[PATCH] Revert "fsverity: relax build time dependency on CRYPTO

fsverity.lists.linux.dev archive mirror
 help / color / mirror / Atom feed

* [PATCH] Revert "fsverity: relax build time dependency on CRYPTO_SHA256"
@ 2025-02-17 18:51 Eric Biggers
  2025-02-17 19:15 ` Ard Biesheuvel
  0 siblings, 1 reply; 2+ messages in thread
From: Eric Biggers @ 2025-02-17 18:51 UTC (permalink / raw)
  To: fsverity; +Cc: linux-crypto, Ard Biesheuvel, Herbert Xu

From: Eric Biggers <ebiggers@google.com>

This reverts commit e3a606f2c544b231f6079c8c5fea451e772e1139 because it
allows people to create broken configurations that enable FS_VERITY but
not SHA-256 support.

The commit did allow people to disable the generic SHA-256
implementation when it's not needed.  But that at best allowed saving a
bit of code.  In the real world people are unlikely to intentionally and
correctly make such a tweak anyway, as they tend to just be confused by
what all the different crypto kconfig options mean.

Of course we really need the crypto API to enable the correct
implementations automatically, but that's for a later fix.

Cc: Ard Biesheuvel <ardb@kernel.org>
Cc: Herbert Xu <herbert@gondor.apana.org.au>
Signed-off-by: Eric Biggers <ebiggers@google.com>
---
 fs/verity/Kconfig | 8 ++------
 1 file changed, 2 insertions(+), 6 deletions(-)

diff --git a/fs/verity/Kconfig b/fs/verity/Kconfig
index e1036e5353521..40569d3527a71 100644
--- a/fs/verity/Kconfig
+++ b/fs/verity/Kconfig
@@ -2,17 +2,13 @@
 
 config FS_VERITY
 	bool "FS Verity (read-only file-based authenticity protection)"
 	select CRYPTO
 	select CRYPTO_HASH_INFO
-	# SHA-256 is implied as it's intended to be the default hash algorithm.
+	# SHA-256 is selected as it's intended to be the default hash algorithm.
 	# To avoid bloat, other wanted algorithms must be selected explicitly.
-	# Note that CRYPTO_SHA256 denotes the generic C implementation, but
-	# some architectures provided optimized implementations of the same
-	# algorithm that may be used instead. In this case, CRYPTO_SHA256 may
-	# be omitted even if SHA-256 is being used.
-	imply CRYPTO_SHA256
+	select CRYPTO_SHA256
 	help
 	  This option enables fs-verity.  fs-verity is the dm-verity
 	  mechanism implemented at the file level.  On supported
 	  filesystems (currently ext4, f2fs, and btrfs), userspace can
 	  use an ioctl to enable verity for a file, which causes the

base-commit: 0ad2507d5d93f39619fc42372c347d6006b64319
-- 
2.48.1


^ permalink raw reply related	[flat|nested] 2+ messages in thread

* Re: [PATCH] Revert "fsverity: relax build time dependency on CRYPTO_SHA256"
  2025-02-17 18:51 [PATCH] Revert "fsverity: relax build time dependency on CRYPTO_SHA256" Eric Biggers
@ 2025-02-17 19:15 ` Ard Biesheuvel
  0 siblings, 0 replies; 2+ messages in thread
From: Ard Biesheuvel @ 2025-02-17 19:15 UTC (permalink / raw)
  To: Eric Biggers; +Cc: fsverity, linux-crypto, Herbert Xu

On Mon, 17 Feb 2025 at 19:51, Eric Biggers <ebiggers@kernel.org> wrote:
>
> From: Eric Biggers <ebiggers@google.com>
>
> This reverts commit e3a606f2c544b231f6079c8c5fea451e772e1139 because it
> allows people to create broken configurations that enable FS_VERITY but
> not SHA-256 support.
>
> The commit did allow people to disable the generic SHA-256
> implementation when it's not needed.  But that at best allowed saving a
> bit of code.  In the real world people are unlikely to intentionally and
> correctly make such a tweak anyway, as they tend to just be confused by
> what all the different crypto kconfig options mean.
>
> Of course we really need the crypto API to enable the correct
> implementations automatically, but that's for a later fix.
>
> Cc: Ard Biesheuvel <ardb@kernel.org>
> Cc: Herbert Xu <herbert@gondor.apana.org.au>
> Signed-off-by: Eric Biggers <ebiggers@google.com>
> ---
>  fs/verity/Kconfig | 8 ++------
>  1 file changed, 2 insertions(+), 6 deletions(-)
>

Acked-by: Ard Biesheuvel <ardb@kernel.org>

> diff --git a/fs/verity/Kconfig b/fs/verity/Kconfig
> index e1036e5353521..40569d3527a71 100644
> --- a/fs/verity/Kconfig
> +++ b/fs/verity/Kconfig
> @@ -2,17 +2,13 @@
>
>  config FS_VERITY
>         bool "FS Verity (read-only file-based authenticity protection)"
>         select CRYPTO
>         select CRYPTO_HASH_INFO
> -       # SHA-256 is implied as it's intended to be the default hash algorithm.
> +       # SHA-256 is selected as it's intended to be the default hash algorithm.
>         # To avoid bloat, other wanted algorithms must be selected explicitly.
> -       # Note that CRYPTO_SHA256 denotes the generic C implementation, but
> -       # some architectures provided optimized implementations of the same
> -       # algorithm that may be used instead. In this case, CRYPTO_SHA256 may
> -       # be omitted even if SHA-256 is being used.
> -       imply CRYPTO_SHA256
> +       select CRYPTO_SHA256
>         help
>           This option enables fs-verity.  fs-verity is the dm-verity
>           mechanism implemented at the file level.  On supported
>           filesystems (currently ext4, f2fs, and btrfs), userspace can
>           use an ioctl to enable verity for a file, which causes the
>
> base-commit: 0ad2507d5d93f39619fc42372c347d6006b64319
> --
> 2.48.1
>

^ permalink raw reply	[flat|nested] 2+ messages in thread

end of thread, other threads:[~2025-02-17 19:16 UTC | newest]

Thread overview: 2+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2025-02-17 18:51 [PATCH] Revert "fsverity: relax build time dependency on CRYPTO_SHA256" Eric Biggers
2025-02-17 19:15 ` Ard Biesheuvel

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).