From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id 5F37DC433F5 for ; Tue, 26 Oct 2021 19:04:11 +0000 (UTC) Received: from us-smtp-delivery-124.mimecast.com (us-smtp-delivery-124.mimecast.com [170.10.133.124]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mail.kernel.org (Postfix) with ESMTPS id EC78460EC0 for ; Tue, 26 Oct 2021 19:04:10 +0000 (UTC) DMARC-Filter: OpenDMARC Filter v1.4.1 mail.kernel.org EC78460EC0 Authentication-Results: mail.kernel.org; dmarc=fail (p=none dis=none) header.from=linux.microsoft.com Authentication-Results: mail.kernel.org; spf=pass smtp.mailfrom=redhat.com Received: from mimecast-mx01.redhat.com (mimecast-mx01.redhat.com [209.132.183.4]) (Using TLS) by relay.mimecast.com with ESMTP id us-mta-64-_C7mzGtTOV6SjFHoLSL90A-1; Tue, 26 Oct 2021 15:04:04 -0400 X-MC-Unique: _C7mzGtTOV6SjFHoLSL90A-1 Received: from smtp.corp.redhat.com (int-mx02.intmail.prod.int.phx2.redhat.com [10.5.11.12]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mimecast-mx01.redhat.com (Postfix) with ESMTPS id A9665100C660; Tue, 26 Oct 2021 19:03:59 +0000 (UTC) Received: from colo-mx.corp.redhat.com (colo-mx02.intmail.prod.int.phx2.redhat.com [10.5.11.21]) by smtp.corp.redhat.com (Postfix) with ESMTPS id 8CAC660BF1; Tue, 26 Oct 2021 19:03:59 +0000 (UTC) Received: from lists01.pubmisc.prod.ext.phx2.redhat.com (lists01.pubmisc.prod.ext.phx2.redhat.com [10.5.19.33]) by colo-mx.corp.redhat.com (Postfix) with ESMTP id 2F5774E590; Tue, 26 Oct 2021 19:03:59 +0000 (UTC) Received: from smtp.corp.redhat.com (int-mx02.intmail.prod.int.rdu2.redhat.com [10.11.54.2]) by lists01.pubmisc.prod.ext.phx2.redhat.com (8.13.8/8.13.8) with ESMTP id 19QJ3wPO022706 for ; Tue, 26 Oct 2021 15:03:58 -0400 Received: by smtp.corp.redhat.com (Postfix) id 01789400F3F4; Tue, 26 Oct 2021 19:03:58 +0000 (UTC) Received: from mimecast-mx02.redhat.com (mimecast02.extmail.prod.ext.rdu2.redhat.com [10.11.55.18]) by smtp.corp.redhat.com (Postfix) with ESMTPS id F0C4C4035780 for ; Tue, 26 Oct 2021 19:03:57 +0000 (UTC) Received: from us-smtp-1.mimecast.com (us-smtp-delivery-1.mimecast.com [205.139.110.120]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mimecast-mx02.redhat.com (Postfix) with ESMTPS id D53DA802809 for ; Tue, 26 Oct 2021 19:03:57 +0000 (UTC) Received: from linux.microsoft.com (linux.microsoft.com [13.77.154.182]) by relay.mimecast.com with ESMTP id us-mta-480-0jFVB87wPjOdJKUbKTxncg-1; Tue, 26 Oct 2021 15:03:55 -0400 X-MC-Unique: 0jFVB87wPjOdJKUbKTxncg-1 Received: from [10.137.106.139] (unknown [131.107.159.11]) by linux.microsoft.com (Postfix) with ESMTPSA id 2A6E420A5C29; Tue, 26 Oct 2021 12:03:54 -0700 (PDT) DKIM-Filter: OpenDKIM Filter v2.11.0 linux.microsoft.com 2A6E420A5C29 Message-ID: Date: Tue, 26 Oct 2021 12:03:53 -0700 MIME-Version: 1.0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:91.0) Gecko/20100101 Thunderbird/91.2.1 From: Deven Bowers To: Eric Biggers References: <1634151995-16266-1-git-send-email-deven.desai@linux.microsoft.com> <1634151995-16266-13-git-send-email-deven.desai@linux.microsoft.com> <9089bdb0-b28a-9fa0-c510-00fa275af621@linux.microsoft.com> In-Reply-To: X-Mimecast-Impersonation-Protect: Policy=CLT - Impersonation Protection Definition; Similar Internal Domain=false; Similar Monitored External Domain=false; Custom External Domain=false; Mimecast External Domain=false; Newly Observed Domain=false; Internal User Name=false; Custom Display Name List=false; Reply-to Address Mismatch=false; Targeted Threat Dictionary=false; Mimecast Threat Dictionary=false; Custom Threat Dictionary=false X-Scanned-By: MIMEDefang 2.84 on 10.11.54.2 X-MIME-Autoconverted: from quoted-printable to 8bit by lists01.pubmisc.prod.ext.phx2.redhat.com id 19QJ3wPO022706 X-loop: dm-devel@redhat.com Cc: axboe@kernel.dk, linux-security-module@vger.kernel.org, tytso@mit.edu, paul@paul-moore.com, snitzer@redhat.com, corbet@lwn.net, jannh@google.com, linux-doc@vger.kernel.org, jmorris@namei.org, eparis@redhat.com, linux-kernel@vger.kernel.org, linux-block@vger.kernel.org, dm-devel@redhat.com, linux-audit@redhat.com, linux-fscrypt@vger.kernel.org, agk@redhat.com, serge@hallyn.com Subject: Re: [dm-devel] [RFC PATCH v7 12/16] fsverity|security: add security hooks to fsverity digest and signature X-BeenThere: dm-devel@redhat.com X-Mailman-Version: 2.1.12 Precedence: junk List-Id: device-mapper development List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Sender: dm-devel-bounces@redhat.com Errors-To: dm-devel-bounces@redhat.com X-Scanned-By: MIMEDefang 2.79 on 10.5.11.12 Authentication-Results: relay.mimecast.com; auth=pass smtp.auth=CUSA124A263 smtp.mailfrom=dm-devel-bounces@redhat.com X-Mimecast-Spam-Score: 0 X-Mimecast-Originator: redhat.com Content-Language: en-US Content-Transfer-Encoding: base64 Content-Type: text/plain; charset="utf-8"; Format="flowed" T24gMTAvMTUvMjAyMSAxOjExIFBNLCBFcmljIEJpZ2dlcnMgd3JvdGU6Cgo+IE9uIEZyaSwgT2N0 IDE1LCAyMDIxIGF0IDEyOjI1OjUzUE0gLTA3MDAsIERldmVuIEJvd2VycyB3cm90ZToKPj4gT24g MTAvMTMvMjAyMSAxMjoyNCBQTSwgRXJpYyBCaWdnZXJzIHdyb3RlOgo+Pj4gT24gV2VkLCBPY3Qg MTMsIDIwMjEgYXQgMTI6MDY6MzFQTSAtMDcwMCxkZXZlbi5kZXNhaUBsaW51eC5taWNyb3NvZnQu Y29tICB3cm90ZToKPj4+PiBGcm9tOiBGYW4gV3U8d3VmYW5AbGludXgubWljcm9zb2Z0LmNvbT4K Pj4+Pgo+Pj4+IEFkZCBzZWN1cml0eV9pbm9kZV9zZXRzZWN1cml0eSB0byBmc3Zlcml0eSBzaWdu YXR1cmUgdmVyaWZpY2F0aW9uLgo+Pj4+IFRoaXMgY2FuIGxldCBMU01zIHNhdmUgdGhlIHNpZ25h dHVyZSBkYXRhIGFuZCBkaWdlc3QgaGFzaGVzIHByb3ZpZGVkCj4+Pj4gYnkgZnN2ZXJpdHkuCj4+ PiBDYW4geW91IGVsYWJvcmF0ZSBvbiB3aHkgTFNNcyBuZWVkIHRoaXMgaW5mb3JtYXRpb24/Cj4+ IFRoZSBwcm9wb3NlZCBMU00gKElQRSkgb2YgdGhpcyBzZXJpZXMgd2lsbCBiZSB0aGUgb25seSBv bmUgdG8gbmVlZAo+PiB0aGlzIGluZm9ybWF0aW9uIGF0IHRoZcKgIG1vbWVudC4gSVBF4oCZcyBn b2FsIGlzIHRvIGhhdmUgcHJvdmlkZQo+PiB0cnVzdC1iYXNlZCBhY2Nlc3MgY29udHJvbC4gVHJ1 c3QgYW5kIEludGVncml0eSBhcmUgdGllZCB0b2dldGhlciwKPj4gYXMgeW91IGNhbm5vdCBwcm92 ZSB0cnVzdCB3aXRob3V0IHByb3ZpbmcgaW50ZWdyaXR5Lgo+IEkgdGhpbmsgeW91IG1lYW4gYXV0 aGVudGljaXR5LCBub3QgaW50ZWdyaXR5PwpJ4oCZdmUgaGVhcmQgYSBsb3Qgb2YgcGVvcGxlIHVz ZSB0aGVzZSB0ZXJtcyBpbiBvdmVybG9hZGVkIHdheXMuCgpJZiB3ZeKAmXJlIHdvcmtpbmcgd2l0 aCB0aGUgZGVmaW5pdGlvbiBvZiBhdXRoZW50aWNpdHkgYmVpbmcK4oCcdGhlIHByb3BlcnR5IHRo YXQgYSByZXNvdXJjZSB3YXMgX2FjdHVhbGx5XyBzZW50L2NyZWF0ZWQgYnkgYQpwYXJ0eeKAnSwg YW5kIGludGVncml0eSBiZWluZyDigJx0aGUgcHJvcGVydHkgdGhhdCBhIHJlc291cmNlIHdhcyBu b3QKbW9kaWZpZWQgZnJvbSBhIHBvaW50IG9mIHRpbWXigJ0sIHRoZW4geWVzLiBUaG91Z2ggdGhl IHN0YXRlbWVudCBpc27igJl0CmZhbHNlLCB0aG91Z2gsIGJlY2F1c2UgeW914oCZZCBuZWVkIHRv IHByb3ZlIGludGVncml0eSBpbiB0aGUgcHJvY2VzcyBvZgpwcm92aW5nIGF1dGhlbnRpY2l0eS4K CklmIG5vdCwgY291bGQgeW91IGNsYXJpZnkgd2hhdCB5b3UgbWVhbiBieSBhdXRoZW50aWNpdHkg YW5kIGludGVncml0eSwKc28gdGhhdCB3ZSBjYW4gdXNlIGNvbnNpc3RlbnQgZGVmaW5pdGlvbnM/ Cj4gQWxzbyBob3cgZG9lcyB0aGlzIGRpZmZlciBmcm9tIElNQT8gIEkga25vdyB0aGF0IElNQSBk b2Vzbid0IHN1cHBvcnQgZnMtdmVyaXR5Cj4gZmlsZSBoYXNoZXMsIGJ1dCB0aGF0IGNvdWxkIGJl IGNoYW5nZWQuICBXaHkgbm90IGV4dGVuZCBJTUEgdG8gY292ZXIgeW91ciB1c2UKPiBjYXNlKHMp PwpXZSBsb29rZWQgYXQgZXh0ZW5kaW5nIElNQSB0byBjb3ZlciBvdXIgcmVxdWlyZW1lbnRzIGV4 dGVuc2l2ZWx5IHRoZSAKcGFzdCB5ZWFyCmJhc2VkIG9uIGZlZWRiYWNrIHRoZSBsYXN0IHRpbWUg SSBwb3N0ZWQgdGhlc2UgcGF0Y2hlcy4gV2UgaW1wbGVtZW50ZWQgYQpwcm90b3R5cGUgdGhhdCBo YWQgaGFsZiBvZiBvdXIgcmVxdWlyZW1lbnRzLCBidXQgZm91bmQgaXQgcmVzdWx0ZWQgaW4gYQps YXJnZSBjaGFuZ2UgbGlzdCB0aGF0IHdvdWxkIHJlc3VsdCBpbiBhIGxhcmdlIGFtb3VudCBvZiBw YWluIGluIHJlc3BlY3QKdG8gbWFpbnRlbmFuY2UsIGluIGFkZGl0aW9uIHRvIG90aGVyIG1vcmUg YXJjaGl0ZWN0dXJhbCBjb25jZXJucyBhYm91dCB0aGUKaW1wbGVtZW50YXRpb24uIFdlIHdlcmVu 4oCZdCBjb252aW5jZWQgaXQgd2FzIHRoZSBjb3JyZWN0IGRpcmVjdGlvbiwgZm9yIG91cgpuZWVk cy4KClRoZXJlIHdhcyBhIHByZXNlbnRhdGlvbiBkb25lIGF0IExTUyAyMDIxIGFyb3VuZCB0aGlz IHByb3RvdHlwZSBkb25lIGJ5IG15CmNvbGxlYWd1ZSwgRmFuLCB3aG8gYXV0aG9yZWQgdGhpcyBw YXRjaCBhbmQgaW1wbGVtZW50ZWQgdGhlIGFmb3JlbWVudGlvbmVkCnByb3RvdHlwZS4KCkluIGdl bmVyYWwsIElNQSBwcm92aWRlcyBhIHdob2xlIHN1aXRlIG9mIGFtYXppbmcgZnVuY3Rpb25hbGl0 eSB3aGVuIGl0CmNvbWVzIHRvIGV2ZXJ5dGhpbmcgaW50ZWdyaXR5LCBhcyB0aGUgZnMtdmVyaXR5 IGRvY3VtZW50YXRpb24gc3RhdGVzCml0c2VsZjoKCiAgICBJTUEgc3BlY2lmaWVzIGEgc3lzdGVt LXdpZGUgcG9saWN5IHRoYXQgc3BlY2lmaWVzIHdoaWNoCiAgICBmaWxlcyBhcmUgaGFzaGVkIGFu ZCB3aGF0IHRvIGRvIHdpdGggdGhvc2UgaGFzaGVzLCBzdWNoCiAgICBhcyBsb2cgdGhlbSwgYXV0 aGVudGljYXRlIHRoZW0sIG9yIGFkZCB0aGVtIHRvIGEKICAgIG1lYXN1cmVtZW50IGxpc3QuCgpJ bnN0ZWFkLCBJUEUgcHJvdmlkZXMgYSBmaW5lLXR1bmVkIHdheSB0byBfb25seV8gZW5mb3JjZSBh biBhY2Nlc3MgY29udHJvbApwb2xpY3kgdG8gdGhlc2UgZmlsZXMgYmFzZWQgb24gdGhlIGRlZmlu ZWQgdHJ1c3QgcmVxdWlyZW1lbnRzIGluIHRoZSBwb2xpY3ksCnVuZGVyIHZhcmlvdXMgY29udGV4 dHMsICh5b3UgbWlnaHQgaGF2ZSBkaWZmZXJlbnQgcmVxdWlyZW1lbnRzIGZvciB3aGF0CmV4ZWN1 dGVzIGluIGEgZ2VuZXJhbCBwdXJwb3NlLCB2ZXJzdXMgbG9hZGFibGUga2VybmVsIG1vZHVsZXMs IGZvciBleGFtcGxlKS4KSXQgd2lsbCBuZXZlciBwcm92aWRlIGJvdGhlciB0byBsb2csIG1lYXN1 cmUsIG9yIHJldmFsaWRhdGUgdGhlc2UgaGFzaGVzIApiZWNhdXNlCnRoYXTigJlzIG5vdCBpdHMg cHVycG9zZS4gVGhpcyBpcyB3aHkgaXQgYmVsb25ncyBhdCB0aGUgTFNNIGxheWVyIGluc3RlYWQg Cm9mIHRoZQppbnRlZ3JpdHkgc3Vic3lzdGVtIGxheWVyLCBhcyBpdCBpcyBwcm92aWRpbmcgYWNj ZXNzIGNvbnRyb2wgYmFzZWQgb24gYSAKcG9saWN5LAp2ZXJzdXMgcHJvdmlkaW5nIGRlZXAgaW50 ZWdyYXRpb25zIHdpdGggdGhlIGFjdHVhbCBpbnRlZ3JpdHkgY2xhaW0uCgpJUEUgaXMgdHJ5aW5n IHRvIGJlIGFnbm9zdGljIHRvIGhvdyBwcmVjaXNlbHkg4oCcdHJ1c3TigJ0gaXMgcHJvdmlkZWQs IGFzCm9wcG9zZWQgdG8gYmUgZGVlcGx5IGludGVncmF0ZWQgaW50byB0aGUgbWVjaGFuaXNtIHRo YXQgcHJvdmlkZXMK4oCcdHJ1c3TigJ0uCj4+IElQRSBuZWVkcyB0aGUgZGlnZXN0IGluZm9ybWF0 aW9uIHRvIGJlIGFibGUgdG8gY29tcGFyZSBhIGRpZ2VzdAo+PiBwcm92aWRlZCBieSB0aGUgcG9s aWN5IGF1dGhvciwgYWdhaW5zdCB0aGUgZGlnZXN0IGNhbGN1bGF0ZWQgYnkKPj4gZnN2ZXJpdHkg dG8gbWFrZSBhIGRlY2lzaW9uIG9uIHdoZXRoZXIgdGhhdCBzcGVjaWZpYyBmaWxlLCByZXByZXNl bnRlZAo+PiBieSB0aGUgZGlnZXN0IGlzIGF1dGhvcml6ZWQgZm9yIHRoZSBhY3Rpb25zIHNwZWNp ZmllZCBpbiB0aGUgcG9saWN5Lgo+Pgo+PiBBIG1vcmUgY29uY3JldGUgZXhhbXBsZSwgaWYgYW4g SVBFIHBvbGljeSBhdXRob3Igd3JpdGVzOgo+Pgo+PiAgwqDCoMKgIG9wPUVYRUNVVEUgZnN2ZXJp dHlfZGlnZXN0PTxIZXhEaWdlc3QgPiBhY3Rpb249REVOWQo+Pgo+PiBJUEUgdGFrZXMgdGhlIGRp Z2VzdCBwcm92aWRlZCBieSB0aGlzIHNlY3VyaXR5IGhvb2ssIHN0b3JlcyBpdAo+PiBpbiBJUEUn cyBzZWN1cml0eSBibG9iIG9uIHRoZSBpbm9kZS4gSWYgdGhpcyBmaWxlIGlzIGxhdGVyCj4+IGV4 ZWN1dGVkLCBJUEUgY29tcGFyZXMgdGhlIGRpZ2VzdCBzdG9yZWQgaW4gdGhlIExTTSBibG9iLAo+ PiBwcm92aWRlZCBieSB0aGlzIGhvb2ssIGFnYWluc3QgPEhleERpZ2VzdD4gaW4gdGhlIHBvbGlj eSwgaWYKPj4gaXQgbWF0Y2hlcywgaXQgZGVuaWVzIHRoZSBhY2Nlc3MsIHBlcmZvcm1pbmcgYSBy ZXZvY2F0aW9uCj4+IG9mIHRoYXQgZmlsZS4KPiBEbyB5b3UgaGF2ZSBhIGJldHRlciBleGFtcGxl PyAgVGhpcyBvbmUgaXMgcHJldHR5IHVzZWxlc3Mgc2luY2Ugb25lIGNhbiBnZXQKPiBhcm91bmQg aXQganVzdCBieSBleGVjdXRpbmcgYSBmaWxlIHRoYXQgZG9lc24ndCBoYXZlIGZzLXZlcml0eSBl bmFibGVkLgpIZXJl4oCZcyBhIG1vcmUgY29tcGxldGUgZXhhbXBsZToKCiAgICBwb2xpY3lfbmFt ZT3igJ1mcy1leGVjLW9ubHnigJ0gcG9saWN5X3ZlcnNpb249MC4wLjEKICAgIERFRkFVTFQgYWN0 aW9uPUFMTE9XCgogICAgREVGQVVMVCBvcD1FWEVDVVRFIGFjdGlvbj1ERU5ZCiAgICBvcD1FWEVD VVRFIGZzdmVyaXR5X2RpZ2VzdD08RGlnZXN0PiBhY3Rpb249REVOWQogICAgb3A9RVhFQ1VURSBm c3Zlcml0eV9zaWduYXR1cmU9VFJVRSBhY3Rpb249QUxMT1cKCkV4ZWN1dGlvbiBpcyBwcm9oaWJp dGVkIHVubGVzcyBpdCBpcyBhIHNpZ25lZCBmcy12ZXJpdHkgZmlsZTsKSG93ZXZlciwgYWZ0ZXIg b25lIG9mIHRob3NlIGV4ZWN1dGFibGVzIHdhcyBzaWduZWQgYW5kIHB1Ymxpc2hlZCwKYW4gZXhw bG9pdGFibGUgdnVsbmVyYWJpbGl0eSBpbiBzYWlkIGV4ZWN1dGFibGUgd2FzIGZvdW5kLCBhIG5l dwp2ZXJzaW9uIHdhcyBwdWJsaXNoZWQgd2l0aG91dCB0aGF0IHZ1bG5lcmFiaWxpdHkuIFdlIG5l ZWQgdG8KcmV2b2tlIHRydXN0IGZvciB0aGF0IGV4ZWN1dGFibGUgc2luY2UgaXQgY291bGQgYmUg dXNlZCB0byBleHBsb2l0CnRoZSBzeXN0ZW0sIHNvIHRoZSBmaXJzdCBydWxlIHByZXZlbnRzIGl0 IGZyb20gbWF0Y2hpbmcgdGhlIHNlY29uZC4KPj4gVGhpcyBicmluZ3MgbWUgdG8geW91ciBuZXh0 IGNvbW1lbnQ6Cj4+Cj4+PiBUaGUgZGlnZXN0IGlzbid0IG1lYW5pbmdmdWwgd2l0aG91dCBrbm93 aW5nIHRoZSBoYXNoIGFsZ29yaXRobSBpdCB1c2VzLgo+PiBJdCdzIGF2YWlsYWJsZSBoZXJlLCBi dXQgeW91IGFyZW4ndCBwYXNzaW5nIGl0IHRvIHRoaXMgZnVuY3Rpb24uCj4+Cj4+IFRoZSBkaWdl c3QgaXMgbWVhbmluZ2Z1bCB3aXRob3V0IHRoZSBhbGdvcml0aG0gaW4gdGhpcyBjYXNlLgo+IE5v LCBpdCdzIG5vdC4KPgo+IERpZ2VzdHMgYXJlIG1lYW5pbmdsZXNzIHdpdGhvdXQga25vd2luZyB3 aGF0IGFsZ29yaXRobSB0aGV5IHdlcmUgY3JlYXRlZCB3aXRoLgo+Cj4gSWYgeW91ciBzZWN1cml0 eSBwb2xpY3kgaXMgc29tZXRoaW5nIGxpa2UgIlRydXN0IHRoZSBmaWxlIHdpdGggZGlnZXN0ICRm b28iIGFuZAo+IG11bHRpcGxlIGhhc2ggYWxnb3JpdGhtcyBhcmUgcG9zc2libGUsIHRoZW4gdGhl IGFsb3JpdGhtIGludGVuZGVkIHRvIGJlIHVzZWQKPiBuZWVkcyB0byBiZSBleHBsaWNpdGx5IHNw ZWNpZmllZC4gIE90aGVyd2lzZSBhbnkgYWxnb3JpdGhtIHdpdGggdGhlIHNhbWUgbGVuZ3RoCj4g ZGlnZXN0IHdpbGwgYmUgYWNjZXB0ZWQuICBUaGF0J3MgYSBmYXRhbCBmbGF3IGlmIGFueSBvZiB0 aGVzZSBhbGdvcml0aG1zIGlzCj4gY3J5cHRvZ3JhcGhpY2FsbHkgYnJva2VuIG9yIHdhcyBuZXZl ciBpbnRlbmRlZCB0byBiZSBhIGNyeXB0b2dyYXBoaWMgYWxnb3JpdGhtCj4gaW4gdGhlIGZpcnN0 IHBsYWNlIChlLmcuLCBhIG5vbi1jcnlwdG9ncmFwaGljIGNoZWNrc3VtKS4KPgo+IENyeXB0b3N5 c3RlbXMgYWx3YXlzIG5lZWQgdG8gc3BlY2lmeSB0aGUgY3J5cHRvIGFsZ29yaXRobShzKSB1c2Vk OyB0aGUgYWR2ZXJzYXJ5Cj4gbXVzdCBub3QgYmUgYWxsb3dlZCB0byBjaG9vc2UgdGhlIGFsZ29y aXRobXMuCk9vZi4gWW914oCZcmUgY29tcGxldGVseSByaWdodC4gVGhlIHBhcnQgSSB3YXMgbWlz c2luZyBpcyB0aGF0IGFzIHRpbWUgCmdvZXMgb24sCnRoZSBzZWN1cmUgc3RhdHVzIG9mIHRoZXNl IGNyeXB0b2dyYXBoaWMgYWxnb3JpdGhtcyB3aWxsIGNoYW5nZSwgYW5kIAp0aGVuIHdl4oCZbGwK bmVlZCBhIHdheSB0byBtaWdyYXRlIGJldHdlZW4gYWxnb3JpdGhtcy4gQWRkaXRpb25hbGx5LCB0 b29saW5nIGFuZCB0aGUgCmxpa2Ugd2lsbApsaWtlbHkgbmVlZCBhIHdheSB0byBpZGVudGlmeSB0 aGlzIGZyb20gdGhlIHBvbGljeSB0ZXh0IHdpdGhvdXQgCmNvbnN1bHRpbmcgYW55dGhpbmcKZWxz ZS4gVGhpcyBpcyBhIG1ham9yIG92ZXJzaWdodCBmb3IgZ2VuZXJhbCB1c2UsIHRoZSBzeXN0ZW0g dGhhdCB0aGlzIAp3YXMgb3JpZ2luYWxseQpkZXNpZ25lZCBmb3Igb25seSBoYWQgc3VwcG9ydCBm b3IgYSBzdWJzZXQgb2YgdGhlIHNoYTItZmFtaWx5IChhbGwgCnNlcGFyYXRlIGxlbmd0aHMpCnNv IEkgaGFkbuKAmXQgZXZlbiBjb25zaWRlcmVkIGl0LgoKSXQncyB0cml2aWFsIHRvIGNvcnJlY3Qg aW4gYSBtaW5pbWFsIGFtb3VudCBvZiBjb2RlLCBtYWtpbmcgdGhlIHBvbGljeSAKZXhwcmVzcyB0 aGUKZGlnZXN0IGxpa2Ugc286CgogICAgZnN2ZXJpdHlfZGlnZXN0PTxhbGdvPjo8ZGlnZXN0PgoK YW5kIGNoYW5nZSB0aGUgYXJndW1lbnQgcGFzc2VkIHRvIHRoZSBMU00gaG9vayB0byBhY2NlcHQg YSBzdHJ1Y3R1cmUgCmNvbnRhaW5pbmcgdGhlc2UKdHdvIGZpZWxkcy4KCj4gSSdtIG5vdCBzdXJl IGhvdyB0aGVzZSBwYXRjaGVzIGNhbiBiZSB0YWtlbiBzZXJpb3VzbHkgd2hlbiB0aGV5J3JlIGdl dHRpbmcgdGhpcwo+IHNvcnQgb2YgdGhpbmcgd3JvbmcuClRoYXQgc2FpZCwgSSwgcGVyc29uYWxs eSwgaG9wZSB0aGF0IGFuIGhvbmVzdCBtaXN0YWtlLCBpbiBhIHNlcmllcyAKc3VibWl0dGVkIGFz CmFuIFJGQyBzdWJtaXR0ZWQgaW4gZ29vZCBmYWl0aCwgaXMgbm90IGEgcmVhc29uIHRvIGRpc2Nv dW50IGFuIGVudGlyZSBwYXRjaApzZXJpZXMuCgpJIGhvcGUgeW91IGNvbnRpbnVlIHRvIHByb3Zp ZGUgZmVlZGJhY2ssIGFzIGl0IGlzIGludmFsdWFibGUgdG8gbWFraW5nIHRoaXMKc3lzdGVtIGJl dHRlciwgYW5kIG1ha2luZyBtZSwgcGVyc29uYWxseSwgYSBiZXR0ZXIgZGV2ZWxvcGVyLgo+Pj4+ ICsJCQkJCUZTX1ZFUklUWV9TSUdOQVRVUkVfU0VDX05BTUUsCj4+Pj4gKwkJCQkJc2lnbmF0dXJl LCBzaWdfc2l6ZSwgMCk7Cj4+PiBUaGlzIGlzIG9ubHkgZm9yIGZzLXZlcml0eSBidWlsdC1pbiBz aWduYXR1cmVzIHdoaWNoIGFyZW4ndCB0aGUgb25seSB3YXkgdG8gZG8KPj4+IHNpZ25hdHVyZXMg d2l0aCBmcy12ZXJpdHkuICBBcmUgeW91IHN1cmUgdGhpcyBpcyB3aGF0IHlvdSdyZSBsb29raW5n IGZvcj8KPj4gQ291bGQgeW91IGVsYWJvcmF0ZSBvbiB0aGUgb3RoZXIgc2lnbmF0dXJlIHR5cGVz IHRoYXQgY2FuIGJlIHVzZWQKPj4gd2l0aCBmcy12ZXJpdHk/IEnigJltIDk5JSBzdXJlIHRoaXMg aXMgd2hhdCBJ4oCZbSBsb29raW5nIGZvciBhcyB0aGlzCj4+IGlzIGEgc2lnbmF0dXJlIHZhbGlk YXRlZCBpbiB0aGUga2VybmVsIGFnYWluc3QgdGhlIGZzLXZlcml0eSBrZXlyaW5nCj4+IGFzIHBh cnQgb2YgdGhlIOKAnGZzdmVyaXR5IGVuYWJsZeKAnSB1dGlsaXR5Lgo+Pgo+PiBJdCdzIGltcG9y dGFudCB0aGF0IHRoZSBzaWduYXR1cmUgaXMgdmFsaWRhdGVkIGluIHRoZSBrZXJuZWwsIGFzCj4+ IHVzZXJzcGFjZSBpcyBjb25zaWRlcmVkIHVudHJ1c3RlZCB1bnRpbCB0aGUgc2lnbmF0dXJlIGlz IHZhbGlkYXRlZAo+PiBmb3IgdGhpcyBjYXNlLgo+Pgo+Pj4gQ2FuIHlvdSBlbGFib3JhdGUgb24g eW91ciB1c2UgY2FzZSBmb3IgZnMtdmVyaXR5IGJ1aWx0LWluIHNpZ25hdHVyZXMsCj4+IFN1cmUs IHNpZ25hdHVyZXMsIGxpa2UgZGlnZXN0cywgYWxzbyBwcm92aWRlIGEgd2F5IHRvIHByb3ZlIGlu dGVncml0eSwKPj4gYW5kIHRoZSB0cnVzdCBjb21wb25lbnQgY29tZXMgZnJvbSB0aGUgdmFsaWRh dGlvbiBhZ2FpbnN0IHRoZSBrZXlyaW5nLAo+PiBhcyBvcHBvc2VkIHRvIGEgZml4ZWQgdmFsdWUg aW4gSVBF4oCZcyBwb2xpY3kuIFRoZSB1c2UgY2FzZSBmb3IgZnMtdmVyaXR5Cj4+IGJ1aWx0LWlu IHNpZ25hdHVyZXMgaXMgdGhhdCB3ZSBoYXZlIGEgcncgZXh0NCBmaWxlc3lzdGVtIHRoYXQgaGFz IHNvbWUKPj4gZXhlY3V0YWJsZSBmaWxlcywgYW5kIHdlIHdhbnQgdG8gaGF2ZSBhIGV4ZWN1dGlv biBwb2xpY3kgKHRocm91Z2ggSVBFKQo+PiB0aGF0IG9ubHkgX3RydXN0ZWRfIGV4ZWN1dGFibGVz IGNhbiBydW4uIFBlcmYgaXMgaW1wb3J0YW50IGhlcmUsIGhlbmNlCj4+IGZzLXZlcml0eS4KPiBN b3N0IHVzZXJzIG9mIGZzLXZlcml0eSBidWlsdC1pbiBzaWduYXR1cmVzIGhhdmUgYWN0dWFsbHkg YmVlbiBlbmZvcmNpbmcgdGhlaXIKPiBzZWN1cml0eSBwb2xpY3kgaW4gdXNlcnNwYWNlLCBieSBj aGVja2luZyB3aGV0aGVyIHNwZWNpZmljIGZpbGVzIGhhdmUgdGhlCj4gZnMtdmVyaXR5IGJpdCBz ZXQgb3Igbm90LiAgU3VjaCB1c2VycyBjb3VsZCBqdXN0IHN0b3JlIGFuZCB2ZXJpZnkgc2lnbmF0 dXJlcyBpbgo+IHVzZXJzcGFjZSBpbnN0ZWFkLCB3aXRob3V0IGFueSBrZXJuZWwgaW52b2x2ZW1l bnQuICBTbyB0aGF0J3Mgd2hhdCBJJ3ZlIGJlZW4KPiByZWNvbW1lbmRpbmcgKHdpdGggbGltaXRl ZCBzdWNjZXNzLCB1bmZvcnR1bmF0ZWx5KS4KSSBiZWxpZXZlIHRoZSBkaWZmZXJlbmNlIGluIHNl Y3VyaXR5IG1vZGVscyBjb21lcyBmcm9tIHRoaXMgbGluZQooZW1waGFzaXMsIG1pbmUpOgoKID4g YnkgY2hlY2tpbmcgd2hldGhlciBfc3BlY2lmaWMgZmlsZXNfIGhhdmUgdGhlIGZzLXZlcml0eSBi aXQgc2V0IG9yIG5vdC4KCklQRSBwb2xpY3kgaXMgd3JpdHRlbiBieSBhIHN5c3RlbSBhdXRob3Ig d2hvIG93bnMgdGhlIHN5c3RlbSwgYnV0IG1heQpub3QgaGF2ZSAxMDAlIGNvbnRyb2wgb3ZlciBh bGwgb2YgdGhlIGFwcGxpY2F0aW9uIGNvZGUgcnVubmluZyBvbiB0aGUKc3lzdGVtLsKgIEluIHRo ZSBjYXNlIG9mIGFwcGxpY2F0aW9ucyB3aGljaCBhcmUgbm90IGF3YXJlIG9mIElQRSwgdGhlIHBv bGljeQpjYW4gc3RpbGwgZW5mb3JjZSB0aGF0IGFsbCBvZiB0aGUgY29kZSBydW5uaW5nIG9uIHRo ZSBzeXN0ZW0gaXMgdHJ1c3RlZC4KCkFuIGV4YW1wbGUgYXR0YWNrIG9mIHdoYXQgd2UncmUgdHJ5 aW5nIHRvIG1pdGlnYXRlOsKgIEEgaG9zdGlsZSBhY3Rvcgpjb3VsZCBkb3dubG9hZHMgYSBiaW5h cnkgb2ZmIHRoZSBpbnRlcm5ldCB3aXRoIGFsbCByZXF1aXJlZApkZXBlbmRlbmNpZXMgaW50byB0 bXBmcyBhbmQgcnVucyB0aGVpciBtYWxpY2lvdXMgZXhlY3V0YWJsZS4KCldpdGggdXMgdmFsaWRh dGluZyB0aGlzIGluZm9ybWF0aW9uIGluIHRoZSBrZXJuZWwsIGV2ZW4gaWYgdGhlIGF0dGFja2Vy CmRvd25sb2FkZWQgdGhlaXIgbWFsaWNpb3VzIGV4ZWN1dGFibGUgdG8gL3RtcCBhbmQgZXhlY3V0 ZWQgaXQsIGl0IHdvdWxkCnN0aWxsIGZhaWwgdG8gcGFzcyBwb2xpY3kgYW5kIGJlIGRlbmllZCwg YXMgdGhlIGtlcm5lbCBpcyB0aGUgY29tbW9uCmVudHJ5cG9pbnQgYWNyb3NzIGFsbCBleGVjdXRh Ymxlcy4KCk9wZXJhdGlvbmFsbHksIHRoaXMgX2NvdWxkXyBiZSBkb25lIGJ5IGRpZ2VzdCwgYnV0 IHRoZSBwb2xpY2llcyB3b3VsZApxdWlja2x5IGJlY29tZSBnaWdhbnRpYyBvbiBhIGNhcnRvb25p c2ggcHJvcG9ydGlvbiwgYXMgeW91J2xsIGhhdmUgdG8KYXV0aG9yaXplIGV2ZXJ5IHNpbmdsZSBl eGVjdXRhYmxlIGFuZCBkZXBlbmRlbmN5IGJ5IGRpZ2VzdCAtIGFuZAp0aGVyZSB3b3VsZCBiZSBh IGNvbXBsaWNhdGVkIHVwZGF0ZSBzdG9yeSBhcyB0aGUgcG9saWN5IHdvdWxkIGhhdmUgdG8KYmUg dXBkYXRlZCB0byBvbmJvYXJkIG5ldyBkaWdlc3RzLgoKQnkgdXNpbmcgc2lnbmF0dXJlcywgd2Ug Y2FuIHByZXZlbnQgdGhlIHBvbGljeSB1cGRhdGUsIGFuZCBrZWVwIHRoZQpwb2xpY3kgc2l6ZSBz bWFsbC4KCj4gSWYgeW91IHJlYWxseSBkbyBuZWVkIGluLWtlcm5lbCBzaWduYXR1cmUgdmVyaWZp Y2F0aW9uLCB0aGVuIHRoYXQgbWF5IGJlIGEKPiBsZWdpdGltYXRlIHVzZSBjYXNlIGZvciB0aGUg ZnMtdmVyaXR5IGJ1aWx0LWluIHNpZ25hdHVyZXMsIGFsdGhvdWdoIEkgZG8gd29uZGVyCj4gd2h5 IHlvdSBhcmVuJ3QgdXNpbmcgSU1BIGFuZCBpdHMgc2lnbmF0dXJlIG1lY2hhbmlzbSBpbnN0ZWFk Lgo+Cj4gLSBFcmljCgoKLS0KZG0tZGV2ZWwgbWFpbGluZyBsaXN0CmRtLWRldmVsQHJlZGhhdC5j b20KaHR0cHM6Ly9saXN0bWFuLnJlZGhhdC5jb20vbWFpbG1hbi9saXN0aW5mby9kbS1kZXZlbA== From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id 6D1D8C433F5 for ; Tue, 26 Oct 2021 19:31:11 +0000 (UTC) Received: from us-smtp-delivery-124.mimecast.com (us-smtp-delivery-124.mimecast.com [170.10.133.124]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mail.kernel.org (Postfix) with ESMTPS id EDEAA60E08 for ; Tue, 26 Oct 2021 19:31:10 +0000 (UTC) DMARC-Filter: OpenDMARC Filter v1.4.1 mail.kernel.org EDEAA60E08 Authentication-Results: mail.kernel.org; dmarc=fail (p=none dis=none) header.from=linux.microsoft.com Authentication-Results: mail.kernel.org; spf=pass smtp.mailfrom=redhat.com Received: from mimecast-mx01.redhat.com (mimecast-mx01.redhat.com [209.132.183.4]) (Using TLS) by relay.mimecast.com with ESMTP id us-mta-348-PT7Kbgo-Nlq6yTEvO5WMFg-1; Tue, 26 Oct 2021 15:31:06 -0400 X-MC-Unique: PT7Kbgo-Nlq6yTEvO5WMFg-1 Received: from smtp.corp.redhat.com (int-mx05.intmail.prod.int.phx2.redhat.com [10.5.11.15]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mimecast-mx01.redhat.com (Postfix) with ESMTPS id 34D241006AA2; Tue, 26 Oct 2021 19:31:03 +0000 (UTC) Received: from colo-mx.corp.redhat.com (colo-mx02.intmail.prod.int.phx2.redhat.com [10.5.11.21]) by smtp.corp.redhat.com (Postfix) with ESMTPS id 1B38062A41; Tue, 26 Oct 2021 19:31:03 +0000 (UTC) Received: from lists01.pubmisc.prod.ext.phx2.redhat.com (lists01.pubmisc.prod.ext.phx2.redhat.com [10.5.19.33]) by colo-mx.corp.redhat.com (Postfix) with ESMTP id A89664A704; Tue, 26 Oct 2021 19:31:02 +0000 (UTC) Received: from smtp.corp.redhat.com (int-mx02.intmail.prod.int.rdu2.redhat.com [10.11.54.2]) by lists01.pubmisc.prod.ext.phx2.redhat.com (8.13.8/8.13.8) with ESMTP id 19QJ40D1022728 for ; Tue, 26 Oct 2021 15:04:00 -0400 Received: by smtp.corp.redhat.com (Postfix) id A4E1640149B4; Tue, 26 Oct 2021 19:04:00 +0000 (UTC) Received: from mimecast-mx02.redhat.com (mimecast01.extmail.prod.ext.rdu2.redhat.com [10.11.55.17]) by smtp.corp.redhat.com (Postfix) with ESMTPS id A100040149AF for ; Tue, 26 Oct 2021 19:04:00 +0000 (UTC) Received: from us-smtp-1.mimecast.com (us-smtp-delivery-1.mimecast.com [205.139.110.120]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mimecast-mx02.redhat.com (Postfix) with ESMTPS id E204E899EC0 for ; Tue, 26 Oct 2021 19:03:59 +0000 (UTC) Received: from linux.microsoft.com (linux.microsoft.com [13.77.154.182]) by relay.mimecast.com with ESMTP id us-mta-480-0jFVB87wPjOdJKUbKTxncg-1; Tue, 26 Oct 2021 15:03:55 -0400 X-MC-Unique: 0jFVB87wPjOdJKUbKTxncg-1 Received: from [10.137.106.139] (unknown [131.107.159.11]) by linux.microsoft.com (Postfix) with ESMTPSA id 2A6E420A5C29; Tue, 26 Oct 2021 12:03:54 -0700 (PDT) DKIM-Filter: OpenDKIM Filter v2.11.0 linux.microsoft.com 2A6E420A5C29 Message-ID: Date: Tue, 26 Oct 2021 12:03:53 -0700 MIME-Version: 1.0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:91.0) Gecko/20100101 Thunderbird/91.2.1 From: Deven Bowers Subject: Re: [RFC PATCH v7 12/16] fsverity|security: add security hooks to fsverity digest and signature To: Eric Biggers References: <1634151995-16266-1-git-send-email-deven.desai@linux.microsoft.com> <1634151995-16266-13-git-send-email-deven.desai@linux.microsoft.com> <9089bdb0-b28a-9fa0-c510-00fa275af621@linux.microsoft.com> In-Reply-To: X-Mimecast-Impersonation-Protect: Policy=CLT - Impersonation Protection Definition; Similar Internal Domain=false; Similar Monitored External Domain=false; Custom External Domain=false; Mimecast External Domain=false; Newly Observed Domain=false; Internal User Name=false; Custom Display Name List=false; Reply-to Address Mismatch=false; Targeted Threat Dictionary=false; Mimecast Threat Dictionary=false; Custom Threat Dictionary=false X-Scanned-By: MIMEDefang 2.84 on 10.11.54.2 X-MIME-Autoconverted: from quoted-printable to 8bit by lists01.pubmisc.prod.ext.phx2.redhat.com id 19QJ40D1022728 X-loop: linux-audit@redhat.com X-Mailman-Approved-At: Tue, 26 Oct 2021 15:25:17 -0400 Cc: axboe@kernel.dk, linux-security-module@vger.kernel.org, tytso@mit.edu, snitzer@redhat.com, corbet@lwn.net, jannh@google.com, linux-doc@vger.kernel.org, jmorris@namei.org, eparis@redhat.com, linux-kernel@vger.kernel.org, linux-block@vger.kernel.org, dm-devel@redhat.com, linux-audit@redhat.com, linux-fscrypt@vger.kernel.org, agk@redhat.com, serge@hallyn.com X-BeenThere: linux-audit@redhat.com X-Mailman-Version: 2.1.12 Precedence: junk List-Id: Linux Audit Discussion List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Sender: linux-audit-bounces@redhat.com Errors-To: linux-audit-bounces@redhat.com X-Scanned-By: MIMEDefang 2.79 on 10.5.11.15 Authentication-Results: relay.mimecast.com; auth=pass smtp.auth=CUSA124A263 smtp.mailfrom=linux-audit-bounces@redhat.com X-Mimecast-Spam-Score: 0 X-Mimecast-Originator: redhat.com Content-Language: en-US Content-Transfer-Encoding: base64 Content-Type: text/plain; charset="utf-8"; Format="flowed" T24gMTAvMTUvMjAyMSAxOjExIFBNLCBFcmljIEJpZ2dlcnMgd3JvdGU6Cgo+IE9uIEZyaSwgT2N0 IDE1LCAyMDIxIGF0IDEyOjI1OjUzUE0gLTA3MDAsIERldmVuIEJvd2VycyB3cm90ZToKPj4gT24g MTAvMTMvMjAyMSAxMjoyNCBQTSwgRXJpYyBCaWdnZXJzIHdyb3RlOgo+Pj4gT24gV2VkLCBPY3Qg MTMsIDIwMjEgYXQgMTI6MDY6MzFQTSAtMDcwMCxkZXZlbi5kZXNhaUBsaW51eC5taWNyb3NvZnQu Y29tICB3cm90ZToKPj4+PiBGcm9tOiBGYW4gV3U8d3VmYW5AbGludXgubWljcm9zb2Z0LmNvbT4K Pj4+Pgo+Pj4+IEFkZCBzZWN1cml0eV9pbm9kZV9zZXRzZWN1cml0eSB0byBmc3Zlcml0eSBzaWdu YXR1cmUgdmVyaWZpY2F0aW9uLgo+Pj4+IFRoaXMgY2FuIGxldCBMU01zIHNhdmUgdGhlIHNpZ25h dHVyZSBkYXRhIGFuZCBkaWdlc3QgaGFzaGVzIHByb3ZpZGVkCj4+Pj4gYnkgZnN2ZXJpdHkuCj4+ PiBDYW4geW91IGVsYWJvcmF0ZSBvbiB3aHkgTFNNcyBuZWVkIHRoaXMgaW5mb3JtYXRpb24/Cj4+ IFRoZSBwcm9wb3NlZCBMU00gKElQRSkgb2YgdGhpcyBzZXJpZXMgd2lsbCBiZSB0aGUgb25seSBv bmUgdG8gbmVlZAo+PiB0aGlzIGluZm9ybWF0aW9uIGF0IHRoZcKgIG1vbWVudC4gSVBF4oCZcyBn b2FsIGlzIHRvIGhhdmUgcHJvdmlkZQo+PiB0cnVzdC1iYXNlZCBhY2Nlc3MgY29udHJvbC4gVHJ1 c3QgYW5kIEludGVncml0eSBhcmUgdGllZCB0b2dldGhlciwKPj4gYXMgeW91IGNhbm5vdCBwcm92 ZSB0cnVzdCB3aXRob3V0IHByb3ZpbmcgaW50ZWdyaXR5Lgo+IEkgdGhpbmsgeW91IG1lYW4gYXV0 aGVudGljaXR5LCBub3QgaW50ZWdyaXR5PwpJ4oCZdmUgaGVhcmQgYSBsb3Qgb2YgcGVvcGxlIHVz ZSB0aGVzZSB0ZXJtcyBpbiBvdmVybG9hZGVkIHdheXMuCgpJZiB3ZeKAmXJlIHdvcmtpbmcgd2l0 aCB0aGUgZGVmaW5pdGlvbiBvZiBhdXRoZW50aWNpdHkgYmVpbmcK4oCcdGhlIHByb3BlcnR5IHRo YXQgYSByZXNvdXJjZSB3YXMgX2FjdHVhbGx5XyBzZW50L2NyZWF0ZWQgYnkgYQpwYXJ0eeKAnSwg YW5kIGludGVncml0eSBiZWluZyDigJx0aGUgcHJvcGVydHkgdGhhdCBhIHJlc291cmNlIHdhcyBu b3QKbW9kaWZpZWQgZnJvbSBhIHBvaW50IG9mIHRpbWXigJ0sIHRoZW4geWVzLiBUaG91Z2ggdGhl IHN0YXRlbWVudCBpc27igJl0CmZhbHNlLCB0aG91Z2gsIGJlY2F1c2UgeW914oCZZCBuZWVkIHRv IHByb3ZlIGludGVncml0eSBpbiB0aGUgcHJvY2VzcyBvZgpwcm92aW5nIGF1dGhlbnRpY2l0eS4K CklmIG5vdCwgY291bGQgeW91IGNsYXJpZnkgd2hhdCB5b3UgbWVhbiBieSBhdXRoZW50aWNpdHkg YW5kIGludGVncml0eSwKc28gdGhhdCB3ZSBjYW4gdXNlIGNvbnNpc3RlbnQgZGVmaW5pdGlvbnM/ Cj4gQWxzbyBob3cgZG9lcyB0aGlzIGRpZmZlciBmcm9tIElNQT8gIEkga25vdyB0aGF0IElNQSBk b2Vzbid0IHN1cHBvcnQgZnMtdmVyaXR5Cj4gZmlsZSBoYXNoZXMsIGJ1dCB0aGF0IGNvdWxkIGJl IGNoYW5nZWQuICBXaHkgbm90IGV4dGVuZCBJTUEgdG8gY292ZXIgeW91ciB1c2UKPiBjYXNlKHMp PwpXZSBsb29rZWQgYXQgZXh0ZW5kaW5nIElNQSB0byBjb3ZlciBvdXIgcmVxdWlyZW1lbnRzIGV4 dGVuc2l2ZWx5IHRoZSAKcGFzdCB5ZWFyCmJhc2VkIG9uIGZlZWRiYWNrIHRoZSBsYXN0IHRpbWUg SSBwb3N0ZWQgdGhlc2UgcGF0Y2hlcy4gV2UgaW1wbGVtZW50ZWQgYQpwcm90b3R5cGUgdGhhdCBo YWQgaGFsZiBvZiBvdXIgcmVxdWlyZW1lbnRzLCBidXQgZm91bmQgaXQgcmVzdWx0ZWQgaW4gYQps YXJnZSBjaGFuZ2UgbGlzdCB0aGF0IHdvdWxkIHJlc3VsdCBpbiBhIGxhcmdlIGFtb3VudCBvZiBw YWluIGluIHJlc3BlY3QKdG8gbWFpbnRlbmFuY2UsIGluIGFkZGl0aW9uIHRvIG90aGVyIG1vcmUg YXJjaGl0ZWN0dXJhbCBjb25jZXJucyBhYm91dCB0aGUKaW1wbGVtZW50YXRpb24uIFdlIHdlcmVu 4oCZdCBjb252aW5jZWQgaXQgd2FzIHRoZSBjb3JyZWN0IGRpcmVjdGlvbiwgZm9yIG91cgpuZWVk cy4KClRoZXJlIHdhcyBhIHByZXNlbnRhdGlvbiBkb25lIGF0IExTUyAyMDIxIGFyb3VuZCB0aGlz IHByb3RvdHlwZSBkb25lIGJ5IG15CmNvbGxlYWd1ZSwgRmFuLCB3aG8gYXV0aG9yZWQgdGhpcyBw YXRjaCBhbmQgaW1wbGVtZW50ZWQgdGhlIGFmb3JlbWVudGlvbmVkCnByb3RvdHlwZS4KCkluIGdl bmVyYWwsIElNQSBwcm92aWRlcyBhIHdob2xlIHN1aXRlIG9mIGFtYXppbmcgZnVuY3Rpb25hbGl0 eSB3aGVuIGl0CmNvbWVzIHRvIGV2ZXJ5dGhpbmcgaW50ZWdyaXR5LCBhcyB0aGUgZnMtdmVyaXR5 IGRvY3VtZW50YXRpb24gc3RhdGVzCml0c2VsZjoKCiAgICBJTUEgc3BlY2lmaWVzIGEgc3lzdGVt LXdpZGUgcG9saWN5IHRoYXQgc3BlY2lmaWVzIHdoaWNoCiAgICBmaWxlcyBhcmUgaGFzaGVkIGFu ZCB3aGF0IHRvIGRvIHdpdGggdGhvc2UgaGFzaGVzLCBzdWNoCiAgICBhcyBsb2cgdGhlbSwgYXV0 aGVudGljYXRlIHRoZW0sIG9yIGFkZCB0aGVtIHRvIGEKICAgIG1lYXN1cmVtZW50IGxpc3QuCgpJ bnN0ZWFkLCBJUEUgcHJvdmlkZXMgYSBmaW5lLXR1bmVkIHdheSB0byBfb25seV8gZW5mb3JjZSBh biBhY2Nlc3MgY29udHJvbApwb2xpY3kgdG8gdGhlc2UgZmlsZXMgYmFzZWQgb24gdGhlIGRlZmlu ZWQgdHJ1c3QgcmVxdWlyZW1lbnRzIGluIHRoZSBwb2xpY3ksCnVuZGVyIHZhcmlvdXMgY29udGV4 dHMsICh5b3UgbWlnaHQgaGF2ZSBkaWZmZXJlbnQgcmVxdWlyZW1lbnRzIGZvciB3aGF0CmV4ZWN1 dGVzIGluIGEgZ2VuZXJhbCBwdXJwb3NlLCB2ZXJzdXMgbG9hZGFibGUga2VybmVsIG1vZHVsZXMs IGZvciBleGFtcGxlKS4KSXQgd2lsbCBuZXZlciBwcm92aWRlIGJvdGhlciB0byBsb2csIG1lYXN1 cmUsIG9yIHJldmFsaWRhdGUgdGhlc2UgaGFzaGVzIApiZWNhdXNlCnRoYXTigJlzIG5vdCBpdHMg cHVycG9zZS4gVGhpcyBpcyB3aHkgaXQgYmVsb25ncyBhdCB0aGUgTFNNIGxheWVyIGluc3RlYWQg Cm9mIHRoZQppbnRlZ3JpdHkgc3Vic3lzdGVtIGxheWVyLCBhcyBpdCBpcyBwcm92aWRpbmcgYWNj ZXNzIGNvbnRyb2wgYmFzZWQgb24gYSAKcG9saWN5LAp2ZXJzdXMgcHJvdmlkaW5nIGRlZXAgaW50 ZWdyYXRpb25zIHdpdGggdGhlIGFjdHVhbCBpbnRlZ3JpdHkgY2xhaW0uCgpJUEUgaXMgdHJ5aW5n IHRvIGJlIGFnbm9zdGljIHRvIGhvdyBwcmVjaXNlbHkg4oCcdHJ1c3TigJ0gaXMgcHJvdmlkZWQs IGFzCm9wcG9zZWQgdG8gYmUgZGVlcGx5IGludGVncmF0ZWQgaW50byB0aGUgbWVjaGFuaXNtIHRo YXQgcHJvdmlkZXMK4oCcdHJ1c3TigJ0uCj4+IElQRSBuZWVkcyB0aGUgZGlnZXN0IGluZm9ybWF0 aW9uIHRvIGJlIGFibGUgdG8gY29tcGFyZSBhIGRpZ2VzdAo+PiBwcm92aWRlZCBieSB0aGUgcG9s aWN5IGF1dGhvciwgYWdhaW5zdCB0aGUgZGlnZXN0IGNhbGN1bGF0ZWQgYnkKPj4gZnN2ZXJpdHkg dG8gbWFrZSBhIGRlY2lzaW9uIG9uIHdoZXRoZXIgdGhhdCBzcGVjaWZpYyBmaWxlLCByZXByZXNl bnRlZAo+PiBieSB0aGUgZGlnZXN0IGlzIGF1dGhvcml6ZWQgZm9yIHRoZSBhY3Rpb25zIHNwZWNp ZmllZCBpbiB0aGUgcG9saWN5Lgo+Pgo+PiBBIG1vcmUgY29uY3JldGUgZXhhbXBsZSwgaWYgYW4g SVBFIHBvbGljeSBhdXRob3Igd3JpdGVzOgo+Pgo+PiAgwqDCoMKgIG9wPUVYRUNVVEUgZnN2ZXJp dHlfZGlnZXN0PTxIZXhEaWdlc3QgPiBhY3Rpb249REVOWQo+Pgo+PiBJUEUgdGFrZXMgdGhlIGRp Z2VzdCBwcm92aWRlZCBieSB0aGlzIHNlY3VyaXR5IGhvb2ssIHN0b3JlcyBpdAo+PiBpbiBJUEUn cyBzZWN1cml0eSBibG9iIG9uIHRoZSBpbm9kZS4gSWYgdGhpcyBmaWxlIGlzIGxhdGVyCj4+IGV4 ZWN1dGVkLCBJUEUgY29tcGFyZXMgdGhlIGRpZ2VzdCBzdG9yZWQgaW4gdGhlIExTTSBibG9iLAo+ PiBwcm92aWRlZCBieSB0aGlzIGhvb2ssIGFnYWluc3QgPEhleERpZ2VzdD4gaW4gdGhlIHBvbGlj eSwgaWYKPj4gaXQgbWF0Y2hlcywgaXQgZGVuaWVzIHRoZSBhY2Nlc3MsIHBlcmZvcm1pbmcgYSBy ZXZvY2F0aW9uCj4+IG9mIHRoYXQgZmlsZS4KPiBEbyB5b3UgaGF2ZSBhIGJldHRlciBleGFtcGxl PyAgVGhpcyBvbmUgaXMgcHJldHR5IHVzZWxlc3Mgc2luY2Ugb25lIGNhbiBnZXQKPiBhcm91bmQg aXQganVzdCBieSBleGVjdXRpbmcgYSBmaWxlIHRoYXQgZG9lc24ndCBoYXZlIGZzLXZlcml0eSBl bmFibGVkLgpIZXJl4oCZcyBhIG1vcmUgY29tcGxldGUgZXhhbXBsZToKCiAgICBwb2xpY3lfbmFt ZT3igJ1mcy1leGVjLW9ubHnigJ0gcG9saWN5X3ZlcnNpb249MC4wLjEKICAgIERFRkFVTFQgYWN0 aW9uPUFMTE9XCgogICAgREVGQVVMVCBvcD1FWEVDVVRFIGFjdGlvbj1ERU5ZCiAgICBvcD1FWEVD VVRFIGZzdmVyaXR5X2RpZ2VzdD08RGlnZXN0PiBhY3Rpb249REVOWQogICAgb3A9RVhFQ1VURSBm c3Zlcml0eV9zaWduYXR1cmU9VFJVRSBhY3Rpb249QUxMT1cKCkV4ZWN1dGlvbiBpcyBwcm9oaWJp dGVkIHVubGVzcyBpdCBpcyBhIHNpZ25lZCBmcy12ZXJpdHkgZmlsZTsKSG93ZXZlciwgYWZ0ZXIg b25lIG9mIHRob3NlIGV4ZWN1dGFibGVzIHdhcyBzaWduZWQgYW5kIHB1Ymxpc2hlZCwKYW4gZXhw bG9pdGFibGUgdnVsbmVyYWJpbGl0eSBpbiBzYWlkIGV4ZWN1dGFibGUgd2FzIGZvdW5kLCBhIG5l dwp2ZXJzaW9uIHdhcyBwdWJsaXNoZWQgd2l0aG91dCB0aGF0IHZ1bG5lcmFiaWxpdHkuIFdlIG5l ZWQgdG8KcmV2b2tlIHRydXN0IGZvciB0aGF0IGV4ZWN1dGFibGUgc2luY2UgaXQgY291bGQgYmUg dXNlZCB0byBleHBsb2l0CnRoZSBzeXN0ZW0sIHNvIHRoZSBmaXJzdCBydWxlIHByZXZlbnRzIGl0 IGZyb20gbWF0Y2hpbmcgdGhlIHNlY29uZC4KPj4gVGhpcyBicmluZ3MgbWUgdG8geW91ciBuZXh0 IGNvbW1lbnQ6Cj4+Cj4+PiBUaGUgZGlnZXN0IGlzbid0IG1lYW5pbmdmdWwgd2l0aG91dCBrbm93 aW5nIHRoZSBoYXNoIGFsZ29yaXRobSBpdCB1c2VzLgo+PiBJdCdzIGF2YWlsYWJsZSBoZXJlLCBi dXQgeW91IGFyZW4ndCBwYXNzaW5nIGl0IHRvIHRoaXMgZnVuY3Rpb24uCj4+Cj4+IFRoZSBkaWdl c3QgaXMgbWVhbmluZ2Z1bCB3aXRob3V0IHRoZSBhbGdvcml0aG0gaW4gdGhpcyBjYXNlLgo+IE5v LCBpdCdzIG5vdC4KPgo+IERpZ2VzdHMgYXJlIG1lYW5pbmdsZXNzIHdpdGhvdXQga25vd2luZyB3 aGF0IGFsZ29yaXRobSB0aGV5IHdlcmUgY3JlYXRlZCB3aXRoLgo+Cj4gSWYgeW91ciBzZWN1cml0 eSBwb2xpY3kgaXMgc29tZXRoaW5nIGxpa2UgIlRydXN0IHRoZSBmaWxlIHdpdGggZGlnZXN0ICRm b28iIGFuZAo+IG11bHRpcGxlIGhhc2ggYWxnb3JpdGhtcyBhcmUgcG9zc2libGUsIHRoZW4gdGhl IGFsb3JpdGhtIGludGVuZGVkIHRvIGJlIHVzZWQKPiBuZWVkcyB0byBiZSBleHBsaWNpdGx5IHNw ZWNpZmllZC4gIE90aGVyd2lzZSBhbnkgYWxnb3JpdGhtIHdpdGggdGhlIHNhbWUgbGVuZ3RoCj4g ZGlnZXN0IHdpbGwgYmUgYWNjZXB0ZWQuICBUaGF0J3MgYSBmYXRhbCBmbGF3IGlmIGFueSBvZiB0 aGVzZSBhbGdvcml0aG1zIGlzCj4gY3J5cHRvZ3JhcGhpY2FsbHkgYnJva2VuIG9yIHdhcyBuZXZl ciBpbnRlbmRlZCB0byBiZSBhIGNyeXB0b2dyYXBoaWMgYWxnb3JpdGhtCj4gaW4gdGhlIGZpcnN0 IHBsYWNlIChlLmcuLCBhIG5vbi1jcnlwdG9ncmFwaGljIGNoZWNrc3VtKS4KPgo+IENyeXB0b3N5 c3RlbXMgYWx3YXlzIG5lZWQgdG8gc3BlY2lmeSB0aGUgY3J5cHRvIGFsZ29yaXRobShzKSB1c2Vk OyB0aGUgYWR2ZXJzYXJ5Cj4gbXVzdCBub3QgYmUgYWxsb3dlZCB0byBjaG9vc2UgdGhlIGFsZ29y aXRobXMuCk9vZi4gWW914oCZcmUgY29tcGxldGVseSByaWdodC4gVGhlIHBhcnQgSSB3YXMgbWlz c2luZyBpcyB0aGF0IGFzIHRpbWUgCmdvZXMgb24sCnRoZSBzZWN1cmUgc3RhdHVzIG9mIHRoZXNl IGNyeXB0b2dyYXBoaWMgYWxnb3JpdGhtcyB3aWxsIGNoYW5nZSwgYW5kIAp0aGVuIHdl4oCZbGwK bmVlZCBhIHdheSB0byBtaWdyYXRlIGJldHdlZW4gYWxnb3JpdGhtcy4gQWRkaXRpb25hbGx5LCB0 b29saW5nIGFuZCB0aGUgCmxpa2Ugd2lsbApsaWtlbHkgbmVlZCBhIHdheSB0byBpZGVudGlmeSB0 aGlzIGZyb20gdGhlIHBvbGljeSB0ZXh0IHdpdGhvdXQgCmNvbnN1bHRpbmcgYW55dGhpbmcKZWxz ZS4gVGhpcyBpcyBhIG1ham9yIG92ZXJzaWdodCBmb3IgZ2VuZXJhbCB1c2UsIHRoZSBzeXN0ZW0g dGhhdCB0aGlzIAp3YXMgb3JpZ2luYWxseQpkZXNpZ25lZCBmb3Igb25seSBoYWQgc3VwcG9ydCBm b3IgYSBzdWJzZXQgb2YgdGhlIHNoYTItZmFtaWx5IChhbGwgCnNlcGFyYXRlIGxlbmd0aHMpCnNv IEkgaGFkbuKAmXQgZXZlbiBjb25zaWRlcmVkIGl0LgoKSXQncyB0cml2aWFsIHRvIGNvcnJlY3Qg aW4gYSBtaW5pbWFsIGFtb3VudCBvZiBjb2RlLCBtYWtpbmcgdGhlIHBvbGljeSAKZXhwcmVzcyB0 aGUKZGlnZXN0IGxpa2Ugc286CgogICAgZnN2ZXJpdHlfZGlnZXN0PTxhbGdvPjo8ZGlnZXN0PgoK YW5kIGNoYW5nZSB0aGUgYXJndW1lbnQgcGFzc2VkIHRvIHRoZSBMU00gaG9vayB0byBhY2NlcHQg YSBzdHJ1Y3R1cmUgCmNvbnRhaW5pbmcgdGhlc2UKdHdvIGZpZWxkcy4KCj4gSSdtIG5vdCBzdXJl IGhvdyB0aGVzZSBwYXRjaGVzIGNhbiBiZSB0YWtlbiBzZXJpb3VzbHkgd2hlbiB0aGV5J3JlIGdl dHRpbmcgdGhpcwo+IHNvcnQgb2YgdGhpbmcgd3JvbmcuClRoYXQgc2FpZCwgSSwgcGVyc29uYWxs eSwgaG9wZSB0aGF0IGFuIGhvbmVzdCBtaXN0YWtlLCBpbiBhIHNlcmllcyAKc3VibWl0dGVkIGFz CmFuIFJGQyBzdWJtaXR0ZWQgaW4gZ29vZCBmYWl0aCwgaXMgbm90IGEgcmVhc29uIHRvIGRpc2Nv dW50IGFuIGVudGlyZSBwYXRjaApzZXJpZXMuCgpJIGhvcGUgeW91IGNvbnRpbnVlIHRvIHByb3Zp ZGUgZmVlZGJhY2ssIGFzIGl0IGlzIGludmFsdWFibGUgdG8gbWFraW5nIHRoaXMKc3lzdGVtIGJl dHRlciwgYW5kIG1ha2luZyBtZSwgcGVyc29uYWxseSwgYSBiZXR0ZXIgZGV2ZWxvcGVyLgo+Pj4+ ICsJCQkJCUZTX1ZFUklUWV9TSUdOQVRVUkVfU0VDX05BTUUsCj4+Pj4gKwkJCQkJc2lnbmF0dXJl LCBzaWdfc2l6ZSwgMCk7Cj4+PiBUaGlzIGlzIG9ubHkgZm9yIGZzLXZlcml0eSBidWlsdC1pbiBz aWduYXR1cmVzIHdoaWNoIGFyZW4ndCB0aGUgb25seSB3YXkgdG8gZG8KPj4+IHNpZ25hdHVyZXMg d2l0aCBmcy12ZXJpdHkuICBBcmUgeW91IHN1cmUgdGhpcyBpcyB3aGF0IHlvdSdyZSBsb29raW5n IGZvcj8KPj4gQ291bGQgeW91IGVsYWJvcmF0ZSBvbiB0aGUgb3RoZXIgc2lnbmF0dXJlIHR5cGVz IHRoYXQgY2FuIGJlIHVzZWQKPj4gd2l0aCBmcy12ZXJpdHk/IEnigJltIDk5JSBzdXJlIHRoaXMg aXMgd2hhdCBJ4oCZbSBsb29raW5nIGZvciBhcyB0aGlzCj4+IGlzIGEgc2lnbmF0dXJlIHZhbGlk YXRlZCBpbiB0aGUga2VybmVsIGFnYWluc3QgdGhlIGZzLXZlcml0eSBrZXlyaW5nCj4+IGFzIHBh cnQgb2YgdGhlIOKAnGZzdmVyaXR5IGVuYWJsZeKAnSB1dGlsaXR5Lgo+Pgo+PiBJdCdzIGltcG9y dGFudCB0aGF0IHRoZSBzaWduYXR1cmUgaXMgdmFsaWRhdGVkIGluIHRoZSBrZXJuZWwsIGFzCj4+ IHVzZXJzcGFjZSBpcyBjb25zaWRlcmVkIHVudHJ1c3RlZCB1bnRpbCB0aGUgc2lnbmF0dXJlIGlz IHZhbGlkYXRlZAo+PiBmb3IgdGhpcyBjYXNlLgo+Pgo+Pj4gQ2FuIHlvdSBlbGFib3JhdGUgb24g eW91ciB1c2UgY2FzZSBmb3IgZnMtdmVyaXR5IGJ1aWx0LWluIHNpZ25hdHVyZXMsCj4+IFN1cmUs IHNpZ25hdHVyZXMsIGxpa2UgZGlnZXN0cywgYWxzbyBwcm92aWRlIGEgd2F5IHRvIHByb3ZlIGlu dGVncml0eSwKPj4gYW5kIHRoZSB0cnVzdCBjb21wb25lbnQgY29tZXMgZnJvbSB0aGUgdmFsaWRh dGlvbiBhZ2FpbnN0IHRoZSBrZXlyaW5nLAo+PiBhcyBvcHBvc2VkIHRvIGEgZml4ZWQgdmFsdWUg aW4gSVBF4oCZcyBwb2xpY3kuIFRoZSB1c2UgY2FzZSBmb3IgZnMtdmVyaXR5Cj4+IGJ1aWx0LWlu IHNpZ25hdHVyZXMgaXMgdGhhdCB3ZSBoYXZlIGEgcncgZXh0NCBmaWxlc3lzdGVtIHRoYXQgaGFz IHNvbWUKPj4gZXhlY3V0YWJsZSBmaWxlcywgYW5kIHdlIHdhbnQgdG8gaGF2ZSBhIGV4ZWN1dGlv biBwb2xpY3kgKHRocm91Z2ggSVBFKQo+PiB0aGF0IG9ubHkgX3RydXN0ZWRfIGV4ZWN1dGFibGVz IGNhbiBydW4uIFBlcmYgaXMgaW1wb3J0YW50IGhlcmUsIGhlbmNlCj4+IGZzLXZlcml0eS4KPiBN b3N0IHVzZXJzIG9mIGZzLXZlcml0eSBidWlsdC1pbiBzaWduYXR1cmVzIGhhdmUgYWN0dWFsbHkg YmVlbiBlbmZvcmNpbmcgdGhlaXIKPiBzZWN1cml0eSBwb2xpY3kgaW4gdXNlcnNwYWNlLCBieSBj aGVja2luZyB3aGV0aGVyIHNwZWNpZmljIGZpbGVzIGhhdmUgdGhlCj4gZnMtdmVyaXR5IGJpdCBz ZXQgb3Igbm90LiAgU3VjaCB1c2VycyBjb3VsZCBqdXN0IHN0b3JlIGFuZCB2ZXJpZnkgc2lnbmF0 dXJlcyBpbgo+IHVzZXJzcGFjZSBpbnN0ZWFkLCB3aXRob3V0IGFueSBrZXJuZWwgaW52b2x2ZW1l bnQuICBTbyB0aGF0J3Mgd2hhdCBJJ3ZlIGJlZW4KPiByZWNvbW1lbmRpbmcgKHdpdGggbGltaXRl ZCBzdWNjZXNzLCB1bmZvcnR1bmF0ZWx5KS4KSSBiZWxpZXZlIHRoZSBkaWZmZXJlbmNlIGluIHNl Y3VyaXR5IG1vZGVscyBjb21lcyBmcm9tIHRoaXMgbGluZQooZW1waGFzaXMsIG1pbmUpOgoKID4g YnkgY2hlY2tpbmcgd2hldGhlciBfc3BlY2lmaWMgZmlsZXNfIGhhdmUgdGhlIGZzLXZlcml0eSBi aXQgc2V0IG9yIG5vdC4KCklQRSBwb2xpY3kgaXMgd3JpdHRlbiBieSBhIHN5c3RlbSBhdXRob3Ig d2hvIG93bnMgdGhlIHN5c3RlbSwgYnV0IG1heQpub3QgaGF2ZSAxMDAlIGNvbnRyb2wgb3ZlciBh bGwgb2YgdGhlIGFwcGxpY2F0aW9uIGNvZGUgcnVubmluZyBvbiB0aGUKc3lzdGVtLsKgIEluIHRo ZSBjYXNlIG9mIGFwcGxpY2F0aW9ucyB3aGljaCBhcmUgbm90IGF3YXJlIG9mIElQRSwgdGhlIHBv bGljeQpjYW4gc3RpbGwgZW5mb3JjZSB0aGF0IGFsbCBvZiB0aGUgY29kZSBydW5uaW5nIG9uIHRo ZSBzeXN0ZW0gaXMgdHJ1c3RlZC4KCkFuIGV4YW1wbGUgYXR0YWNrIG9mIHdoYXQgd2UncmUgdHJ5 aW5nIHRvIG1pdGlnYXRlOsKgIEEgaG9zdGlsZSBhY3Rvcgpjb3VsZCBkb3dubG9hZHMgYSBiaW5h cnkgb2ZmIHRoZSBpbnRlcm5ldCB3aXRoIGFsbCByZXF1aXJlZApkZXBlbmRlbmNpZXMgaW50byB0 bXBmcyBhbmQgcnVucyB0aGVpciBtYWxpY2lvdXMgZXhlY3V0YWJsZS4KCldpdGggdXMgdmFsaWRh dGluZyB0aGlzIGluZm9ybWF0aW9uIGluIHRoZSBrZXJuZWwsIGV2ZW4gaWYgdGhlIGF0dGFja2Vy CmRvd25sb2FkZWQgdGhlaXIgbWFsaWNpb3VzIGV4ZWN1dGFibGUgdG8gL3RtcCBhbmQgZXhlY3V0 ZWQgaXQsIGl0IHdvdWxkCnN0aWxsIGZhaWwgdG8gcGFzcyBwb2xpY3kgYW5kIGJlIGRlbmllZCwg YXMgdGhlIGtlcm5lbCBpcyB0aGUgY29tbW9uCmVudHJ5cG9pbnQgYWNyb3NzIGFsbCBleGVjdXRh Ymxlcy4KCk9wZXJhdGlvbmFsbHksIHRoaXMgX2NvdWxkXyBiZSBkb25lIGJ5IGRpZ2VzdCwgYnV0 IHRoZSBwb2xpY2llcyB3b3VsZApxdWlja2x5IGJlY29tZSBnaWdhbnRpYyBvbiBhIGNhcnRvb25p c2ggcHJvcG9ydGlvbiwgYXMgeW91J2xsIGhhdmUgdG8KYXV0aG9yaXplIGV2ZXJ5IHNpbmdsZSBl eGVjdXRhYmxlIGFuZCBkZXBlbmRlbmN5IGJ5IGRpZ2VzdCAtIGFuZAp0aGVyZSB3b3VsZCBiZSBh IGNvbXBsaWNhdGVkIHVwZGF0ZSBzdG9yeSBhcyB0aGUgcG9saWN5IHdvdWxkIGhhdmUgdG8KYmUg dXBkYXRlZCB0byBvbmJvYXJkIG5ldyBkaWdlc3RzLgoKQnkgdXNpbmcgc2lnbmF0dXJlcywgd2Ug Y2FuIHByZXZlbnQgdGhlIHBvbGljeSB1cGRhdGUsIGFuZCBrZWVwIHRoZQpwb2xpY3kgc2l6ZSBz bWFsbC4KCj4gSWYgeW91IHJlYWxseSBkbyBuZWVkIGluLWtlcm5lbCBzaWduYXR1cmUgdmVyaWZp Y2F0aW9uLCB0aGVuIHRoYXQgbWF5IGJlIGEKPiBsZWdpdGltYXRlIHVzZSBjYXNlIGZvciB0aGUg ZnMtdmVyaXR5IGJ1aWx0LWluIHNpZ25hdHVyZXMsIGFsdGhvdWdoIEkgZG8gd29uZGVyCj4gd2h5 IHlvdSBhcmVuJ3QgdXNpbmcgSU1BIGFuZCBpdHMgc2lnbmF0dXJlIG1lY2hhbmlzbSBpbnN0ZWFk Lgo+Cj4gLSBFcmljCgoKLS0KTGludXgtYXVkaXQgbWFpbGluZyBsaXN0CkxpbnV4LWF1ZGl0QHJl ZGhhdC5jb20KaHR0cHM6Ly9saXN0bWFuLnJlZGhhdC5jb20vbWFpbG1hbi9saXN0aW5mby9saW51 eC1hdWRpdA== From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id 99EDEC433EF for ; Tue, 26 Oct 2021 19:04:02 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by mail.kernel.org (Postfix) with ESMTP id 84AF16103C for ; Tue, 26 Oct 2021 19:04:02 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S238555AbhJZTGX (ORCPT ); Tue, 26 Oct 2021 15:06:23 -0400 Received: from linux.microsoft.com ([13.77.154.182]:56334 "EHLO linux.microsoft.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S238368AbhJZTGS (ORCPT ); Tue, 26 Oct 2021 15:06:18 -0400 Received: from [10.137.106.139] (unknown [131.107.159.11]) by linux.microsoft.com (Postfix) with ESMTPSA id 2A6E420A5C29; Tue, 26 Oct 2021 12:03:54 -0700 (PDT) DKIM-Filter: OpenDKIM Filter v2.11.0 linux.microsoft.com 2A6E420A5C29 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linux.microsoft.com; s=default; t=1635275034; bh=CpfYk836igqDoUQTiFnJrqG9YNeYd0h2icXWecLV0bk=; h=Date:From:Subject:To:Cc:References:In-Reply-To:From; b=ZViKJkN4UY9Yc0gS5sxY88yn6huX32kbojQl+7KSvjEx85E0KwloitsdVd9eoEpXS zWvHYtdmjIG6hB3GObByUI5befjkF37YYQv8BValpdzLl1JIHoHL5qhTLJDtmJPgvn 5l2bhcRZr5SlvyzbetzAH5MD+qniA6iggwrPhtr4= Message-ID: Date: Tue, 26 Oct 2021 12:03:53 -0700 MIME-Version: 1.0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:91.0) Gecko/20100101 Thunderbird/91.2.1 From: Deven Bowers Subject: Re: [RFC PATCH v7 12/16] fsverity|security: add security hooks to fsverity digest and signature To: Eric Biggers Cc: corbet@lwn.net, axboe@kernel.dk, agk@redhat.com, snitzer@redhat.com, tytso@mit.edu, paul@paul-moore.com, eparis@redhat.com, jmorris@namei.org, serge@hallyn.com, jannh@google.com, dm-devel@redhat.com, linux-doc@vger.kernel.org, linux-kernel@vger.kernel.org, linux-block@vger.kernel.org, linux-fscrypt@vger.kernel.org, linux-audit@redhat.com, linux-security-module@vger.kernel.org References: <1634151995-16266-1-git-send-email-deven.desai@linux.microsoft.com> <1634151995-16266-13-git-send-email-deven.desai@linux.microsoft.com> <9089bdb0-b28a-9fa0-c510-00fa275af621@linux.microsoft.com> Content-Language: en-US In-Reply-To: Content-Type: text/plain; charset=UTF-8; format=flowed Content-Transfer-Encoding: 8bit Precedence: bulk List-ID: X-Mailing-List: linux-block@vger.kernel.org On 10/15/2021 1:11 PM, Eric Biggers wrote: > On Fri, Oct 15, 2021 at 12:25:53PM -0700, Deven Bowers wrote: >> On 10/13/2021 12:24 PM, Eric Biggers wrote: >>> On Wed, Oct 13, 2021 at 12:06:31PM -0700,deven.desai@linux.microsoft.com wrote: >>>> From: Fan Wu >>>> >>>> Add security_inode_setsecurity to fsverity signature verification. >>>> This can let LSMs save the signature data and digest hashes provided >>>> by fsverity. >>> Can you elaborate on why LSMs need this information? >> The proposed LSM (IPE) of this series will be the only one to need >> this information at the  moment. IPE’s goal is to have provide >> trust-based access control. Trust and Integrity are tied together, >> as you cannot prove trust without proving integrity. > I think you mean authenticity, not integrity? I’ve heard a lot of people use these terms in overloaded ways. If we’re working with the definition of authenticity being “the property that a resource was _actually_ sent/created by a party”, and integrity being “the property that a resource was not modified from a point of time”, then yes. Though the statement isn’t false, though, because you’d need to prove integrity in the process of proving authenticity. If not, could you clarify what you mean by authenticity and integrity, so that we can use consistent definitions? > Also how does this differ from IMA? I know that IMA doesn't support fs-verity > file hashes, but that could be changed. Why not extend IMA to cover your use > case(s)? We looked at extending IMA to cover our requirements extensively the past year based on feedback the last time I posted these patches. We implemented a prototype that had half of our requirements, but found it resulted in a large change list that would result in a large amount of pain in respect to maintenance, in addition to other more architectural concerns about the implementation. We weren’t convinced it was the correct direction, for our needs. There was a presentation done at LSS 2021 around this prototype done by my colleague, Fan, who authored this patch and implemented the aforementioned prototype. In general, IMA provides a whole suite of amazing functionality when it comes to everything integrity, as the fs-verity documentation states itself: IMA specifies a system-wide policy that specifies which files are hashed and what to do with those hashes, such as log them, authenticate them, or add them to a measurement list. Instead, IPE provides a fine-tuned way to _only_ enforce an access control policy to these files based on the defined trust requirements in the policy, under various contexts, (you might have different requirements for what executes in a general purpose, versus loadable kernel modules, for example). It will never provide bother to log, measure, or revalidate these hashes because that’s not its purpose. This is why it belongs at the LSM layer instead of the integrity subsystem layer, as it is providing access control based on a policy, versus providing deep integrations with the actual integrity claim. IPE is trying to be agnostic to how precisely “trust” is provided, as opposed to be deeply integrated into the mechanism that provides “trust”. >> IPE needs the digest information to be able to compare a digest >> provided by the policy author, against the digest calculated by >> fsverity to make a decision on whether that specific file, represented >> by the digest is authorized for the actions specified in the policy. >> >> A more concrete example, if an IPE policy author writes: >> >>     op=EXECUTE fsverity_digest= action=DENY >> >> IPE takes the digest provided by this security hook, stores it >> in IPE's security blob on the inode. If this file is later >> executed, IPE compares the digest stored in the LSM blob, >> provided by this hook, against in the policy, if >> it matches, it denies the access, performing a revocation >> of that file. > Do you have a better example? This one is pretty useless since one can get > around it just by executing a file that doesn't have fs-verity enabled. Here’s a more complete example: policy_name=”fs-exec-only” policy_version=0.0.1 DEFAULT action=ALLOW DEFAULT op=EXECUTE action=DENY op=EXECUTE fsverity_digest= action=DENY op=EXECUTE fsverity_signature=TRUE action=ALLOW Execution is prohibited unless it is a signed fs-verity file; However, after one of those executables was signed and published, an exploitable vulnerability in said executable was found, a new version was published without that vulnerability. We need to revoke trust for that executable since it could be used to exploit the system, so the first rule prevents it from matching the second. >> This brings me to your next comment: >> >>> The digest isn't meaningful without knowing the hash algorithm it uses. >> It's available here, but you aren't passing it to this function. >> >> The digest is meaningful without the algorithm in this case. > No, it's not. > > Digests are meaningless without knowing what algorithm they were created with. > > If your security policy is something like "Trust the file with digest $foo" and > multiple hash algorithms are possible, then the alorithm intended to be used > needs to be explicitly specified. Otherwise any algorithm with the same length > digest will be accepted. That's a fatal flaw if any of these algorithms is > cryptographically broken or was never intended to be a cryptographic algorithm > in the first place (e.g., a non-cryptographic checksum). > > Cryptosystems always need to specify the crypto algorithm(s) used; the adversary > must not be allowed to choose the algorithms. Oof. You’re completely right. The part I was missing is that as time goes on, the secure status of these cryptographic algorithms will change, and then we’ll need a way to migrate between algorithms. Additionally, tooling and the like will likely need a way to identify this from the policy text without consulting anything else. This is a major oversight for general use, the system that this was originally designed for only had support for a subset of the sha2-family (all separate lengths) so I hadn’t even considered it. It's trivial to correct in a minimal amount of code, making the policy express the digest like so: fsverity_digest=: and change the argument passed to the LSM hook to accept a structure containing these two fields. > I'm not sure how these patches can be taken seriously when they're getting this > sort of thing wrong. That said, I, personally, hope that an honest mistake, in a series submitted as an RFC submitted in good faith, is not a reason to discount an entire patch series. I hope you continue to provide feedback, as it is invaluable to making this system better, and making me, personally, a better developer. >>>> + FS_VERITY_SIGNATURE_SEC_NAME, >>>> + signature, sig_size, 0); >>> This is only for fs-verity built-in signatures which aren't the only way to do >>> signatures with fs-verity. Are you sure this is what you're looking for? >> Could you elaborate on the other signature types that can be used >> with fs-verity? I’m 99% sure this is what I’m looking for as this >> is a signature validated in the kernel against the fs-verity keyring >> as part of the “fsverity enable” utility. >> >> It's important that the signature is validated in the kernel, as >> userspace is considered untrusted until the signature is validated >> for this case. >> >>> Can you elaborate on your use case for fs-verity built-in signatures, >> Sure, signatures, like digests, also provide a way to prove integrity, >> and the trust component comes from the validation against the keyring, >> as opposed to a fixed value in IPE’s policy. The use case for fs-verity >> built-in signatures is that we have a rw ext4 filesystem that has some >> executable files, and we want to have a execution policy (through IPE) >> that only _trusted_ executables can run. Perf is important here, hence >> fs-verity. > Most users of fs-verity built-in signatures have actually been enforcing their > security policy in userspace, by checking whether specific files have the > fs-verity bit set or not. Such users could just store and verify signatures in > userspace instead, without any kernel involvement. So that's what I've been > recommending (with limited success, unfortunately). I believe the difference in security models comes from this line (emphasis, mine): > by checking whether _specific files_ have the fs-verity bit set or not. IPE policy is written by a system author who owns the system, but may not have 100% control over all of the application code running on the system.  In the case of applications which are not aware of IPE, the policy can still enforce that all of the code running on the system is trusted. An example attack of what we're trying to mitigate:  A hostile actor could downloads a binary off the internet with all required dependencies into tmpfs and runs their malicious executable. With us validating this information in the kernel, even if the attacker downloaded their malicious executable to /tmp and executed it, it would still fail to pass policy and be denied, as the kernel is the common entrypoint across all executables. Operationally, this _could_ be done by digest, but the policies would quickly become gigantic on a cartoonish proportion, as you'll have to authorize every single executable and dependency by digest - and there would be a complicated update story as the policy would have to be updated to onboard new digests. By using signatures, we can prevent the policy update, and keep the policy size small. > If you really do need in-kernel signature verification, then that may be a > legitimate use case for the fs-verity built-in signatures, although I do wonder > why you aren't using IMA and its signature mechanism instead. > > - Eric