Re: [PATCH 3/4] ima: limit including fs-verity's file digest in measurement list

[PATCH 0/4] ima: support fs-verity signatures stored as · Mimi Zohar <zohar@linux.ibm.com> · 2021-11-29
[PATCH 3/4] ima: limit including fs-verity's file digest in measurement list · Mimi Zohar <zohar@linux.ibm.com> · 2021-11-29
Re: [PATCH 3/4] ima: limit including fs-verity's file digest in measurement list · Eric Biggers <ebiggers@kernel.org> · 2021-11-30
Re: [PATCH 3/4] ima: limit including fs-verity's file digest in measurement list · Mimi Zohar <zohar@linux.ibm.com> · 2021-11-30
Re: [PATCH 3/4] ima: limit including fs-verity's file digest in measurement list · Lakshmi Ramasubramanian <hidden> · 2021-11-30
[PATCH 2/4] ima: define a new signature type named IMA_VERITY_DIGSIG · Mimi Zohar <zohar@linux.ibm.com> · 2021-11-29
Re: [PATCH 2/4] ima: define a new signature type named IMA_VERITY_DIGSIG · Eric Biggers <ebiggers@kernel.org> · 2021-11-30
Re: [PATCH 2/4] ima: define a new signature type named IMA_VERITY_DIGSIG · Mimi Zohar <zohar@linux.ibm.com> · 2021-11-30
Re: [PATCH 2/4] ima: define a new signature type named IMA_VERITY_DIGSIG · Mimi Zohar <zohar@linux.ibm.com> · 2021-12-02
Re: [PATCH 2/4] ima: define a new signature type named IMA_VERITY_DIGSIG · Eric Biggers <ebiggers@kernel.org> · 2021-12-02
Re: [PATCH 2/4] ima: define a new signature type named IMA_VERITY_DIGSIG · Mimi Zohar <zohar@linux.ibm.com> · 2021-12-02
[PATCH 4/4] ima: support fs-verity file digest based signatures · Mimi Zohar <zohar@linux.ibm.com> · 2021-11-29
Re: [PATCH 4/4] ima: support fs-verity file digest based signatures · Lakshmi Ramasubramanian <hidden> · 2021-11-30
Re: [PATCH 4/4] ima: support fs-verity file digest based signatures · Mimi Zohar <zohar@linux.ibm.com> · 2021-11-30
[PATCH 1/4] fs-verity: define a function to return the integrity protected file digest · Mimi Zohar <zohar@linux.ibm.com> · 2021-11-29
Re: [PATCH 1/4] fs-verity: define a function to return the integrity protected file digest · kernel test robot <hidden> · 2021-11-29
Re: [PATCH 1/4] fs-verity: define a function to return the integrity protected file digest · kernel test robot <hidden> · 2021-11-29
Re: [PATCH 1/4] fs-verity: define a function to return the integrity protected file digest · Eric Biggers <ebiggers@kernel.org> · 2021-11-30
Re: [PATCH 1/4] fs-verity: define a function to return the integrity protected file digest · Lakshmi Ramasubramanian <hidden> · 2021-11-30
Re: [PATCH 1/4] fs-verity: define a function to return the integrity protected file digest · Eric Biggers <ebiggers@kernel.org> · 2021-11-30
Re: [PATCH 0/4] ima: support fs-verity signatures stored as · Eric Biggers <ebiggers@kernel.org> · 2021-11-30
Re: [PATCH 0/4] ima: support fs-verity signatures stored as · Mimi Zohar <zohar@linux.ibm.com> · 2021-11-30
Re: [PATCH 0/4] ima: support fs-verity signatures stored as · Mimi Zohar <zohar@linux.ibm.com> · 2021-11-30

From: Mimi Zohar <zohar@linux.ibm.com>
Date: 2021-11-30 13:17:07
Also in: linux-fscrypt, lkml

Hi Eric,

On Mon, 2021-11-29 at 18:35 -0800, Eric Biggers wrote:

quoted

diff --git a/security/integrity/ima/ima_api.c b/security/integrity/ima/ima_api.c
index 42c6ff7056e6..179c7f0364c2 100644
--- a/security/integrity/ima/ima_api.c
+++ b/security/integrity/ima/ima_api.c

@@ -217,7 +217,8 @@ int ima_get_action(struct user_namespace *mnt_userns, struct inode *inode,
  */
 int ima_collect_measurement(struct integrity_iint_cache *iint,
                          struct file *file, void *buf, loff_t size,
-                         enum hash_algo algo, struct modsig *modsig)
+                         enum hash_algo algo, struct modsig *modsig,
+                         bool veritysig)

'veritysig' is being added here but it doesn't actually do anything.  It seems
this patchset is not split up correctly.

True, this patch just adds the plumbing.  Reversing 3 & 4 could result
in including the fs-verity digest, without the signature in the
measurement list.  The alternative is to squash patches 3 & 4.

thanks,

Mimi

`h`	back out one level
`j`	next message in thread
`k`	previous message in thread
`l`	drill in
`Esc`	close help / fold thread tree
`?`	toggle this help