Thread (36 messages) 36 messages, 6 authors, 2024-03-12

Re: [RFC PATCH v14 14/19] ipe: add support for dm-verity as a trust provider

From: Randy Dunlap <hidden>
Date: 2024-03-07 00:01:33
Also in: dm-devel, linux-block, linux-doc, linux-fscrypt, linux-integrity, lkml 


On 3/6/24 15:34, Fan Wu wrote:
+if SECURITY_IPE
+menu "IPE Trust Providers"
+
+config IPE_PROP_DM_VERITY
+	bool "Enable support for dm-verity volumes"
+	depends on DM_VERITY && DM_VERITY_VERIFY_ROOTHASH_SIG
+	help
+	  This option enables the properties 'dmverity_signature' and
+	  'dmverity_roothash' in IPE policy. These properties evaluates
	                                                      evaluate

+	  to TRUE when a file is evaluated against a dm-verity volume
+	  that was mounted with a signed root-hash or the volume's
+	  root hash matches the supplied value in the policy.
-- 
#Randy
Keyboard shortcuts
hback out one level
jnext message in thread
kprevious message in thread
ldrill in
Escclose help / fold thread tree
?toggle this help