From mboxrd@z Thu Jan 1 00:00:00 1970 From: Ted Ts'o Subject: Re: Ext4 data structures integrity Date: Thu, 29 Sep 2011 09:55:35 -0400 Message-ID: <20110929135535.GS19250@thunk.org> References: <20110928135626.GA19032@thunk.org> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Cc: Andreas Dilger , "linux-fsdevel@vger.kernel.org" To: "Kasatkin, Dmitry" Return-path: Received: from li9-11.members.linode.com ([67.18.176.11]:53014 "EHLO test.thunk.org" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1754657Ab1I2Nzh (ORCPT ); Thu, 29 Sep 2011 09:55:37 -0400 Content-Disposition: inline In-Reply-To: Sender: linux-fsdevel-owner@vger.kernel.org List-ID: On Thu, Sep 29, 2011 at 04:33:52PM +0300, Kasatkin, Dmitry wrote: > >> > >> There is work currently being done to add checksums for detecting filesystem corruption (see list archive). However, if the attacker can binary edit the underlying disk device then they can also edit the checksums (crc32c) at the same time. > >> > >> The only secure way to handle this would be a crypto checksum with a secret key. > > > > Can you please give me some links to it???? Darrick Wong has been sending patches to the linux-ext4 mailing for review to use crc32c to protect various parts of the file system metadata. There has been no work to the "crypto checksum with a secret key" bit; the hard part is where you would securely store the secret key so that only a trusted kernel has access to it. - Ted