* [Buildroot] [PATCH 2/2] fs/squashfs: enable squashfs to generate a verity hashtable [not found] ` <1521752805-17690-2-git-send-email-ben.whitten@gmail.com> @ 2018-03-22 21:34 ` Yann E. MORIN 2018-03-22 22:32 ` Peter Korsgaard 0 siblings, 1 reply; 3+ messages in thread From: Yann E. MORIN @ 2018-03-22 21:34 UTC (permalink / raw) To: buildroot Ben, All, On 2018-03-22 21:06 +0000, Ben Whitten spake thusly: > For those times that you want to verify that your readonly filesystem > hasn't been tampered we can generate a dm-verity hash table. > The root hash is enclosed in .table file and must be secured else where. I don't think this should belong to the squashfs filesystem. From what I understand, veritysetup is filesystem-agnostic, and can do the hash checksums on any image (even a r/w filesystem as long as it is mounted r/o for example). My position is that this should be done in a post-image script. Otherwise, we'd have to add support for other types of similar concepts: someone will want to crypto-sign the images, then someone will want to encrypt the image, then... then... The post-image scripts are there to fill this fuctionality: do local fixups and tweaks after the images have been generated. Of course, this is only my position. Others may disagree... But IIRC we already had a similar discussion in the past, and the conclusion was to move such tings in a post-image script, so... Regards, Yann E. MORIN. > Signed-off-by: Ben Whitten <ben.whitten@gmail.com> > --- > fs/squashfs/Config.in | 6 ++++++ > fs/squashfs/squashfs.mk | 10 ++++++++++ > 2 files changed, 16 insertions(+) > > diff --git a/fs/squashfs/Config.in b/fs/squashfs/Config.in > index ca9ddb2..d435249 100644 > --- a/fs/squashfs/Config.in > +++ b/fs/squashfs/Config.in > @@ -28,4 +28,10 @@ config BR2_TARGET_ROOTFS_SQUASHFS4_XZ > bool "xz" > > endchoice > + > +config BR2_TARGET_ROOTFS_SQUASHFS_VERITY > + bool "Generate verity hashtable" > + help > + As squashfs is readonly it is possible to generate a dm-verity > + hashtable for use in verified boot systems. > endif > diff --git a/fs/squashfs/squashfs.mk b/fs/squashfs/squashfs.mk > index 51abd5d..8fe09c8 100644 > --- a/fs/squashfs/squashfs.mk > +++ b/fs/squashfs/squashfs.mk > @@ -5,6 +5,9 @@ > ################################################################################ > > ROOTFS_SQUASHFS_DEPENDENCIES = host-squashfs > +ifeq ($(BR2_TARGET_ROOTFS_SQUASHFS_VERITY),y) > +ROOTFS_SQUASHFS_DEPENDENCIES += host-cryptsetup > +endif > > ROOTFS_SQUASHFS_ARGS = -noappend -processors $(PARALLEL_JOBS) > > @@ -24,4 +27,11 @@ define ROOTFS_SQUASHFS_CMD > $(HOST_DIR)/bin/mksquashfs $(TARGET_DIR) $@ $(ROOTFS_SQUASHFS_ARGS) > endef > > +ifeq ($(BR2_TARGET_ROOTFS_SQUASHFS_VERITY),y) > +define ROOTFS_SQUASHFS_VERITY > + $(HOST_DIR)/sbin/veritysetup format $@ $@.verity > $@.verity.table > +endef > +ROOTFS_SQUASHFS_POST_GEN_HOOKS += ROOTFS_SQUASHFS_VERITY > +endif > + > $(eval $(rootfs)) > -- > 2.7.4 > -- .-----------------.--------------------.------------------.--------------------. | Yann E. MORIN | Real-Time Embedded | /"\ ASCII RIBBON | Erics' conspiracy: | | +33 662 376 056 | Software Designer | \ / CAMPAIGN | ___ | | +33 223 225 172 `------------.-------: X AGAINST | \e/ There is no | | http://ymorin.is-a-geek.org/ | _/*\_ | / \ HTML MAIL | v conspiracy. | '------------------------------^-------^------------------^--------------------' ^ permalink raw reply [flat|nested] 3+ messages in thread
* [Buildroot] [PATCH 2/2] fs/squashfs: enable squashfs to generate a verity hashtable 2018-03-22 21:34 ` [Buildroot] [PATCH 2/2] fs/squashfs: enable squashfs to generate a verity hashtable Yann E. MORIN @ 2018-03-22 22:32 ` Peter Korsgaard [not found] ` <CAF3==itWkWN+u97nMs+RFxq_e6qiZPKxoutQsQ0DsDgexNfy+A@mail.gmail.com> 0 siblings, 1 reply; 3+ messages in thread From: Peter Korsgaard @ 2018-03-22 22:32 UTC (permalink / raw) To: buildroot >>>>> "Yann" == Yann E MORIN <yann.morin.1998@free.fr> writes: > Ben, All, > On 2018-03-22 21:06 +0000, Ben Whitten spake thusly: >> For those times that you want to verify that your readonly filesystem >> hasn't been tampered we can generate a dm-verity hash table. >> The root hash is enclosed in .table file and must be secured else where. Strange, I don't seem to have received the original patch? > I don't think this should belong to the squashfs filesystem. > From what I understand, veritysetup is filesystem-agnostic, and can do > the hash checksums on any image (even a r/w filesystem as long as it is > mounted r/o for example). > My position is that this should be done in a post-image script. I agree! It is quite simple to enable the host-cryptsetup package and call veritysetup format in a post-image script, but there is quite some flexibility in how to use dm-verity (data/hash block size, hashes appended to image or in a separate partition, where to store toplevel hash and offset, ..) which makes it hard to integrate as kconfig options. -- Bye, Peter Korsgaard ^ permalink raw reply [flat|nested] 3+ messages in thread
[parent not found: <CAF3==itWkWN+u97nMs+RFxq_e6qiZPKxoutQsQ0DsDgexNfy+A@mail.gmail.com>]
* [Buildroot] [PATCH 2/2] fs/squashfs: enable squashfs to generate a verity hashtable [not found] ` <CAF3==itWkWN+u97nMs+RFxq_e6qiZPKxoutQsQ0DsDgexNfy+A@mail.gmail.com> @ 2018-03-23 17:22 ` Yann E. MORIN 0 siblings, 0 replies; 3+ messages in thread From: Yann E. MORIN @ 2018-03-23 17:22 UTC (permalink / raw) To: buildroot Ben, All, On 2018-03-23 09:32 +0000, Ben Whitten spake thusly: > On Thu, 22 Mar 2018 at 22:32 Peter Korsgaard <peter@korsgaard.com> wrote: > > >>>>> "Yann" == Yann E MORIN <yann.morin.1998@free.fr> writes: > > > On 2018-03-22 21:06 +0000, Ben Whitten spake thusly: > > >> For those times that you want to verify that your readonly filesystem > > >> hasn't been tampered we can generate a dm-verity hash table. > > >> The root hash is enclosed in .table file and must be secured else where. > > > > Strange, I don't seem to have received the original patch? > I think the mailing list ate it as I was not a subscriber at the time. > Only the CC went to Yann. Did you subscribe now? ;-) > > > My position is that this should be done in a post-image script. > > I agree! [--SNIP--] > Thats fair enough, here is possibly not the right place for it. > I guess its a question of how much should be put into post processing. > Generating this after the image means that I'd need to roll ubinize manually > per device instead of using the settings in KConfig, which seems a bit messy. So, you meant that ubinize can use that .table output from verifysetup generates? > The other patch that was eaten decoupled ubi from ubifs to allow this. Yeah, I still need to have a look at that patch. I already have a few comments about it, but please, repost both to the list so that everyone can see them and understand the replies... Regards, Yann E. MORIN. -- .-----------------.--------------------.------------------.--------------------. | Yann E. MORIN | Real-Time Embedded | /"\ ASCII RIBBON | Erics' conspiracy: | | +33 662 376 056 | Software Designer | \ / CAMPAIGN | ___ | | +33 223 225 172 `------------.-------: X AGAINST | \e/ There is no | | http://ymorin.is-a-geek.org/ | _/*\_ | / \ HTML MAIL | v conspiracy. | '------------------------------^-------^------------------^--------------------' ^ permalink raw reply [flat|nested] 3+ messages in thread
end of thread, other threads:[~2018-03-23 17:22 UTC | newest]
Thread overview: 3+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
[not found] <1521752805-17690-1-git-send-email-ben.whitten@gmail.com>
[not found] ` <1521752805-17690-2-git-send-email-ben.whitten@gmail.com>
2018-03-22 21:34 ` [Buildroot] [PATCH 2/2] fs/squashfs: enable squashfs to generate a verity hashtable Yann E. MORIN
2018-03-22 22:32 ` Peter Korsgaard
[not found] ` <CAF3==itWkWN+u97nMs+RFxq_e6qiZPKxoutQsQ0DsDgexNfy+A@mail.gmail.com>
2018-03-23 17:22 ` Yann E. MORIN
This is a public inbox, see mirroring instructions for how to clone and mirror all data and code used for this inbox