On Mon, 2021-11-29 at 18:33 -0800, Eric Biggers wrote:

On Mon, Nov 29, 2021 at 12:00:55PM -0500, Mimi Zohar wrote:

quoted

To differentiate between a regular file hash and an fs-verity file digest
based signature stored as security.ima xattr, define a new signature type
named IMA_VERITY_DIGSIG.

Signed-off-by: Mimi Zohar <zohar@linux.ibm.com>

For this new signature type, what bytes are actually signed?  It looks like it's
just the raw digest, which isn't sufficient since it is ambiguous.  It needs to
include information that makes it clear what the signer is actually signing,
such as "this is an fs-verity SHA-256 file digest".  See
'struct fsverity_formatted_digest' for an example of this (but it isn't
necessary to use that exact structure).

I think the existing IMA signatures have the same problem (but it is hard for me
to understand the code).  However, a new signature type doesn't have
backwards-compatibility concerns, so it could be done right.

As this change should probably be applicable to all signature types,
the signature version in the  signature_v2_hdr should be bumped.  The
existing signature version could co-exist with the new signature
version.

thanks,

Mimi