Re: [PATCH RFC v10 12/17] ipe: add support for dm-verity as a trust provider

Linux FSCRYPT development
 help / color / mirror / Atom feed

From: Paul Moore <paul@paul-moore.com>
To: Fan Wu <wufan@linux.microsoft.com>,
	corbet@lwn.net, zohar@linux.ibm.com, jmorris@namei.org,
	serge@hallyn.com, tytso@mit.edu, ebiggers@kernel.org,
	axboe@kernel.dk, agk@redhat.com, snitzer@kernel.org,
	eparis@redhat.com
Cc: linux-doc@vger.kernel.org, linux-integrity@vger.kernel.org,
	linux-security-module@vger.kernel.org,
	linux-fscrypt@vger.kernel.org, linux-block@vger.kernel.org,
	dm-devel@redhat.com, audit@vger.kernel.org,
	roberto.sassu@huawei.com, linux-kernel@vger.kernel.org,
	Deven Bowers <deven.desai@linux.microsoft.com>,
	Fan Wu <wufan@linux.microsoft.com>
Subject: Re: [PATCH RFC v10 12/17] ipe: add support for dm-verity as a trust  provider
Date: Sat, 08 Jul 2023 01:37:02 -0400	[thread overview]
Message-ID: <f1e5890316985ff642d17201e28e9d11.paul@paul-moore.com> (raw)
In-Reply-To: <1687986571-16823-13-git-send-email-wufan@linux.microsoft.com>

On Jun 28, 2023 Fan Wu <wufan@linux.microsoft.com> wrote:
> 
> Allows author of IPE policy to indicate trust for a singular dm-verity
> volume, identified by roothash, through "dmverity_roothash" and all
> signed dm-verity volumes, through "dmverity_signature".
> 
> Signed-off-by: Deven Bowers <deven.desai@linux.microsoft.com>
> Signed-off-by: Fan Wu <wufan@linux.microsoft.com>
> ---
>  security/ipe/Kconfig         |  18 +++++
>  security/ipe/Makefile        |   1 +
>  security/ipe/audit.c         |  25 ++++++
>  security/ipe/digest.c        | 142 +++++++++++++++++++++++++++++++++++
>  security/ipe/digest.h        |  26 +++++++
>  security/ipe/eval.c          | 101 ++++++++++++++++++++++++-
>  security/ipe/eval.h          |  13 ++++
>  security/ipe/hooks.c         |  51 +++++++++++++
>  security/ipe/hooks.h         |   8 ++
>  security/ipe/ipe.c           |  15 ++++
>  security/ipe/ipe.h           |   4 +
>  security/ipe/policy.h        |   3 +
>  security/ipe/policy_parser.c |  21 ++++++
>  13 files changed, 427 insertions(+), 1 deletion(-)
>  create mode 100644 security/ipe/digest.c
>  create mode 100644 security/ipe/digest.h

...

> diff --git a/security/ipe/hooks.c b/security/ipe/hooks.c
> index 6f94f5c8a0c3..9651e582791e 100644
> --- a/security/ipe/hooks.c
> +++ b/security/ipe/hooks.c
> @@ -192,3 +195,51 @@ void ipe_sb_free_security(struct super_block *mnt_sb)
>  {
>  	ipe_invalidate_pinned_sb(mnt_sb);
>  }
> +
> +#ifdef CONFIG_IPE_PROP_DM_VERITY
> +/**
> + * ipe_bdev_free_security - free IPE's LSM blob of block_devices.
> + * @bdev: Supplies a pointer to a block_device that contains the structure
> + *	  to free.
> + */
> +void ipe_bdev_free_security(struct block_device *bdev)
> +{
> +	struct ipe_bdev *blob = ipe_bdev(bdev);
> +
> +	kfree(blob->digest);
> +	kfree(blob->digest_algo);
> +}
> +
> +/**
> + * ipe_bdev_setsecurity - save data from a bdev to IPE's LSM blob.
> + * @bdev: Supplies a pointer to a block_device that contains the LSM blob.
> + * @key: Supplies the string key that uniquely identifies the value.
> + * @value: Supplies the value to store.
> + * @len: The length of @value.
> + */
> +int ipe_bdev_setsecurity(struct block_device *bdev, const char *key,
> +			 const void *value, size_t len)
> +{
> +	struct ipe_bdev *blob = ipe_bdev(bdev);

Before you can interpret the @key value, you need to first determine
which type of block device you have been handed.  It is possible that
multiple block device types could share the same key with very
different meanings for that key, yes?

> +	if (!strcmp(key, DM_VERITY_ROOTHASH_SEC_NAME)) {
> +		const struct dm_verity_digest *digest = value;
> +
> +		blob->digest = kmemdup(digest->digest, digest->digest_len, GFP_KERNEL);
> +		if (!blob->digest)
> +			return -ENOMEM;
> +
> +		blob->digest_algo = kstrdup_const(digest->algo, GFP_KERNEL);
> +		if (!blob->digest_algo)
> +			return -ENOMEM;
> +
> +		blob->digest_len = digest->digest_len;
> +		return 0;
> +	} else if (!strcmp(key, DM_VERITY_SIGNATURE_SEC_NAME)) {
> +		blob->dm_verity_signed = true;
> +		return 0;
> +	}
> +
> +	return -EOPNOTSUPP;
> +}
> +#endif /* CONFIG_IPE_PROP_DM_VERITY */

--
paul-moore.com

next prev parent reply	other threads:[~2023-07-08  5:38 UTC|newest]

Thread overview: 45+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2023-06-28 21:09 [RFC PATCH v10 00/17] Integrity Policy Enforcement LSM (IPE) Fan Wu
2023-06-28 21:09 ` [RFC PATCH v10 01/17] security: add ipe lsm Fan Wu
2023-07-08  5:36   ` [PATCH RFC v10 1/17] " Paul Moore
     [not found]   ` <ffd5c67f4a9bf45df0ce95a8fe0932a3.paul@paul-moore.com>
2023-07-13 23:31     ` Fan Wu
2023-06-28 21:09 ` [RFC PATCH v10 02/17] ipe: add policy parser Fan Wu
2023-07-08  5:36   ` [PATCH RFC v10 2/17] " Paul Moore
     [not found]   ` <b2abfd3883dce682ee911413fea2ec66.paul@paul-moore.com>
2023-07-14  4:18     ` Fan Wu
2023-06-28 21:09 ` [RFC PATCH v10 03/17] ipe: add evaluation loop Fan Wu
2023-07-08  5:36   ` [PATCH RFC v10 3/17] " Paul Moore
     [not found]   ` <309cfd62a474a7e93be6a0886a3d5aa8.paul@paul-moore.com>
2023-07-14 20:28     ` Fan Wu
2023-06-28 21:09 ` [RFC PATCH v10 04/17] ipe: add LSM hooks on execution and kernel read Fan Wu
2023-07-08  5:36   ` [PATCH RFC v10 4/17] " Paul Moore
     [not found]   ` <cbe877b3905033d2b8c7c92e6d0cad4e.paul@paul-moore.com>
2023-07-14 21:47     ` Fan Wu
2023-06-28 21:09 ` [RFC PATCH v10 05/17] ipe: introduce 'boot_verified' as a trust provider Fan Wu
2023-07-08  5:36   ` [PATCH RFC v10 5/17] " Paul Moore
     [not found]   ` <7b0f16fd49fb3490af1018eba986d0e4.paul@paul-moore.com>
2023-07-14 23:56     ` Fan Wu
2023-06-28 21:09 ` [RFC PATCH v10 06/17] security: add new securityfs delete function Fan Wu
2023-07-08  5:36   ` [PATCH RFC v10 6/17] " Paul Moore
     [not found]   ` <80ae988288d2ac277a4429e85524a9bb.paul@paul-moore.com>
2023-07-14 23:59     ` Fan Wu
2023-06-28 21:09 ` [RFC PATCH v10 07/17] ipe: add userspace interface Fan Wu
2023-07-08  5:36   ` [PATCH RFC v10 7/17] " Paul Moore
     [not found]   ` <fcc5de3f153eb60b5acf799c159e6ec8.paul@paul-moore.com>
2023-07-15  3:26     ` Fan Wu
2023-08-01 19:29       ` Paul Moore
2023-06-28 21:09 ` [RFC PATCH v10 08/17] uapi|audit|ipe: add ipe auditing support Fan Wu
2023-07-08  5:37   ` [PATCH RFC v10 8/17] " Paul Moore
     [not found]   ` <ec09144af7c7109d8b457ceccd50ba7a.paul@paul-moore.com>
2023-07-15  3:57     ` Fan Wu
2023-08-01 19:24       ` Paul Moore
2023-06-28 21:09 ` [RFC PATCH v10 09/17] ipe: add permissive toggle Fan Wu
2023-07-08  5:37   ` [PATCH RFC v10 9/17] " Paul Moore
     [not found]   ` <85af33c02638ebb501b40fd0f3785b12.paul@paul-moore.com>
2023-07-15  4:00     ` Fan Wu
2023-06-28 21:09 ` [RFC PATCH v10 10/17] block|security: add LSM blob to block_device Fan Wu
2023-06-28 21:09 ` [RFC PATCH v10 11/17] dm-verity: consume root hash digest and signature data via LSM hook Fan Wu
2023-07-07 14:53   ` Mike Snitzer
2023-07-12  3:43     ` Fan Wu
2023-07-25 20:43       ` Paul Moore
2023-08-08 22:45         ` Fan Wu
2023-08-08 23:40           ` Alasdair G Kergon
2023-08-09 18:02             ` Fan Wu
2023-06-28 21:09 ` [RFC PATCH v10 12/17] ipe: add support for dm-verity as a trust provider Fan Wu
2023-07-08  5:37   ` Paul Moore [this message]
2023-06-28 21:09 ` [RFC PATCH v10 13/17] fsverity: consume builtin signature via LSM hook Fan Wu
2023-06-28 21:09 ` [RFC PATCH v10 14/17] ipe: enable support for fs-verity as a trust provider Fan Wu
2023-06-28 21:09 ` [RFC PATCH v10 15/17] scripts: add boot policy generation program Fan Wu
2023-06-28 21:09 ` [RFC PATCH v10 16/17] ipe: kunit test for parser Fan Wu
2023-06-28 21:09 ` [RFC PATCH v10 17/17] documentation: add ipe documentation Fan Wu

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=f1e5890316985ff642d17201e28e9d11.paul@paul-moore.com \
    --to=paul@paul-moore.com \
    --cc=agk@redhat.com \
    --cc=audit@vger.kernel.org \
    --cc=axboe@kernel.dk \
    --cc=corbet@lwn.net \
    --cc=deven.desai@linux.microsoft.com \
    --cc=dm-devel@redhat.com \
    --cc=ebiggers@kernel.org \
    --cc=eparis@redhat.com \
    --cc=jmorris@namei.org \
    --cc=linux-block@vger.kernel.org \
    --cc=linux-doc@vger.kernel.org \
    --cc=linux-fscrypt@vger.kernel.org \
    --cc=linux-integrity@vger.kernel.org \
    --cc=linux-kernel@vger.kernel.org \
    --cc=linux-security-module@vger.kernel.org \
    --cc=roberto.sassu@huawei.com \
    --cc=serge@hallyn.com \
    --cc=snitzer@kernel.org \
    --cc=tytso@mit.edu \
    --cc=wufan@linux.microsoft.com \
    --cc=zohar@linux.ibm.com \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox