Re: [PATCH v20 12/20] dm verity: expose root hash digest and signature data to LSMs

[PATCH v20 00/20] Integrity Policy Enforcement LSM (IPE) · Fan Wu <hidden> · 2024-08-03
[PATCH v20 07/20] security: add new securityfs delete function · Fan Wu <hidden> · 2024-08-03
[PATCH v20 05/20] initramfs|security: Add a security hook to do_populate_rootfs() · Fan Wu <hidden> · 2024-08-03
[PATCH v20 06/20] ipe: introduce 'boot_verified' as a trust provider · Fan Wu <hidden> · 2024-08-03
[PATCH v20 08/20] ipe: add userspace interface · Fan Wu <hidden> · 2024-08-03
[PATCH v20 10/20] ipe: add permissive toggle · Fan Wu <hidden> · 2024-08-03
[PATCH v20 09/20] uapi|audit|ipe: add ipe auditing support · Fan Wu <hidden> · 2024-08-03
[PATCH v20 14/20] security: add security_inode_setintegrity() hook · Fan Wu <hidden> · 2024-08-03
[PATCH v20 11/20] block|lsm: Add LSM blob and new LSM hooks for block devices · Fan Wu <hidden> · 2024-08-03
[PATCH v20 12/20] dm verity: expose root hash digest and signature data to LSMs · Fan Wu <hidden> · 2024-08-03
Re: [PATCH v20 12/20] dm verity: expose root hash digest and signature data to LSMs · Fan Wu <hidden> · 2024-08-08
Re: [PATCH v20 12/20] dm verity: expose root hash digest and signature data to LSMs · Paul Moore <paul@paul-moore.com> · 2024-08-15
Re: [PATCH v20 12/20] dm verity: expose root hash digest and signature data to LSMs · Mikulas Patocka <mpatocka@redhat.com> · 2024-08-16
Re: [PATCH v20 12/20] dm verity: expose root hash digest and signature data to LSMs · Fan Wu <hidden> · 2024-08-16
Re: [PATCH v20 12/20] dm verity: expose root hash digest and signature data to LSMs · Paul Moore <paul@paul-moore.com> · 2024-08-18
Re: [PATCH v20 12/20] dm verity: expose root hash digest and signature data to LSMs · Fan Wu <hidden> · 2024-08-19
Re: [PATCH v20 12/20] dm verity: expose root hash digest and signature data to LSMs · Paul Moore <paul@paul-moore.com> · 2024-08-19
[PATCH v20 13/20] ipe: add support for dm-verity as a trust provider · Fan Wu <hidden> · 2024-08-03
[PATCH v20 16/20] ipe: enable support for fs-verity as a trust provider · Fan Wu <hidden> · 2024-08-03
[PATCH v20 17/20] scripts: add boot policy generation program · Fan Wu <hidden> · 2024-08-03
[PATCH v20 20/20] MAINTAINERS: ipe: add ipe maintainer information · Fan Wu <hidden> · 2024-08-03
Re: [PATCH v20 20/20] MAINTAINERS: ipe: add ipe maintainer information · Paul Menzel <hidden> · 2024-08-03
Re: [PATCH v20 20/20] MAINTAINERS: ipe: add ipe maintainer information · Paul Moore <paul@paul-moore.com> · 2024-08-06
Re: [PATCH v20 20/20] MAINTAINERS: ipe: add ipe maintainer information · Paul Menzel <hidden> · 2024-08-07
Re: [PATCH v20 20/20] MAINTAINERS: ipe: add ipe maintainer information · Fan Wu <hidden> · 2024-08-07
Re: [PATCH v20 20/20] MAINTAINERS: ipe: add ipe maintainer information · Paul Moore <paul@paul-moore.com> · 2024-08-07
[PATCH v20 15/20] fsverity: expose verified fsverity built-in signatures to LSMs · Fan Wu <hidden> · 2024-08-03
Re: [PATCH v20 15/20] fsverity: expose verified fsverity built-in signatures to LSMs · Eric Biggers <ebiggers@kernel.org> · 2024-08-05
[PATCH v20 18/20] ipe: kunit test for parser · Fan Wu <hidden> · 2024-08-03
[PATCH v20 19/20] Documentation: add ipe documentation · Fan Wu <hidden> · 2024-08-03
[PATCH v20 03/20] ipe: add evaluation loop · Fan Wu <hidden> · 2024-08-03
Re: [PATCH v20 03/20] ipe: add evaluation loop · "Serge E. Hallyn" <serge@hallyn.com> · 2024-08-10
[PATCH v20 04/20] ipe: add LSM hooks on execution and kernel read · Fan Wu <hidden> · 2024-08-03
[PATCH v20 01/20] security: add ipe lsm · Fan Wu <hidden> · 2024-08-03
[PATCH v20 02/20] ipe: add policy parser · Fan Wu <hidden> · 2024-08-03
Re: [PATCH v20 02/20] ipe: add policy parser · "Serge E. Hallyn" <serge@hallyn.com> · 2024-08-10
Re: [PATCH v20 02/20] ipe: add policy parser · Fan Wu <hidden> · 2024-08-13
Re: [PATCH v20 02/20] ipe: add policy parser · Paul Moore <paul@paul-moore.com> · 2024-08-14
Re: [PATCH v20 02/20] ipe: add policy parser · Fan Wu <hidden> · 2024-08-14
Re: [PATCH v20 02/20] ipe: add policy parser · Paul Moore <paul@paul-moore.com> · 2024-08-15
Re: [PATCH v20 00/20] Integrity Policy Enforcement LSM (IPE) · Paul Moore <paul@paul-moore.com> · 2024-08-06
Re: [PATCH v20 00/20] Integrity Policy Enforcement LSM (IPE) · Paul Moore <paul@paul-moore.com> · 2024-08-20

From: Fan Wu <hidden>
Date: 2024-08-16 19:11:13
Also in: dm-devel, linux-block, linux-doc, linux-integrity, lkml


On 8/16/2024 6:35 AM, Mikulas Patocka wrote:


On Thu, 15 Aug 2024, Paul Moore wrote:

quoted

On Thu, Aug 8, 2024 at 6:38 PM Fan Wu [off-list ref] wrote:

quoted

Hi Mikulas,

I hope you’re doing well. I wanted to thank you again for your thorough
review for the last version. I’ve since made some minor updates for this
version, including adding more comments and refactoring the way the hash
algorithm name is obtained due to recent changes in dm-verity.

Would you mind if we keep the Review-by tag on the latest version since
the changes are minor? Your feedback is greatly valued, and I’d
appreciate it if you could take a quick look when you have a moment.

To add a bit more to this, this patchset now looks like it is in a
state where we would like to merge it into the LSM tree for the
upcoming merge window, but I would really like to make sure that the
device-mapper folks are okay with these changes; an
Acked-by/Reviewed-by on this patch would be appreciated, assuming you
are still okay with this patch.

For those who may be missing the context, the full patchset can be
found on lore at the link below:

https://lore.kernel.org/linux-security-module/1722665314-21156-1-git-send-email-wufan@linux.microsoft.com (local)

Hi

I'm not an expert in Linux security subsystems. I skimmed through the
dm-verity patch, didn't find anything wrong with it, so you can add

Reviewed-by: Mikulas Patocka <mpatocka@redhat.com>

Thank you for reviewing the patch and for your suggestion.

quoted

+#ifdef CONFIG_SECURITY
+     u8 *root_digest_sig;    /* signature of the root digest */
+#endif /* CONFIG_SECURITY */
       unsigned int salt_size;
       sector_t data_start;    /* data offset in 512-byte sectors */
       sector_t hash_start;    /* hash start in blocks */

@@ -58,6 +61,9 @@ struct dm_verity {
       bool hash_failed:1;     /* set if hash of any block failed */
       bool use_bh_wq:1;       /* try to verify in BH wq before normal work-queue */
       unsigned int digest_size;       /* digest size for the current hash algorithm */
+#ifdef CONFIG_SECURITY
+     unsigned int sig_size;  /* root digest signature size */
+#endif /* CONFIG_SECURITY */
       unsigned int hash_reqsize; /* the size of temporary space for crypto */
       enum verity_mode mode;  /* mode for handling verification errors */
       unsigned int corrupted_errs;/* Number of errors for corrupted blocks */

Just nit-picking: I would move "unsigned int sig_size" up, after "u8
*root_digest_sig" entry.

Mikulas

Sure, I can make these two fields together.

-Fan

`h`	back out one level
`j`	next message in thread
`k`	previous message in thread
`l`	drill in
`Esc`	close help / fold thread tree
`?`	toggle this help