Re: [PATCH 0/4] ima: support fs-verity signatures stored as

[PATCH 0/4] ima: support fs-verity signatures stored as · Mimi Zohar <zohar@linux.ibm.com> · 2021-11-29
[PATCH 3/4] ima: limit including fs-verity's file digest in measurement list · Mimi Zohar <zohar@linux.ibm.com> · 2021-11-29
Re: [PATCH 3/4] ima: limit including fs-verity's file digest in measurement list · Eric Biggers <ebiggers@kernel.org> · 2021-11-30
Re: [PATCH 3/4] ima: limit including fs-verity's file digest in measurement list · Mimi Zohar <zohar@linux.ibm.com> · 2021-11-30
Re: [PATCH 3/4] ima: limit including fs-verity's file digest in measurement list · Lakshmi Ramasubramanian <hidden> · 2021-11-30
[PATCH 2/4] ima: define a new signature type named IMA_VERITY_DIGSIG · Mimi Zohar <zohar@linux.ibm.com> · 2021-11-29
Re: [PATCH 2/4] ima: define a new signature type named IMA_VERITY_DIGSIG · Eric Biggers <ebiggers@kernel.org> · 2021-11-30
Re: [PATCH 2/4] ima: define a new signature type named IMA_VERITY_DIGSIG · Mimi Zohar <zohar@linux.ibm.com> · 2021-11-30
Re: [PATCH 2/4] ima: define a new signature type named IMA_VERITY_DIGSIG · Mimi Zohar <zohar@linux.ibm.com> · 2021-12-02
Re: [PATCH 2/4] ima: define a new signature type named IMA_VERITY_DIGSIG · Eric Biggers <ebiggers@kernel.org> · 2021-12-02
Re: [PATCH 2/4] ima: define a new signature type named IMA_VERITY_DIGSIG · Mimi Zohar <zohar@linux.ibm.com> · 2021-12-02
[PATCH 4/4] ima: support fs-verity file digest based signatures · Mimi Zohar <zohar@linux.ibm.com> · 2021-11-29
Re: [PATCH 4/4] ima: support fs-verity file digest based signatures · Lakshmi Ramasubramanian <hidden> · 2021-11-30
Re: [PATCH 4/4] ima: support fs-verity file digest based signatures · Mimi Zohar <zohar@linux.ibm.com> · 2021-11-30
[PATCH 1/4] fs-verity: define a function to return the integrity protected file digest · Mimi Zohar <zohar@linux.ibm.com> · 2021-11-29
Re: [PATCH 1/4] fs-verity: define a function to return the integrity protected file digest · kernel test robot <hidden> · 2021-11-29
Re: [PATCH 1/4] fs-verity: define a function to return the integrity protected file digest · kernel test robot <hidden> · 2021-11-29
Re: [PATCH 1/4] fs-verity: define a function to return the integrity protected file digest · Eric Biggers <ebiggers@kernel.org> · 2021-11-30
Re: [PATCH 1/4] fs-verity: define a function to return the integrity protected file digest · Lakshmi Ramasubramanian <hidden> · 2021-11-30
Re: [PATCH 1/4] fs-verity: define a function to return the integrity protected file digest · Eric Biggers <ebiggers@kernel.org> · 2021-11-30
Re: [PATCH 0/4] ima: support fs-verity signatures stored as · Eric Biggers <ebiggers@kernel.org> · 2021-11-30
Re: [PATCH 0/4] ima: support fs-verity signatures stored as · Mimi Zohar <zohar@linux.ibm.com> · 2021-11-30
Re: [PATCH 0/4] ima: support fs-verity signatures stored as · Mimi Zohar <zohar@linux.ibm.com> · 2021-11-30

From: Mimi Zohar <zohar@linux.ibm.com>
Date: 2021-11-30 12:56:37
Also in: linux-fscrypt, lkml

On Mon, 2021-11-29 at 18:36 -0800, Eric Biggers wrote:

On Mon, Nov 29, 2021 at 12:00:53PM -0500, Mimi Zohar wrote:

quoted

Support for fs-verity file digests in IMA was discussed from the beginning,
prior to fs-verity being upstreamed[1,2].  This patch set adds signature
verification support based on the fs-verity file digest.  Both the
file digest and the signature must be included in the IMA measurement list
in order to disambiguate the type of file digest.

[1] https://events19.linuxfoundation.org/wp-content/uploads/2017/11/fs-verify_Mike-Halcrow_Eric-Biggers.pdf
[2] Documentation/filesystems/fsverity.rst

Mimi Zohar (4):
  fs-verity: define a function to return the integrity protected file
    digest
  ima: define a new signature type named IMA_VERITY_DIGSIG
  ima: limit including fs-verity's file digest in measurement list
  ima: support fs-verity file digest based signatures

 fs/verity/fsverity_private.h              |  6 ---
 fs/verity/measure.c                       | 49 +++++++++++++++++++++++
 include/linux/fsverity.h                  | 17 ++++++++
 security/integrity/ima/ima.h              |  3 +-
 security/integrity/ima/ima_api.c          | 23 ++++++++++-
 security/integrity/ima/ima_appraise.c     |  9 ++++-
 security/integrity/ima/ima_main.c         |  7 +++-
 security/integrity/ima/ima_template_lib.c |  3 +-
 security/integrity/integrity.h            |  1 +
 9 files changed, 107 insertions(+), 11 deletions(-)

I left some comments, but this generally looks like the right approach.
However, I'm not an expert in IMA, so it's hard for me to review the IMA parts.

Thank you for the quick review!

Can you add documentation for this feature?

Yes, of course.  Originally I assumed the fs-verity support would be a
lot more complicated, but to my pleasant surprise by limiting the IMA
fsverity support to just signatures and requiring the file signature be
included in the IMA measurement list, it's a lot simpler than expected.
As there aren't any IMA policy changes, I'm just thinking about where
to document it.

thanks,

Mimi

`h`	back out one level
`j`	next message in thread
`k`	previous message in thread
`l`	drill in
`Esc`	close help / fold thread tree
`?`	toggle this help