phx2.redhat.com [10.5.19.33]) by colo-mx.corp.redhat.com (Postfix) with ESMTP id 884DC4A703; Sun, 24 Oct 2021 23:40:29 +0000 (UTC) Received: from smtp.corp.redhat.com (int-mx04.intmail.prod.int.rdu2.redhat.com [10.11.54.4]) by lists01.pubmisc.prod.ext.phx2.redhat.com (8.13.8/8.13.8) with ESMTP id 19MGVBab030475 for ; Fri, 22 Oct 2021 12:31:11 -0400 Received: by smtp.corp.redhat.com (Postfix) id 459A42026D60; Fri, 22 Oct 2021 16:31:11 +0000 (UTC) Received: from mimecast-mx02.redhat.com (mimecast04.extmail.prod.ext.rdu2.redhat.com [10.11.55.20]) by smtp.corp.redhat.com (Postfix) with ESMTPS id 404492026D46 for ; Fri, 22 Oct 2021 16:31:07 +0000 (UTC) Received: from us-smtp-1.mimecast.com (us-smtp-delivery-1.mimecast.com [207.211.31.120]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mimecast-mx02.redhat.com (Postfix) with ESMTPS id 92DD8106655B for ; Fri, 22 Oct 2021 16:31:07 +0000 (UTC) Received: from frasgout.his.huawei.com (frasgout.his.huawei.com [185.176.79.56]) (Using TLS) by relay.mimecast.com with ESMTP id us-mta-435-xwxiwPq9OLqcT2coAX5JPg-1; Fri, 22 Oct 2021 12:31:05 -0400 X-MC-Unique: xwxiwPq9OLqcT2coAX5JPg-1 Received: from fraeml711-chm.china.huawei.com (unknown [172.18.147.201]) by frasgout.his.huawei.com (SkyGuard) with ESMTP id 4HbVBg2v7pz67Nc8; Sat, 23 Oct 2021 00:27:55 +0800 (CST) Received: from fraeml714-chm.china.huawei.com (10.206.15.33) by fraeml711-chm.china.huawei.com (10.206.15.60) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2308.15; Fri, 22 Oct 2021 18:31:02 +0200 Received: from fraeml714-chm.china.huawei.com ([10.206.15.33]) by fraeml714-chm.china.huawei.com ([10.206.15.33]) with mapi id 15.01.2308.015; Fri, 22 Oct 2021 18:31:02 +0200 From: Roberto Sassu To: Eric Biggers , Deven Bowers Subject: RE: [RFC PATCH v7 12/16] fsverity|security: add security hooks to fsverity digest and signature Thread-Topic: [RFC PATCH v7 12/16] fsverity|security: add security hooks to fsverity digest and signature Thread-Index: AQHXwGWUN6BqcPCg3Uma5jdt5usPz6vRLYAAgAMlHYCAAAy0gIAHoD6wgAM9LeA= Date: Fri, 22 Oct 2021 16:31:02 +0000 Message-ID: References: <1634151995-16266-1-git-send-email-deven.desai@linux.microsoft.com> <1634151995-16266-13-git-send-email-deven.desai@linux.microsoft.com> <9089bdb0-b28a-9fa0-c510-00fa275af621@linux.microsoft.com> <5c1f800ba554485cb3659da689d2079a@huawei.com> In-Reply-To: <5c1f800ba554485cb3659da689d2079a@huawei.com> Accept-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: x-originating-ip: [10.221.98.153] MIME-Version: 1.0 X-CFilter-Loop: Reflected X-Mimecast-Impersonation-Protect: Policy=CLT - Impersonation Protection Definition; Similar Internal Domain=false; Similar Monitored External Domain=false; Custom External Domain=false; Mimecast External Domain=false; Newly Observed Domain=false; Internal User Name=false; Custom Display Name List=false; Reply-to Address Mismatch=false; Targeted Threat Dictionary=false; Mimecast Threat Dictionary=false; Custom Threat Dictionary=false X-Scanned-By: MIMEDefang 2.78 on 10.11.54.4 X-MIME-Autoconverted: from base64 to 8bit by lists01.pubmisc.prod.ext.phx2.redhat.com id 19MGVBab030475 X-loop: linux-audit@redhat.com X-Mailman-Approved-At: Sun, 24 Oct 2021 19:40:27 -0400 Cc: "axboe@kernel.dk" , "linux-security-module@vger.kernel.org" , "tytso@mit.edu" , "snitzer@redhat.com" , "corbet@lwn.net" , "jannh@google.com" , "linux-doc@vger.kernel.org" , "jmorris@namei.org" , "eparis@redhat.com" , "linux-kernel@vger.kernel.org" , "linux-block@vger.kernel.org" , "dm-devel@redhat.com" , "linux-audit@redhat.com" , "linux-fscrypt@vger.kernel.org" , "linux-integrity@vger.kernel.org" , "agk@redhat.com" , "serge@hallyn.com" X-BeenThere: linux-audit@redhat.com X-Mailman-Version: 2.1.12 Precedence: junk List-Id: Linux Audit Discussion List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Sender: linux-audit-bounces@redhat.com Errors-To: linux-audit-bounces@redhat.com X-Scanned-By: MIMEDefang 2.84 on 10.5.11.23 Authentication-Results: relay.mimecast.com; auth=pass smtp.auth=CUSA124A263 smtp.mailfrom=linux-audit-bounces@redhat.com X-Mimecast-Spam-Score: 0 X-Mimecast-Originator: redhat.com Content-Language: en-US Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: base64 PiBGcm9tOiBSb2JlcnRvIFNhc3N1IFttYWlsdG86cm9iZXJ0by5zYXNzdUBodWF3ZWkuY29tXQo+ IFNlbnQ6IFdlZG5lc2RheSwgT2N0b2JlciAyMCwgMjAyMSA1OjA5IFBNCj4gPiBGcm9tOiBFcmlj IEJpZ2dlcnMgW21haWx0bzplYmlnZ2Vyc0BrZXJuZWwub3JnXQo+ID4gU2VudDogRnJpZGF5LCBP Y3RvYmVyIDE1LCAyMDIxIDEwOjExIFBNCj4gPiBPbiBGcmksIE9jdCAxNSwgMjAyMSBhdCAxMjoy NTo1M1BNIC0wNzAwLCBEZXZlbiBCb3dlcnMgd3JvdGU6Cj4gPiA+Cj4gPiA+IE9uIDEwLzEzLzIw MjEgMTI6MjQgUE0sIEVyaWMgQmlnZ2VycyB3cm90ZToKPiA+ID4gPiBPbiBXZWQsIE9jdCAxMywg MjAyMSBhdCAxMjowNjozMVBNIC0wNzAwLAo+ID4gZGV2ZW4uZGVzYWlAbGludXgubWljcm9zb2Z0 LmNvbSB3cm90ZToKPiA+ID4gPiA+IEZyb206IEZhbiBXdSA8d3VmYW5AbGludXgubWljcm9zb2Z0 LmNvbT4KPiA+ID4gPiA+Cj4gPiA+ID4gPiBBZGQgc2VjdXJpdHlfaW5vZGVfc2V0c2VjdXJpdHkg dG8gZnN2ZXJpdHkgc2lnbmF0dXJlIHZlcmlmaWNhdGlvbi4KPiA+ID4gPiA+IFRoaXMgY2FuIGxl dCBMU01zIHNhdmUgdGhlIHNpZ25hdHVyZSBkYXRhIGFuZCBkaWdlc3QgaGFzaGVzIHByb3ZpZGVk Cj4gPiA+ID4gPiBieSBmc3Zlcml0eS4KPiA+ID4gPiBDYW4geW91IGVsYWJvcmF0ZSBvbiB3aHkg TFNNcyBuZWVkIHRoaXMgaW5mb3JtYXRpb24/Cj4gPiA+Cj4gPiA+IFRoZSBwcm9wb3NlZCBMU00g KElQRSkgb2YgdGhpcyBzZXJpZXMgd2lsbCBiZSB0aGUgb25seSBvbmUgdG8gbmVlZAo+ID4gPiB0 aGlzIGluZm9ybWF0aW9uIGF0IHRoZcKgIG1vbWVudC4gSVBF4oCZcyBnb2FsIGlzIHRvIGhhdmUg cHJvdmlkZQo+ID4gPiB0cnVzdC1iYXNlZCBhY2Nlc3MgY29udHJvbC4gVHJ1c3QgYW5kIEludGVn cml0eSBhcmUgdGllZCB0b2dldGhlciwKPiA+ID4gYXMgeW91IGNhbm5vdCBwcm92ZSB0cnVzdCB3 aXRob3V0IHByb3ZpbmcgaW50ZWdyaXR5Lgo+ID4KPiA+IEkgdGhpbmsgeW91IG1lYW4gYXV0aGVu dGljaXR5LCBub3QgaW50ZWdyaXR5Pwo+ID4KPiA+IEFsc28gaG93IGRvZXMgdGhpcyBkaWZmZXIg ZnJvbSBJTUE/ICBJIGtub3cgdGhhdCBJTUEgZG9lc24ndCBzdXBwb3J0IGZzLXZlcml0eQo+ID4g ZmlsZSBoYXNoZXMsIGJ1dCB0aGF0IGNvdWxkIGJlIGNoYW5nZWQuICBXaHkgbm90IGV4dGVuZCBJ TUEgdG8gY292ZXIgeW91ciB1c2UKPiA+IGNhc2Uocyk/Cj4gPgo+ID4gPiBJUEUgbmVlZHMgdGhl IGRpZ2VzdCBpbmZvcm1hdGlvbiB0byBiZSBhYmxlIHRvIGNvbXBhcmUgYSBkaWdlc3QKPiA+ID4g cHJvdmlkZWQgYnkgdGhlIHBvbGljeSBhdXRob3IsIGFnYWluc3QgdGhlIGRpZ2VzdCBjYWxjdWxh dGVkIGJ5Cj4gPiA+IGZzdmVyaXR5IHRvIG1ha2UgYSBkZWNpc2lvbiBvbiB3aGV0aGVyIHRoYXQg c3BlY2lmaWMgZmlsZSwgcmVwcmVzZW50ZWQKPiA+ID4gYnkgdGhlIGRpZ2VzdCBpcyBhdXRob3Jp emVkIGZvciB0aGUgYWN0aW9ucyBzcGVjaWZpZWQgaW4gdGhlIHBvbGljeS4KPiA+ID4KPiA+ID4g QSBtb3JlIGNvbmNyZXRlIGV4YW1wbGUsIGlmIGFuIElQRSBwb2xpY3kgYXV0aG9yIHdyaXRlczoK PiA+ID4KPiA+ID4gwqDCoMKgIG9wPUVYRUNVVEUgZnN2ZXJpdHlfZGlnZXN0PTxIZXhEaWdlc3Qg PiBhY3Rpb249REVOWQo+ID4gPgo+ID4gPiBJUEUgdGFrZXMgdGhlIGRpZ2VzdCBwcm92aWRlZCBi eSB0aGlzIHNlY3VyaXR5IGhvb2ssIHN0b3JlcyBpdAo+ID4gPiBpbiBJUEUncyBzZWN1cml0eSBi bG9iIG9uIHRoZSBpbm9kZS4gSWYgdGhpcyBmaWxlIGlzIGxhdGVyCj4gPiA+IGV4ZWN1dGVkLCBJ UEUgY29tcGFyZXMgdGhlIGRpZ2VzdCBzdG9yZWQgaW4gdGhlIExTTSBibG9iLAo+ID4gPiBwcm92 aWRlZCBieSB0aGlzIGhvb2ssIGFnYWluc3QgPEhleERpZ2VzdD4gaW4gdGhlIHBvbGljeSwgaWYK PiA+ID4gaXQgbWF0Y2hlcywgaXQgZGVuaWVzIHRoZSBhY2Nlc3MsIHBlcmZvcm1pbmcgYSByZXZv Y2F0aW9uCj4gPiA+IG9mIHRoYXQgZmlsZS4KPiA+Cj4gPiBEbyB5b3UgaGF2ZSBhIGJldHRlciBl eGFtcGxlPyAgVGhpcyBvbmUgaXMgcHJldHR5IHVzZWxlc3Mgc2luY2Ugb25lIGNhbiBnZXQKPiA+ IGFyb3VuZCBpdCBqdXN0IGJ5IGV4ZWN1dGluZyBhIGZpbGUgdGhhdCBkb2Vzbid0IGhhdmUgZnMt dmVyaXR5IGVuYWJsZWQuCj4gCj4gSSB3YXMgd29uZGVyaW5nIGlmIHRoZSBmb2xsb3dpbmcgdXNl IGNhc2UgY2FuIGJlIHN1cHBvcnRlZDoKPiBhbGxvdyB0aGUgZXhlY3V0aW9uIG9mIGZpbGVzIHBy b3RlY3RlZCB3aXRoIGZzdmVyaXR5IGlmIHRoZSByb290Cj4gZGlnZXN0IGlzIGZvdW5kIGFtb25n IHJlZmVyZW5jZSB2YWx1ZXMgKGluc3RlYWQgb2YgcHJvdmlkaW5nCj4gdGhlbSBvbmUgYnkgb25l IGluIHRoZSBwb2xpY3kpLgo+IAo+IFNvbWV0aGluZyBsaWtlOgo+IAo+IG9wPUVYRUNVVEUgZnN2 ZXJpdHlfZGlnZXN0PWRpZ2xpbSBhY3Rpb249QUxMT1cKCkxvb2tzIGxpa2UgaXQgd29ya3MuIEkg bW9kaWZpZWQgSVBFIHRvIHF1ZXJ5IHRoZSByb290IGRpZ2VzdApvZiBhbiBmc3Zlcml0eS1wcm90 ZWN0ZWQgZmlsZSBpbiBESUdMSU0uCgojIGNhdCBpcGUtcG9saWN5CnBvbGljeV9uYW1lPSJBbGxv d0ZTVmVyaXR5S21vZHVsZXMiIHBvbGljeV92ZXJzaW9uPTAuMC4xCkRFRkFVTFQgYWN0aW9uPUFM TE9XCkRFRkFVTFQgb3A9S01PRFVMRSBhY3Rpb249REVOWQpvcD1LTU9EVUxFIGZzdmVyaXR5X2Rp Z2VzdD1kaWdsaW0gYWN0aW9uPUFMTE9XCgpJUEUgc2V0dXA6CiMgY2F0IGlwZS1wb2xpY3kucDdz ID4gL3N5cy9rZXJuZWwvc2VjdXJpdHkvaXBlL25ld19wb2xpY3kKIyBlY2hvIC1uIDEgPiAgL3N5 cy9rZXJuZWwvc2VjdXJpdHkvaXBlL3BvbGljaWVzL0FsbG93RlNWZXJpdHlLbW9kdWxlcy9hY3Rp dmUKIyBlY2hvIDEgPiAvc3lzL2tlcm5lbC9zZWN1cml0eS9pcGUvZW5mb3JjZQoKSVBFIGRlbmll cyBsb2FkaW5nIG9mIGtlcm5lbCBtb2R1bGVzIG5vdCBwcm90ZWN0ZWQgYnkgZnN2ZXJpdHk6CiMg aW5zbW9kICAvbGliL21vZHVsZXMvNS4xNS4wLXJjMSsva2VybmVsL2ZzL2ZhdC9mYXQua28KaW5z bW9kOiBFUlJPUjogY291bGQgbm90IGluc2VydCBtb2R1bGUgL2xpYi9tb2R1bGVzLzUuMTUuMC1y YzErL2tlcm5lbC9mcy9mYXQvZmF0LmtvOiBQZXJtaXNzaW9uIGRlbmllZAoKUHJvdGVjdCBmYXQu a28gd2l0aCBmc3Zlcml0eToKIyBjcCAvbGliL21vZHVsZXMvNS4xNS4wLXJjMSsva2VybmVsL2Zz L2ZhdC9mYXQua28gL2ZzdmVyaXR5CiMgZnN2ZXJpdHkgZW5hYmxlIC9mc3Zlcml0eS9mYXQua28K IyBmc3Zlcml0eSBtZWFzdXJlIC9mc3Zlcml0eS9mYXQua28Kc2hhMjU2OjA3OWJlNmQ4ODYzOGU1 ODE0MWVlMjRiYmE4OTgxMzkxN2M0NGZhYTU1YWRhNGJmNWQ4MDMzNWVmZTE1NDc4MDMgL2ZzdmVy aXR5L2ZhdC5rbwoKSVBFIHN0aWxsIGRlbmllcyB0aGUgbG9hZGluZyBvZiBmYXQua28gKHJvb3Qg ZGlnZXN0IG5vdCB1cGxvYWRlZCB0byB0aGUga2VybmVsKToKIyBpbnNtb2QgL2ZzdmVyaXR5L2Zh dC5rbwppbnNtb2Q6IEVSUk9SOiBjb3VsZCBub3QgaW5zZXJ0IG1vZHVsZSAvZnN2ZXJpdHkvZmF0 LmtvOiBQZXJtaXNzaW9uIGRlbmllZAoKR2VuZXJhdGUgYSBkaWdlc3QgbGlzdCB3aXRoIHRoZSBy b290IGRpZ2VzdCBhYm92ZSBhbmQgdXBsb2FkIGl0IHRvIHRoZSBrZXJuZWw6CiMgLi9jb21wYWN0 X2dlbiAtaSAwNzliZTZkODg2MzhlNTgxNDFlZTI0YmJhODk4MTM5MTdjNDRmYWE1NWFkYTRiZjVk ODAzMzVlZmUxNTQ3ODAzIC1hIHNoYTI1NiAtZCB0ZXN0IC1zIC10IGZpbGUgLWYKIyBlY2hvICRQ V0QvdGVzdC8wLWZpbGVfbGlzdC1jb21wYWN0LTA3OWJlNmQ4ODYzOGU1ODE0MWVlMjRiYmE4OTgx MzkxN2M0NGZhYTU1YWRhNGJmNWQ4MDMzNWVmZTE1NDc4MDMgPiAvc3lzL2tlcm5lbC9zZWN1cml0 eS9pbnRlZ3JpdHkvZGlnbGltL2RpZ2VzdF9saXN0X2FkZAoKSVBFIGFsbG93cyB0aGUgbG9hZGlu ZyBvZiBmYXQua286CiMgaW5zbW9kIC9mc3Zlcml0eS9mYXQua28KIwoKUmVnYXJkaW5nIGF1dGhl bnRpY2l0eSwgbm90IHNob3duIGluIHRoaXMgZGVtbywgSVBFIHdpbGwgYWxzbwplbnN1cmUgdGhh dCB0aGUgcm9vdCBkaWdlc3QgaXMgc2lnbmVkIChkaWdsaW1fZGlnZXN0X2dldF9pbmZvKCkKcmVw b3J0cyB0aGlzIGluZm9ybWF0aW9uKS4KClJvYmVydG8KCkhVQVdFSSBURUNITk9MT0dJRVMgRHVl c3NlbGRvcmYgR21iSCwgSFJCIDU2MDYzCk1hbmFnaW5nIERpcmVjdG9yOiBMaSBQZW5nLCBaaG9u ZyBSb25naHVhCgo+IERJR0xJTSBpcyBhIGNvbXBvbmVudCBJJ20gd29ya2luZyBvbiB0aGF0IGdl bmVyaWNhbGx5Cj4gc3RvcmVzIGRpZ2VzdHMuIFRoZSBjdXJyZW50IHVzZSBjYXNlIGlzIHRvIHN0 b3JlIGZpbGUgZGlnZXN0cwo+IGZyb20gUlBNVEFHX0ZJTEVESUdFU1RTIGFuZCB1c2UgdGhlbSB3 aXRoIElNQSwgYnV0Cj4gdGhlIGZzdmVyaXR5IHVzZSBjYXNlIGNvdWxkIGJlIGVhc2lseSBzdXBw b3J0ZWQgKGlmIHRoZSByb290Cj4gZGlnZXN0IGlzIHN0b3JlZCBpbiB0aGUgUlBNIGhlYWRlciku Cj4gCj4gRElHTElNIGFsc28gdGVsbHMgd2hldGhlciBvciBub3QgdGhlIHNpZ25hdHVyZSBvZiB0 aGUgc291cmNlCj4gY29udGFpbmluZyBmaWxlIGRpZ2VzdHMgKG9yIGZzdmVyaXR5IGRpZ2VzdHMp IGlzIHZhbGlkICh0aGUgc2lnbmF0dXJlCj4gb2YgdGhlIFJQTSBoZWFkZXIgaXMgdGFrZW4gZnJv bSBSUE1UQUdfUlNBSEVBREVSKS4KPiAKPiBUaGUgbWVtb3J5IG9jY3VwYXRpb24gaXMgcmVsYXRp dmVseSBzbWFsbCBmb3IgZXhlY3V0YWJsZXMKPiBhbmQgc2hhcmVkIGxpYnJhcmllcy4gSSBwdWJs aXNoZWQgYSBkZW1vIGZvciBGZWRvcmEgYW5kCj4gb3BlblNVU0Ugc29tZSB0aW1lIGFnbzoKPiAK PiBodHRwczovL2xvcmUua2VybmVsLm9yZy9saW51eC0KPiBpbnRlZ3JpdHkvNDhjZDczN2M1MDRk NDUyMDgzNzdkYWEyN2Q2MjU1MzFAaHVhd2VpLmNvbS8KPiAKPiBUaGFua3MKPiAKPiBSb2JlcnRv Cj4gCj4gSFVBV0VJIFRFQ0hOT0xPR0lFUyBEdWVzc2VsZG9yZiBHbWJILCBIUkIgNTYwNjMKPiBN YW5hZ2luZyBEaXJlY3RvcjogTGkgUGVuZywgWmhvbmcgUm9uZ2h1YQo+IAo+ID4gPiBUaGlzIGJy aW5ncyBtZSB0byB5b3VyIG5leHQgY29tbWVudDoKPiA+ID4KPiA+ID4gPiBUaGUgZGlnZXN0IGlz bid0IG1lYW5pbmdmdWwgd2l0aG91dCBrbm93aW5nIHRoZSBoYXNoIGFsZ29yaXRobSBpdCB1c2Vz Lgo+ID4gPiBJdCdzIGF2YWlsYWJsZSBoZXJlLCBidXQgeW91IGFyZW4ndCBwYXNzaW5nIGl0IHRv IHRoaXMgZnVuY3Rpb24uCj4gPiA+Cj4gPiA+IFRoZSBkaWdlc3QgaXMgbWVhbmluZ2Z1bCB3aXRo b3V0IHRoZSBhbGdvcml0aG0gaW4gdGhpcyBjYXNlLgo+ID4KPiA+IE5vLCBpdCdzIG5vdC4KPiA+ Cj4gPiBEaWdlc3RzIGFyZSBtZWFuaW5nbGVzcyB3aXRob3V0IGtub3dpbmcgd2hhdCBhbGdvcml0 aG0gdGhleSB3ZXJlIGNyZWF0ZWQKPiA+IHdpdGguCj4gPgo+ID4gSWYgeW91ciBzZWN1cml0eSBw b2xpY3kgaXMgc29tZXRoaW5nIGxpa2UgIlRydXN0IHRoZSBmaWxlIHdpdGggZGlnZXN0ICRmb28i IGFuZAo+ID4gbXVsdGlwbGUgaGFzaCBhbGdvcml0aG1zIGFyZSBwb3NzaWJsZSwgdGhlbiB0aGUg YWxvcml0aG0gaW50ZW5kZWQgdG8gYmUgdXNlZAo+ID4gbmVlZHMgdG8gYmUgZXhwbGljaXRseSBz cGVjaWZpZWQuICBPdGhlcndpc2UgYW55IGFsZ29yaXRobSB3aXRoIHRoZSBzYW1lIGxlbmd0aAo+ ID4gZGlnZXN0IHdpbGwgYmUgYWNjZXB0ZWQuICBUaGF0J3MgYSBmYXRhbCBmbGF3IGlmIGFueSBv ZiB0aGVzZSBhbGdvcml0aG1zIGlzCj4gPiBjcnlwdG9ncmFwaGljYWxseSBicm9rZW4gb3Igd2Fz IG5ldmVyIGludGVuZGVkIHRvIGJlIGEgY3J5cHRvZ3JhcGhpYwo+IGFsZ29yaXRobQo+ID4gaW4g dGhlIGZpcnN0IHBsYWNlIChlLmcuLCBhIG5vbi1jcnlwdG9ncmFwaGljIGNoZWNrc3VtKS4KPiA+ Cj4gPiBDcnlwdG9zeXN0ZW1zIGFsd2F5cyBuZWVkIHRvIHNwZWNpZnkgdGhlIGNyeXB0byBhbGdv cml0aG0ocykgdXNlZDsgdGhlCj4gPiBhZHZlcnNhcnkKPiA+IG11c3Qgbm90IGJlIGFsbG93ZWQg dG8gY2hvb3NlIHRoZSBhbGdvcml0aG1zLgo+ID4KPiA+IEknbSBub3Qgc3VyZSBob3cgdGhlc2Ug cGF0Y2hlcyBjYW4gYmUgdGFrZW4gc2VyaW91c2x5IHdoZW4gdGhleSdyZSBnZXR0aW5nCj4gdGhp cwo+ID4gc29ydCBvZiB0aGluZyB3cm9uZy4KPiA+Cj4gPiA+ID4gPiArCj4gCUZTX1ZFUklUWV9T SUdOQVRVUkVfU0VDX05BTUUsCj4gPiA+ID4gPiArCQkJCQlzaWduYXR1cmUsIHNpZ19zaXplLCAw KTsKPiA+ID4gPiBUaGlzIGlzIG9ubHkgZm9yIGZzLXZlcml0eSBidWlsdC1pbiBzaWduYXR1cmVz IHdoaWNoIGFyZW4ndCB0aGUgb25seSB3YXkgdG8gZG8KPiA+ID4gPiBzaWduYXR1cmVzIHdpdGgg ZnMtdmVyaXR5LiAgQXJlIHlvdSBzdXJlIHRoaXMgaXMgd2hhdCB5b3UncmUgbG9va2luZyBmb3I/ Cj4gPiA+Cj4gPiA+IENvdWxkIHlvdSBlbGFib3JhdGUgb24gdGhlIG90aGVyIHNpZ25hdHVyZSB0 eXBlcyB0aGF0IGNhbiBiZSB1c2VkCj4gPiA+IHdpdGggZnMtdmVyaXR5PyBJ4oCZbSA5OSUgc3Vy ZSB0aGlzIGlzIHdoYXQgSeKAmW0gbG9va2luZyBmb3IgYXMgdGhpcwo+ID4gPiBpcyBhIHNpZ25h dHVyZSB2YWxpZGF0ZWQgaW4gdGhlIGtlcm5lbCBhZ2FpbnN0IHRoZSBmcy12ZXJpdHkga2V5cmlu Zwo+ID4gPiBhcyBwYXJ0IG9mIHRoZSDigJxmc3Zlcml0eSBlbmFibGXigJ0gdXRpbGl0eS4KPiA+ ID4KPiA+ID4gSXQncyBpbXBvcnRhbnQgdGhhdCB0aGUgc2lnbmF0dXJlIGlzIHZhbGlkYXRlZCBp biB0aGUga2VybmVsLCBhcwo+ID4gPiB1c2Vyc3BhY2UgaXMgY29uc2lkZXJlZCB1bnRydXN0ZWQg dW50aWwgdGhlIHNpZ25hdHVyZSBpcyB2YWxpZGF0ZWQKPiA+ID4gZm9yIHRoaXMgY2FzZS4KPiA+ ID4KPiA+ID4gPiBDYW4geW91IGVsYWJvcmF0ZSBvbiB5b3VyIHVzZSBjYXNlIGZvciBmcy12ZXJp dHkgYnVpbHQtaW4gc2lnbmF0dXJlcywKPiA+ID4gU3VyZSwgc2lnbmF0dXJlcywgbGlrZSBkaWdl c3RzLCBhbHNvIHByb3ZpZGUgYSB3YXkgdG8gcHJvdmUgaW50ZWdyaXR5LAo+ID4gPiBhbmQgdGhl IHRydXN0IGNvbXBvbmVudCBjb21lcyBmcm9tIHRoZSB2YWxpZGF0aW9uIGFnYWluc3QgdGhlIGtl eXJpbmcsCj4gPiA+IGFzIG9wcG9zZWQgdG8gYSBmaXhlZCB2YWx1ZSBpbiBJUEXigJlzIHBvbGlj eS4gVGhlIHVzZSBjYXNlIGZvciBmcy12ZXJpdHkKPiA+ID4gYnVpbHQtaW4gc2lnbmF0dXJlcyBp cyB0aGF0IHdlIGhhdmUgYSBydyBleHQ0IGZpbGVzeXN0ZW0gdGhhdCBoYXMgc29tZQo+ID4gPiBl eGVjdXRhYmxlIGZpbGVzLCBhbmQgd2Ugd2FudCB0byBoYXZlIGEgZXhlY3V0aW9uIHBvbGljeSAo dGhyb3VnaCBJUEUpCj4gPiA+IHRoYXQgb25seSBfdHJ1c3RlZF8gZXhlY3V0YWJsZXMgY2FuIHJ1 bi4gUGVyZiBpcyBpbXBvcnRhbnQgaGVyZSwgaGVuY2UKPiA+ID4gZnMtdmVyaXR5Lgo+ID4KPiA+ IE1vc3QgdXNlcnMgb2YgZnMtdmVyaXR5IGJ1aWx0LWluIHNpZ25hdHVyZXMgaGF2ZSBhY3R1YWxs eSBiZWVuIGVuZm9yY2luZyB0aGVpcgo+ID4gc2VjdXJpdHkgcG9saWN5IGluIHVzZXJzcGFjZSwg YnkgY2hlY2tpbmcgd2hldGhlciBzcGVjaWZpYyBmaWxlcyBoYXZlIHRoZQo+ID4gZnMtdmVyaXR5 IGJpdCBzZXQgb3Igbm90LiAgU3VjaCB1c2VycyBjb3VsZCBqdXN0IHN0b3JlIGFuZCB2ZXJpZnkg c2lnbmF0dXJlcyBpbgo+ID4gdXNlcnNwYWNlIGluc3RlYWQsIHdpdGhvdXQgYW55IGtlcm5lbCBp bnZvbHZlbWVudC4gIFNvIHRoYXQncyB3aGF0IEkndmUgYmVlbgo+ID4gcmVjb21tZW5kaW5nICh3 aXRoIGxpbWl0ZWQgc3VjY2VzcywgdW5mb3J0dW5hdGVseSkuCj4gPgo+ID4gSWYgeW91IHJlYWxs eSBkbyBuZWVkIGluLWtlcm5lbCBzaWduYXR1cmUgdmVyaWZpY2F0aW9uLCB0aGVuIHRoYXQgbWF5 IGJlIGEKPiA+IGxlZ2l0aW1hdGUgdXNlIGNhc2UgZm9yIHRoZSBmcy12ZXJpdHkgYnVpbHQtaW4g c2lnbmF0dXJlcywgYWx0aG91Z2ggSSBkbyB3b25kZXIKPiA+IHdoeSB5b3UgYXJlbid0IHVzaW5n IElNQSBhbmQgaXRzIHNpZ25hdHVyZSBtZWNoYW5pc20gaW5zdGVhZC4KPiA+Cj4gPiAtIEVyaWMK Ci0tCkxpbnV4LWF1ZGl0IG1haWxpbmcgbGlzdApMaW51eC1hdWRpdEByZWRoYXQuY29tCmh0dHBz Oi8vbGlzdG1hbi5yZWRoYXQuY29tL21haWxtYW4vbGlzdGluZm8vbGludXgtYXVkaXQ= From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id 02151C433F5 for ; Fri, 22 Oct 2021 16:31:11 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by mail.kernel.org (Postfix) with ESMTP id CEFE7611CB for ; Fri, 22 Oct 2021 16:31:10 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S231862AbhJVQdY (ORCPT ); Fri, 22 Oct 2021 12:33:24 -0400 Received: from frasgout.his.huawei.com ([185.176.79.56]:4025 "EHLO frasgout.his.huawei.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S229968AbhJVQdY (ORCPT ); Fri, 22 Oct 2021 12:33:24 -0400 Received: from fraeml711-chm.china.huawei.com (unknown [172.18.147.201]) by frasgout.his.huawei.com (SkyGuard) with ESMTP id 4HbVBg2v7pz67Nc8; Sat, 23 Oct 2021 00:27:55 +0800 (CST) Received: from fraeml714-chm.china.huawei.com (10.206.15.33) by fraeml711-chm.china.huawei.com (10.206.15.60) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2308.15; Fri, 22 Oct 2021 18:31:02 +0200 Received: from fraeml714-chm.china.huawei.com ([10.206.15.33]) by fraeml714-chm.china.huawei.com ([10.206.15.33]) with mapi id 15.01.2308.015; Fri, 22 Oct 2021 18:31:02 +0200 From: Roberto Sassu To: Eric Biggers , Deven Bowers CC: "corbet@lwn.net" , "axboe@kernel.dk" , "agk@redhat.com" , "snitzer@redhat.com" , "tytso@mit.edu" , "paul@paul-moore.com" , "eparis@redhat.com" , "jmorris@namei.org" , "serge@hallyn.com" , "jannh@google.com" , "dm-devel@redhat.com" , "linux-doc@vger.kernel.org" , "linux-kernel@vger.kernel.org" , "linux-block@vger.kernel.org" , "linux-fscrypt@vger.kernel.org" , "linux-audit@redhat.com" , "linux-security-module@vger.kernel.org" , "linux-integrity@vger.kernel.org" Subject: RE: [RFC PATCH v7 12/16] fsverity|security: add security hooks to fsverity digest and signature Thread-Topic: [RFC PATCH v7 12/16] fsverity|security: add security hooks to fsverity digest and signature Thread-Index: AQHXwGWUN6BqcPCg3Uma5jdt5usPz6vRLYAAgAMlHYCAAAy0gIAHoD6wgAM9LeA= Date: Fri, 22 Oct 2021 16:31:02 +0000 Message-ID: References: <1634151995-16266-1-git-send-email-deven.desai@linux.microsoft.com> <1634151995-16266-13-git-send-email-deven.desai@linux.microsoft.com> <9089bdb0-b28a-9fa0-c510-00fa275af621@linux.microsoft.com> <5c1f800ba554485cb3659da689d2079a@huawei.com> In-Reply-To: <5c1f800ba554485cb3659da689d2079a@huawei.com> Accept-Language: en-US Content-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: x-originating-ip: [10.221.98.153] Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: base64 MIME-Version: 1.0 X-CFilter-Loop: Reflected Precedence: bulk List-ID: X-Mailing-List: linux-block@vger.kernel.org PiBGcm9tOiBSb2JlcnRvIFNhc3N1IFttYWlsdG86cm9iZXJ0by5zYXNzdUBodWF3ZWkuY29tXQ0K PiBTZW50OiBXZWRuZXNkYXksIE9jdG9iZXIgMjAsIDIwMjEgNTowOSBQTQ0KPiA+IEZyb206IEVy aWMgQmlnZ2VycyBbbWFpbHRvOmViaWdnZXJzQGtlcm5lbC5vcmddDQo+ID4gU2VudDogRnJpZGF5 LCBPY3RvYmVyIDE1LCAyMDIxIDEwOjExIFBNDQo+ID4gT24gRnJpLCBPY3QgMTUsIDIwMjEgYXQg MTI6MjU6NTNQTSAtMDcwMCwgRGV2ZW4gQm93ZXJzIHdyb3RlOg0KPiA+ID4NCj4gPiA+IE9uIDEw LzEzLzIwMjEgMTI6MjQgUE0sIEVyaWMgQmlnZ2VycyB3cm90ZToNCj4gPiA+ID4gT24gV2VkLCBP Y3QgMTMsIDIwMjEgYXQgMTI6MDY6MzFQTSAtMDcwMCwNCj4gPiBkZXZlbi5kZXNhaUBsaW51eC5t aWNyb3NvZnQuY29tIHdyb3RlOg0KPiA+ID4gPiA+IEZyb206IEZhbiBXdSA8d3VmYW5AbGludXgu bWljcm9zb2Z0LmNvbT4NCj4gPiA+ID4gPg0KPiA+ID4gPiA+IEFkZCBzZWN1cml0eV9pbm9kZV9z ZXRzZWN1cml0eSB0byBmc3Zlcml0eSBzaWduYXR1cmUgdmVyaWZpY2F0aW9uLg0KPiA+ID4gPiA+ IFRoaXMgY2FuIGxldCBMU01zIHNhdmUgdGhlIHNpZ25hdHVyZSBkYXRhIGFuZCBkaWdlc3QgaGFz aGVzIHByb3ZpZGVkDQo+ID4gPiA+ID4gYnkgZnN2ZXJpdHkuDQo+ID4gPiA+IENhbiB5b3UgZWxh Ym9yYXRlIG9uIHdoeSBMU01zIG5lZWQgdGhpcyBpbmZvcm1hdGlvbj8NCj4gPiA+DQo+ID4gPiBU aGUgcHJvcG9zZWQgTFNNIChJUEUpIG9mIHRoaXMgc2VyaWVzIHdpbGwgYmUgdGhlIG9ubHkgb25l IHRvIG5lZWQNCj4gPiA+IHRoaXMgaW5mb3JtYXRpb24gYXQgdGhlwqAgbW9tZW50LiBJUEXigJlz IGdvYWwgaXMgdG8gaGF2ZSBwcm92aWRlDQo+ID4gPiB0cnVzdC1iYXNlZCBhY2Nlc3MgY29udHJv bC4gVHJ1c3QgYW5kIEludGVncml0eSBhcmUgdGllZCB0b2dldGhlciwNCj4gPiA+IGFzIHlvdSBj YW5ub3QgcHJvdmUgdHJ1c3Qgd2l0aG91dCBwcm92aW5nIGludGVncml0eS4NCj4gPg0KPiA+IEkg dGhpbmsgeW91IG1lYW4gYXV0aGVudGljaXR5LCBub3QgaW50ZWdyaXR5Pw0KPiA+DQo+ID4gQWxz byBob3cgZG9lcyB0aGlzIGRpZmZlciBmcm9tIElNQT8gIEkga25vdyB0aGF0IElNQSBkb2Vzbid0 IHN1cHBvcnQgZnMtdmVyaXR5DQo+ID4gZmlsZSBoYXNoZXMsIGJ1dCB0aGF0IGNvdWxkIGJlIGNo YW5nZWQuICBXaHkgbm90IGV4dGVuZCBJTUEgdG8gY292ZXIgeW91ciB1c2UNCj4gPiBjYXNlKHMp Pw0KPiA+DQo+ID4gPiBJUEUgbmVlZHMgdGhlIGRpZ2VzdCBpbmZvcm1hdGlvbiB0byBiZSBhYmxl IHRvIGNvbXBhcmUgYSBkaWdlc3QNCj4gPiA+IHByb3ZpZGVkIGJ5IHRoZSBwb2xpY3kgYXV0aG9y LCBhZ2FpbnN0IHRoZSBkaWdlc3QgY2FsY3VsYXRlZCBieQ0KPiA+ID4gZnN2ZXJpdHkgdG8gbWFr ZSBhIGRlY2lzaW9uIG9uIHdoZXRoZXIgdGhhdCBzcGVjaWZpYyBmaWxlLCByZXByZXNlbnRlZA0K PiA+ID4gYnkgdGhlIGRpZ2VzdCBpcyBhdXRob3JpemVkIGZvciB0aGUgYWN0aW9ucyBzcGVjaWZp ZWQgaW4gdGhlIHBvbGljeS4NCj4gPiA+DQo+ID4gPiBBIG1vcmUgY29uY3JldGUgZXhhbXBsZSwg aWYgYW4gSVBFIHBvbGljeSBhdXRob3Igd3JpdGVzOg0KPiA+ID4NCj4gPiA+IMKgwqDCoCBvcD1F WEVDVVRFIGZzdmVyaXR5X2RpZ2VzdD08SGV4RGlnZXN0ID4gYWN0aW9uPURFTlkNCj4gPiA+DQo+ ID4gPiBJUEUgdGFrZXMgdGhlIGRpZ2VzdCBwcm92aWRlZCBieSB0aGlzIHNlY3VyaXR5IGhvb2ss IHN0b3JlcyBpdA0KPiA+ID4gaW4gSVBFJ3Mgc2VjdXJpdHkgYmxvYiBvbiB0aGUgaW5vZGUuIElm IHRoaXMgZmlsZSBpcyBsYXRlcg0KPiA+ID4gZXhlY3V0ZWQsIElQRSBjb21wYXJlcyB0aGUgZGln ZXN0IHN0b3JlZCBpbiB0aGUgTFNNIGJsb2IsDQo+ID4gPiBwcm92aWRlZCBieSB0aGlzIGhvb2ss IGFnYWluc3QgPEhleERpZ2VzdD4gaW4gdGhlIHBvbGljeSwgaWYNCj4gPiA+IGl0IG1hdGNoZXMs IGl0IGRlbmllcyB0aGUgYWNjZXNzLCBwZXJmb3JtaW5nIGEgcmV2b2NhdGlvbg0KPiA+ID4gb2Yg dGhhdCBmaWxlLg0KPiA+DQo+ID4gRG8geW91IGhhdmUgYSBiZXR0ZXIgZXhhbXBsZT8gIFRoaXMg b25lIGlzIHByZXR0eSB1c2VsZXNzIHNpbmNlIG9uZSBjYW4gZ2V0DQo+ID4gYXJvdW5kIGl0IGp1 c3QgYnkgZXhlY3V0aW5nIGEgZmlsZSB0aGF0IGRvZXNuJ3QgaGF2ZSBmcy12ZXJpdHkgZW5hYmxl ZC4NCj4gDQo+IEkgd2FzIHdvbmRlcmluZyBpZiB0aGUgZm9sbG93aW5nIHVzZSBjYXNlIGNhbiBi ZSBzdXBwb3J0ZWQ6DQo+IGFsbG93IHRoZSBleGVjdXRpb24gb2YgZmlsZXMgcHJvdGVjdGVkIHdp dGggZnN2ZXJpdHkgaWYgdGhlIHJvb3QNCj4gZGlnZXN0IGlzIGZvdW5kIGFtb25nIHJlZmVyZW5j ZSB2YWx1ZXMgKGluc3RlYWQgb2YgcHJvdmlkaW5nDQo+IHRoZW0gb25lIGJ5IG9uZSBpbiB0aGUg cG9saWN5KS4NCj4gDQo+IFNvbWV0aGluZyBsaWtlOg0KPiANCj4gb3A9RVhFQ1VURSBmc3Zlcml0 eV9kaWdlc3Q9ZGlnbGltIGFjdGlvbj1BTExPVw0KDQpMb29rcyBsaWtlIGl0IHdvcmtzLiBJIG1v ZGlmaWVkIElQRSB0byBxdWVyeSB0aGUgcm9vdCBkaWdlc3QNCm9mIGFuIGZzdmVyaXR5LXByb3Rl Y3RlZCBmaWxlIGluIERJR0xJTS4NCg0KIyBjYXQgaXBlLXBvbGljeQ0KcG9saWN5X25hbWU9IkFs bG93RlNWZXJpdHlLbW9kdWxlcyIgcG9saWN5X3ZlcnNpb249MC4wLjENCkRFRkFVTFQgYWN0aW9u PUFMTE9XDQpERUZBVUxUIG9wPUtNT0RVTEUgYWN0aW9uPURFTlkNCm9wPUtNT0RVTEUgZnN2ZXJp dHlfZGlnZXN0PWRpZ2xpbSBhY3Rpb249QUxMT1cNCg0KSVBFIHNldHVwOg0KIyBjYXQgaXBlLXBv bGljeS5wN3MgPiAvc3lzL2tlcm5lbC9zZWN1cml0eS9pcGUvbmV3X3BvbGljeQ0KIyBlY2hvIC1u IDEgPiAgL3N5cy9rZXJuZWwvc2VjdXJpdHkvaXBlL3BvbGljaWVzL0FsbG93RlNWZXJpdHlLbW9k dWxlcy9hY3RpdmUNCiMgZWNobyAxID4gL3N5cy9rZXJuZWwvc2VjdXJpdHkvaXBlL2VuZm9yY2UN Cg0KSVBFIGRlbmllcyBsb2FkaW5nIG9mIGtlcm5lbCBtb2R1bGVzIG5vdCBwcm90ZWN0ZWQgYnkg ZnN2ZXJpdHk6DQojIGluc21vZCAgL2xpYi9tb2R1bGVzLzUuMTUuMC1yYzErL2tlcm5lbC9mcy9m YXQvZmF0LmtvDQppbnNtb2Q6IEVSUk9SOiBjb3VsZCBub3QgaW5zZXJ0IG1vZHVsZSAvbGliL21v ZHVsZXMvNS4xNS4wLXJjMSsva2VybmVsL2ZzL2ZhdC9mYXQua286IFBlcm1pc3Npb24gZGVuaWVk DQoNClByb3RlY3QgZmF0LmtvIHdpdGggZnN2ZXJpdHk6DQojIGNwIC9saWIvbW9kdWxlcy81LjE1 LjAtcmMxKy9rZXJuZWwvZnMvZmF0L2ZhdC5rbyAvZnN2ZXJpdHkNCiMgZnN2ZXJpdHkgZW5hYmxl IC9mc3Zlcml0eS9mYXQua28NCiMgZnN2ZXJpdHkgbWVhc3VyZSAvZnN2ZXJpdHkvZmF0LmtvDQpz aGEyNTY6MDc5YmU2ZDg4NjM4ZTU4MTQxZWUyNGJiYTg5ODEzOTE3YzQ0ZmFhNTVhZGE0YmY1ZDgw MzM1ZWZlMTU0NzgwMyAvZnN2ZXJpdHkvZmF0LmtvDQoNCklQRSBzdGlsbCBkZW5pZXMgdGhlIGxv YWRpbmcgb2YgZmF0LmtvIChyb290IGRpZ2VzdCBub3QgdXBsb2FkZWQgdG8gdGhlIGtlcm5lbCk6 DQojIGluc21vZCAvZnN2ZXJpdHkvZmF0LmtvDQppbnNtb2Q6IEVSUk9SOiBjb3VsZCBub3QgaW5z ZXJ0IG1vZHVsZSAvZnN2ZXJpdHkvZmF0LmtvOiBQZXJtaXNzaW9uIGRlbmllZA0KDQpHZW5lcmF0 ZSBhIGRpZ2VzdCBsaXN0IHdpdGggdGhlIHJvb3QgZGlnZXN0IGFib3ZlIGFuZCB1cGxvYWQgaXQg dG8gdGhlIGtlcm5lbDoNCiMgLi9jb21wYWN0X2dlbiAtaSAwNzliZTZkODg2MzhlNTgxNDFlZTI0 YmJhODk4MTM5MTdjNDRmYWE1NWFkYTRiZjVkODAzMzVlZmUxNTQ3ODAzIC1hIHNoYTI1NiAtZCB0 ZXN0IC1zIC10IGZpbGUgLWYNCiMgZWNobyAkUFdEL3Rlc3QvMC1maWxlX2xpc3QtY29tcGFjdC0w NzliZTZkODg2MzhlNTgxNDFlZTI0YmJhODk4MTM5MTdjNDRmYWE1NWFkYTRiZjVkODAzMzVlZmUx NTQ3ODAzID4gL3N5cy9rZXJuZWwvc2VjdXJpdHkvaW50ZWdyaXR5L2RpZ2xpbS9kaWdlc3RfbGlz dF9hZGQNCg0KSVBFIGFsbG93cyB0aGUgbG9hZGluZyBvZiBmYXQua286DQojIGluc21vZCAvZnN2 ZXJpdHkvZmF0LmtvDQojDQoNClJlZ2FyZGluZyBhdXRoZW50aWNpdHksIG5vdCBzaG93biBpbiB0 aGlzIGRlbW8sIElQRSB3aWxsIGFsc28NCmVuc3VyZSB0aGF0IHRoZSByb290IGRpZ2VzdCBpcyBz aWduZWQgKGRpZ2xpbV9kaWdlc3RfZ2V0X2luZm8oKQ0KcmVwb3J0cyB0aGlzIGluZm9ybWF0aW9u KS4NCg0KUm9iZXJ0bw0KDQpIVUFXRUkgVEVDSE5PTE9HSUVTIER1ZXNzZWxkb3JmIEdtYkgsIEhS QiA1NjA2Mw0KTWFuYWdpbmcgRGlyZWN0b3I6IExpIFBlbmcsIFpob25nIFJvbmdodWENCg0KPiBE SUdMSU0gaXMgYSBjb21wb25lbnQgSSdtIHdvcmtpbmcgb24gdGhhdCBnZW5lcmljYWxseQ0KPiBz dG9yZXMgZGlnZXN0cy4gVGhlIGN1cnJlbnQgdXNlIGNhc2UgaXMgdG8gc3RvcmUgZmlsZSBkaWdl c3RzDQo+IGZyb20gUlBNVEFHX0ZJTEVESUdFU1RTIGFuZCB1c2UgdGhlbSB3aXRoIElNQSwgYnV0 DQo+IHRoZSBmc3Zlcml0eSB1c2UgY2FzZSBjb3VsZCBiZSBlYXNpbHkgc3VwcG9ydGVkIChpZiB0 aGUgcm9vdA0KPiBkaWdlc3QgaXMgc3RvcmVkIGluIHRoZSBSUE0gaGVhZGVyKS4NCj4gDQo+IERJ R0xJTSBhbHNvIHRlbGxzIHdoZXRoZXIgb3Igbm90IHRoZSBzaWduYXR1cmUgb2YgdGhlIHNvdXJj ZQ0KPiBjb250YWluaW5nIGZpbGUgZGlnZXN0cyAob3IgZnN2ZXJpdHkgZGlnZXN0cykgaXMgdmFs aWQgKHRoZSBzaWduYXR1cmUNCj4gb2YgdGhlIFJQTSBoZWFkZXIgaXMgdGFrZW4gZnJvbSBSUE1U QUdfUlNBSEVBREVSKS4NCj4gDQo+IFRoZSBtZW1vcnkgb2NjdXBhdGlvbiBpcyByZWxhdGl2ZWx5 IHNtYWxsIGZvciBleGVjdXRhYmxlcw0KPiBhbmQgc2hhcmVkIGxpYnJhcmllcy4gSSBwdWJsaXNo ZWQgYSBkZW1vIGZvciBGZWRvcmEgYW5kDQo+IG9wZW5TVVNFIHNvbWUgdGltZSBhZ286DQo+IA0K PiBodHRwczovL2xvcmUua2VybmVsLm9yZy9saW51eC0NCj4gaW50ZWdyaXR5LzQ4Y2Q3MzdjNTA0 ZDQ1MjA4Mzc3ZGFhMjdkNjI1NTMxQGh1YXdlaS5jb20vDQo+IA0KPiBUaGFua3MNCj4gDQo+IFJv YmVydG8NCj4gDQo+IEhVQVdFSSBURUNITk9MT0dJRVMgRHVlc3NlbGRvcmYgR21iSCwgSFJCIDU2 MDYzDQo+IE1hbmFnaW5nIERpcmVjdG9yOiBMaSBQZW5nLCBaaG9uZyBSb25naHVhDQo+IA0KPiA+ ID4gVGhpcyBicmluZ3MgbWUgdG8geW91ciBuZXh0IGNvbW1lbnQ6DQo+ID4gPg0KPiA+ID4gPiBU aGUgZGlnZXN0IGlzbid0IG1lYW5pbmdmdWwgd2l0aG91dCBrbm93aW5nIHRoZSBoYXNoIGFsZ29y aXRobSBpdCB1c2VzLg0KPiA+ID4gSXQncyBhdmFpbGFibGUgaGVyZSwgYnV0IHlvdSBhcmVuJ3Qg cGFzc2luZyBpdCB0byB0aGlzIGZ1bmN0aW9uLg0KPiA+ID4NCj4gPiA+IFRoZSBkaWdlc3QgaXMg bWVhbmluZ2Z1bCB3aXRob3V0IHRoZSBhbGdvcml0aG0gaW4gdGhpcyBjYXNlLg0KPiA+DQo+ID4g Tm8sIGl0J3Mgbm90Lg0KPiA+DQo+ID4gRGlnZXN0cyBhcmUgbWVhbmluZ2xlc3Mgd2l0aG91dCBr bm93aW5nIHdoYXQgYWxnb3JpdGhtIHRoZXkgd2VyZSBjcmVhdGVkDQo+ID4gd2l0aC4NCj4gPg0K PiA+IElmIHlvdXIgc2VjdXJpdHkgcG9saWN5IGlzIHNvbWV0aGluZyBsaWtlICJUcnVzdCB0aGUg ZmlsZSB3aXRoIGRpZ2VzdCAkZm9vIiBhbmQNCj4gPiBtdWx0aXBsZSBoYXNoIGFsZ29yaXRobXMg YXJlIHBvc3NpYmxlLCB0aGVuIHRoZSBhbG9yaXRobSBpbnRlbmRlZCB0byBiZSB1c2VkDQo+ID4g bmVlZHMgdG8gYmUgZXhwbGljaXRseSBzcGVjaWZpZWQuICBPdGhlcndpc2UgYW55IGFsZ29yaXRo bSB3aXRoIHRoZSBzYW1lIGxlbmd0aA0KPiA+IGRpZ2VzdCB3aWxsIGJlIGFjY2VwdGVkLiAgVGhh dCdzIGEgZmF0YWwgZmxhdyBpZiBhbnkgb2YgdGhlc2UgYWxnb3JpdGhtcyBpcw0KPiA+IGNyeXB0 b2dyYXBoaWNhbGx5IGJyb2tlbiBvciB3YXMgbmV2ZXIgaW50ZW5kZWQgdG8gYmUgYSBjcnlwdG9n cmFwaGljDQo+IGFsZ29yaXRobQ0KPiA+IGluIHRoZSBmaXJzdCBwbGFjZSAoZS5nLiwgYSBub24t Y3J5cHRvZ3JhcGhpYyBjaGVja3N1bSkuDQo+ID4NCj4gPiBDcnlwdG9zeXN0ZW1zIGFsd2F5cyBu ZWVkIHRvIHNwZWNpZnkgdGhlIGNyeXB0byBhbGdvcml0aG0ocykgdXNlZDsgdGhlDQo+ID4gYWR2 ZXJzYXJ5DQo+ID4gbXVzdCBub3QgYmUgYWxsb3dlZCB0byBjaG9vc2UgdGhlIGFsZ29yaXRobXMu DQo+ID4NCj4gPiBJJ20gbm90IHN1cmUgaG93IHRoZXNlIHBhdGNoZXMgY2FuIGJlIHRha2VuIHNl cmlvdXNseSB3aGVuIHRoZXkncmUgZ2V0dGluZw0KPiB0aGlzDQo+ID4gc29ydCBvZiB0aGluZyB3 cm9uZy4NCj4gPg0KPiA+ID4gPiA+ICsNCj4gCUZTX1ZFUklUWV9TSUdOQVRVUkVfU0VDX05BTUUs DQo+ID4gPiA+ID4gKwkJCQkJc2lnbmF0dXJlLCBzaWdfc2l6ZSwgMCk7DQo+ID4gPiA+IFRoaXMg aXMgb25seSBmb3IgZnMtdmVyaXR5IGJ1aWx0LWluIHNpZ25hdHVyZXMgd2hpY2ggYXJlbid0IHRo ZSBvbmx5IHdheSB0byBkbw0KPiA+ID4gPiBzaWduYXR1cmVzIHdpdGggZnMtdmVyaXR5LiAgQXJl IHlvdSBzdXJlIHRoaXMgaXMgd2hhdCB5b3UncmUgbG9va2luZyBmb3I/DQo+ID4gPg0KPiA+ID4g Q291bGQgeW91IGVsYWJvcmF0ZSBvbiB0aGUgb3RoZXIgc2lnbmF0dXJlIHR5cGVzIHRoYXQgY2Fu IGJlIHVzZWQNCj4gPiA+IHdpdGggZnMtdmVyaXR5PyBJ4oCZbSA5OSUgc3VyZSB0aGlzIGlzIHdo YXQgSeKAmW0gbG9va2luZyBmb3IgYXMgdGhpcw0KPiA+ID4gaXMgYSBzaWduYXR1cmUgdmFsaWRh dGVkIGluIHRoZSBrZXJuZWwgYWdhaW5zdCB0aGUgZnMtdmVyaXR5IGtleXJpbmcNCj4gPiA+IGFz IHBhcnQgb2YgdGhlIOKAnGZzdmVyaXR5IGVuYWJsZeKAnSB1dGlsaXR5Lg0KPiA+ID4NCj4gPiA+ IEl0J3MgaW1wb3J0YW50IHRoYXQgdGhlIHNpZ25hdHVyZSBpcyB2YWxpZGF0ZWQgaW4gdGhlIGtl cm5lbCwgYXMNCj4gPiA+IHVzZXJzcGFjZSBpcyBjb25zaWRlcmVkIHVudHJ1c3RlZCB1bnRpbCB0 aGUgc2lnbmF0dXJlIGlzIHZhbGlkYXRlZA0KPiA+ID4gZm9yIHRoaXMgY2FzZS4NCj4gPiA+DQo+ ID4gPiA+IENhbiB5b3UgZWxhYm9yYXRlIG9uIHlvdXIgdXNlIGNhc2UgZm9yIGZzLXZlcml0eSBi dWlsdC1pbiBzaWduYXR1cmVzLA0KPiA+ID4gU3VyZSwgc2lnbmF0dXJlcywgbGlrZSBkaWdlc3Rz LCBhbHNvIHByb3ZpZGUgYSB3YXkgdG8gcHJvdmUgaW50ZWdyaXR5LA0KPiA+ID4gYW5kIHRoZSB0 cnVzdCBjb21wb25lbnQgY29tZXMgZnJvbSB0aGUgdmFsaWRhdGlvbiBhZ2FpbnN0IHRoZSBrZXly aW5nLA0KPiA+ID4gYXMgb3Bwb3NlZCB0byBhIGZpeGVkIHZhbHVlIGluIElQReKAmXMgcG9saWN5 LiBUaGUgdXNlIGNhc2UgZm9yIGZzLXZlcml0eQ0KPiA+ID4gYnVpbHQtaW4gc2lnbmF0dXJlcyBp cyB0aGF0IHdlIGhhdmUgYSBydyBleHQ0IGZpbGVzeXN0ZW0gdGhhdCBoYXMgc29tZQ0KPiA+ID4g ZXhlY3V0YWJsZSBmaWxlcywgYW5kIHdlIHdhbnQgdG8gaGF2ZSBhIGV4ZWN1dGlvbiBwb2xpY3kg KHRocm91Z2ggSVBFKQ0KPiA+ID4gdGhhdCBvbmx5IF90cnVzdGVkXyBleGVjdXRhYmxlcyBjYW4g cnVuLiBQZXJmIGlzIGltcG9ydGFudCBoZXJlLCBoZW5jZQ0KPiA+ID4gZnMtdmVyaXR5Lg0KPiA+ DQo+ID4gTW9zdCB1c2VycyBvZiBmcy12ZXJpdHkgYnVpbHQtaW4gc2lnbmF0dXJlcyBoYXZlIGFj dHVhbGx5IGJlZW4gZW5mb3JjaW5nIHRoZWlyDQo+ID4gc2VjdXJpdHkgcG9saWN5IGluIHVzZXJz cGFjZSwgYnkgY2hlY2tpbmcgd2hldGhlciBzcGVjaWZpYyBmaWxlcyBoYXZlIHRoZQ0KPiA+IGZz LXZlcml0eSBiaXQgc2V0IG9yIG5vdC4gIFN1Y2ggdXNlcnMgY291bGQganVzdCBzdG9yZSBhbmQg dmVyaWZ5IHNpZ25hdHVyZXMgaW4NCj4gPiB1c2Vyc3BhY2UgaW5zdGVhZCwgd2l0aG91dCBhbnkg a2VybmVsIGludm9sdmVtZW50LiAgU28gdGhhdCdzIHdoYXQgSSd2ZSBiZWVuDQo+ID4gcmVjb21t ZW5kaW5nICh3aXRoIGxpbWl0ZWQgc3VjY2VzcywgdW5mb3J0dW5hdGVseSkuDQo+ID4NCj4gPiBJ ZiB5b3UgcmVhbGx5IGRvIG5lZWQgaW4ta2VybmVsIHNpZ25hdHVyZSB2ZXJpZmljYXRpb24sIHRo ZW4gdGhhdCBtYXkgYmUgYQ0KPiA+IGxlZ2l0aW1hdGUgdXNlIGNhc2UgZm9yIHRoZSBmcy12ZXJp dHkgYnVpbHQtaW4gc2lnbmF0dXJlcywgYWx0aG91Z2ggSSBkbyB3b25kZXINCj4gPiB3aHkgeW91 IGFyZW4ndCB1c2luZyBJTUEgYW5kIGl0cyBzaWduYXR1cmUgbWVjaGFuaXNtIGluc3RlYWQuDQo+ ID4NCj4gPiAtIEVyaWMNCg==