linux-mtd.lists.infradead.org archive mirror
 help / color / mirror / Atom feed
From: Torben Hohn <torben.hohn@linutronix.de>
To: Richard Weinberger <richard@nod.at>
Cc: bigeasy <bigeasy@linutronix.de>,
	linux-mtd <linux-mtd@lists.infradead.org>,
	tglx <tglx@linutronix.de>, david <david@sigma-star.at>,
	Sascha Hauer <s.hauer@pengutronix.de>
Subject: Re: [PATCH v2 0/4] ubifs: support authentication without hmac
Date: Mon, 29 Jun 2020 11:13:31 +0200	[thread overview]
Message-ID: <20200629091331.GC17241@linutronix.de> (raw)
In-Reply-To: <1203806497.62586.1593182186554.JavaMail.zimbra@nod.at>

On Fri, Jun 26, 2020 at 04:36:26PM +0200, Richard Weinberger wrote:
> ----- Ursprüngliche Mail -----
> > I didn't dig deep into the code so far, I'm still checking the concept.
> > 
> > Your approach works only on pristine offline signed images from mkfs.ubifs.
> > So, if somebody does this, it won't work:
> > 
> > $ keyctl padd logon ubifs:authfs @s < secret.key
> > $ mount -t ubifs /dev/ubi0_0 /mnt/ -o
> > auth_hash_name=sha256,auth_key=ubifs:authfs
> > 
> > ... change the fs ...
> > 
> > $ umount /mnt
> > $ mount -t ubifs /dev/ubi0_0 /mnt/ -o auth_hash_name=sha256,ro
> > 
> > The ro mount will fail because UBIFS is no longer able to verify the super block
> > using the system key ring. It was overwritten by they ubifs:authfs key.
> > 
> > A possible solution is keeping a copy of the offline sign key forever in the fs.
> > But I'm not sure whether this is wise.
> 
> Or we change the feature from "ro mount without hmac" to "keep offline sign key and imply ro mount".
> IOW adding a new mount option such as "auth_keep_offlinekey". If mounted with this option
> UBIFS will not look for a hmac and enforce read-only mode.

Thats just another name for the same feature.
But it indeed seems to make the implications clearer.

And it porbably also makes the code easier to read.

> 
> Hmm?
> 
> Thanks,
> //richard

-- 
Torben Hohn
Linutronix GmbH | Bahnhofstrasse 3 | D-88690 Uhldingen-Mühlhofen
Phone: +49 7556 25 999 18; Fax.: +49 7556 25 999 99

Hinweise zum Datenschutz finden Sie hier (Informations on data privacy 
can be found here): https://linutronix.de/kontakt/Datenschutz.php

Linutronix GmbH | Firmensitz (Registered Office): Uhldingen-Mühlhofen | 
Registergericht (Registration Court): Amtsgericht Freiburg i.Br., HRB700 
806 | Geschäftsführer (Managing Directors): Heinz Egger, Thomas Gleixner

______________________________________________________
Linux MTD discussion mailing list
http://lists.infradead.org/mailman/listinfo/linux-mtd/

  reply	other threads:[~2020-06-29  9:14 UTC|newest]

Thread overview: 35+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2020-06-25 15:59 [PATCH 0/1] ubifs: support authentication without hmac Torben Hohn
2020-06-25 15:59 ` [PATCH 1/1] ubifs: support authentication, for ro mount, when no key is given Torben Hohn
2020-06-26  4:31   ` Sascha Hauer
2020-06-26  7:27     ` Torben Hohn
2020-06-26  7:53       ` Richard Weinberger
2020-06-26  8:10       ` Sascha Hauer
2020-06-26  9:39         ` Torben Hohn
2020-06-26  8:09 ` [PATCH 0/1] ubifs: support authentication without hmac Richard Weinberger
2020-06-29  6:46   ` Alexander Dahl
2020-06-29  7:04     ` Richard Weinberger
2020-06-29  7:48       ` Wolfgang Denk
2020-06-29  7:51         ` Richard Weinberger
2020-06-30  5:50           ` Wolfgang Denk
2020-06-30 13:36       ` Richard Weinberger
2020-06-30 14:36         ` Alexander Dahl
2020-06-26 11:29 ` [PATCH v2 0/4] " Torben Hohn
2020-06-26 11:29   ` [PATCH v2 1/4] ubifs: move #include "debug.h" above auth.c Torben Hohn
2020-06-26 11:29   ` [PATCH v2 2/4] ubifs: support authentication, for ro mount, when no key is given Torben Hohn
2020-06-26 11:29   ` [PATCH v2 3/4] ubifs: sprinkle ubifs_assert(c, !c->ro_mount) in hmac auth Torben Hohn
2020-06-26 11:29   ` [PATCH v2 4/4] ubifs: prevent remounting rw when no hmac key was given Torben Hohn
2020-06-26 12:27     ` Richard Weinberger
2020-06-29  8:53       ` Torben Hohn
2020-06-29 10:52         ` Richard Weinberger
2020-06-26 14:16   ` [PATCH v2 0/4] ubifs: support authentication without hmac Richard Weinberger
2020-06-26 14:36     ` Richard Weinberger
2020-06-29  9:13       ` Torben Hohn [this message]
2020-06-29  9:07     ` Torben Hohn
2020-06-29 10:46       ` Richard Weinberger
2020-07-02 14:40         ` Thomas Gleixner
2020-07-02 15:00           ` Richard Weinberger
2020-07-02 18:48             ` Thomas Gleixner
2020-07-02 19:03               ` Richard Weinberger
2020-07-03  8:16                 ` bigeasy
2020-07-03  8:20                   ` Richard Weinberger
2020-07-03  9:12                 ` Thomas Gleixner

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20200629091331.GC17241@linutronix.de \
    --to=torben.hohn@linutronix.de \
    --cc=bigeasy@linutronix.de \
    --cc=david@sigma-star.at \
    --cc=linux-mtd@lists.infradead.org \
    --cc=richard@nod.at \
    --cc=s.hauer@pengutronix.de \
    --cc=tglx@linutronix.de \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body. 
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).