From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <SRS0=UiKI=IQ=saout.de=dm-crypt-bounces@kernel.org>
X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on
	aws-us-west-2-korg-lkml-1.web.codeaurora.org
X-Spam-Level: 
X-Spam-Status: No, score=-0.8 required=3.0 tests=BAYES_20,DKIM_INVALID,
	DKIM_SIGNED,MAILING_LIST_MULTI,SPF_HELO_NONE,SPF_PASS autolearn=no
	autolearn_force=no version=3.4.0
Received: from mail.kernel.org (mail.kernel.org [198.145.29.99])
	by smtp.lore.kernel.org (Postfix) with ESMTP id F2020C433DB
	for <dm-crypt@archiver.kernel.org>; Thu, 18 Mar 2021 03:21:46 +0000 (UTC)
Received: from mail.server123.net (mail.server123.net [78.46.64.186])
	(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
	(No client certificate requested)
	by mail.kernel.org (Postfix) with ESMTPS id 5B2B364EFD
	for <dm-crypt@archiver.kernel.org>; Thu, 18 Mar 2021 03:21:46 +0000 (UTC)
DMARC-Filter: OpenDMARC Filter v1.3.2 mail.kernel.org 5B2B364EFD
Authentication-Results: mail.kernel.org; dmarc=fail (p=none dis=none) header.from=kernel.org
Authentication-Results: mail.kernel.org; spf=pass smtp.mailfrom=dm-crypt-bounces@saout.de
X-Virus-Scanned: amavisd-new at saout.de
Authentication-Results: mail.server123.net (amavisd-new);
	dkim=pass (2048-bit key) header.d=kernel.org
Received-SPF: Pass (mailfrom) identity=mailfrom; client-ip=198.145.29.99; helo=mail.kernel.org; envelope-from=ebiggers@kernel.org; receiver=<UNKNOWN> 
X-Greylist: delayed 435 seconds by postgrey-1.37 at siona; Thu, 18 Mar 2021 04:18:45 CET
Received: from mail.kernel.org (mail.kernel.org [198.145.29.99])
	(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
	(No client certificate requested)
	by mail.server123.net (Postfix) with ESMTPS
	for <dm-crypt@saout.de>; Thu, 18 Mar 2021 04:18:44 +0100 (CET)
Received: by mail.kernel.org (Postfix) with ESMTPSA id 34FEE64E89;
	Thu, 18 Mar 2021 03:11:26 +0000 (UTC)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org;
	s=k20201202; t=1616037086;
	bh=/Vzg42hoPzRUo1btqFBSy+5duvY41prEHE0M7Bct8hQ=;
	h=Date:From:To:Cc:Subject:References:In-Reply-To:From;
	b=Ih1ttdwsP8zZKbqEjbjKHAvSfdC4Nbd0hI89gWqAizu1FBPbc1TsqnM3azjsKapzM
	 yGv7/Mcamr/qoB07jwHG58yMo+EpYy1FYvLt/GxO+gE4AU/EANS+XNRGGR6jcJalJK
	 GmqPuZfiVyZAXggpmX+X02jDMS0h768oDWroEPxKzwWqtX3NsZiG7P0kgmxGE93kRZ
	 +wRdKPvy7z17I2sVcy6uPXqFdR/PLNauzk1dsYKsAhiOqDcwBaTIMCJuaW0M1jEixw
	 q0lW3Gg2gkHFjulEqoAYnGVNYvlvq15j3gsm6Jtv13Q66Pthtd2b1BnpTRqrRH46xc
	 bPzmXqNujKovw==
Date: Wed, 17 Mar 2021 20:11:24 -0700
From: Eric Biggers <ebiggers@kernel.org>
To: Aditya Prakash <adiprakash@cs.stonybrook.edu>
Message-ID: <YFLE3Ct3CJrZ4yuB@sol.localdomain>
References: <CAA+CgzbKRQYVa=O6h-cnYpvBEyk4zEB17UkR8nVKnBxGQy6q+g@mail.gmail.com>
MIME-Version: 1.0
Content-Disposition: inline
In-Reply-To: <CAA+CgzbKRQYVa=O6h-cnYpvBEyk4zEB17UkR8nVKnBxGQy6q+g@mail.gmail.com>
Message-ID-Hash: NCGGZ2M6RGIIVSIYXEQVEDZ7ZVJZ4OYT
X-Message-ID-Hash: NCGGZ2M6RGIIVSIYXEQVEDZ7ZVJZ4OYT
X-MailFrom: ebiggers@kernel.org
X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; emergency; loop; banned-address; member-moderation; header-match-dm-crypt.saout.de-0; nonmember-moderation; administrivia; implicit-dest; max-recipients; max-size; news-moderation; no-subject; suspicious-header
CC: dm-crypt@saout.de
X-Mailman-Version: 3.3.2
Precedence: list
Subject: [dm-crypt] Re: [DM-Verity][HELP] Unlock Verity Target during runtime
List-Id: <dm-crypt.saout.de>
List-Help: <mailto:dm-crypt-request@saout.de?subject=help>
List-Post: <mailto:dm-crypt@saout.de>
List-Subscribe: <mailto:dm-crypt-join@saout.de>
List-Unsubscribe: <mailto:dm-crypt-leave@saout.de>
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit

On Wed, Mar 17, 2021 at 04:09:46PM -0700, Aditya Prakash wrote:
> Hi,
> I am trying to implement DM-Verity for the rootfs. However, I am not sure
> what the scope of DM Verity. I can see that given a root/sudo user, I can
> unload the verity target, write to rootfs and format and load it again, is
> it possible that this is normal that can be carried out using rootkits or
> any privileged app?
> Also, how can DM-Verity ensure that the system boots to correct rootfs if
> rootfs was changed after an OTA?
> Please help me to understand the actual scope of DM Verity
> 
> Thanks,
> AP

dm-verity's only job is to verify the contents of a block device against a root
hash which is provided by userspace when setting up the dm-verity target.

It's up to the userspace code setting up dm-verity to provide the "correct" root
hash -- for example, by verifying that the root hash is digitally signed by a
trusted source.

Take a look at how dm-verity is used in Verified Boot in Android and Chrome OS,
for example.  There are multiple components, and dm-verity is just one of them.

- Eric
_______________________________________________
dm-crypt mailing list -- dm-crypt@saout.de
To unsubscribe send an email to dm-crypt-leave@saout.de