Received: by 10.223.176.46 with SMTP id f43csp1850267wra;
        Thu, 25 Jan 2018 00:50:19 -0800 (PST)
X-Google-Smtp-Source: AH8x2262EBTElU9VhVVOV8P+o+kOKMxiYKndIv3nhP/XHSR0Tug8f7/UT0XALGDtwNBv7oy13FvD
X-Received: by 10.98.194.212 with SMTP id w81mr15112235pfk.232.1516870218980;
        Thu, 25 Jan 2018 00:50:18 -0800 (PST)
ARC-Seal: i=1; a=rsa-sha256; t=1516870218; cv=none;
        d=google.com; s=arc-20160816;
        b=NfvEDmtNZJyzZUC1hJ0V1+8e1WZMYN9lpe3OTbN1oU2zoOBbDRsgABP0PlvkStKJFm
         Fc3pw2cxv23uKri32x6kJCm39jFahgjjx5mJjtO+PkGZ5gS60AD9j85KKrc8juydYhsZ
         m1I3XAZuZQZqXbG3LphQD6FQIuw7SkuzEjYEVZmTGfQNHXPAL52zfJG8jD0/Yi72Uvwl
         8B1YhMBtIHn/kkbL1oKDKpts5MlKKUSdStIszHNY5L2TaTTaaeWNi+jM/n3d5UH6wIRD
         scqUVGxEtdiDrkBGbiA7XxfeJIvOWcHWdRuerNq+hPHT5Bbej1nTknkmSMPwn49Nn4aS
         sxJg==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816;
        h=list-id:precedence:sender:to:references:message-id
         :content-transfer-encoding:cc:date:in-reply-to:from:subject
         :mime-version:arc-authentication-results;
        bh=221S59UhhOe4wVNnOWDPcLej7j1DJHeSDRC+sS/9qMM=;
        b=aur5QndT0slEes5ZGkLJ/MWhEsmFYNtctpkpgqZ4NRiuYkJYBn5SklcX/82OUrFda2
         /MwqpiUS4p9CAR0EgEyeaPSjgm+7gi/4pkDoU4aPqJxqa7L+116rrx7Z6rmH1xZXqe27
         +M/8BK+2HU2VaZqs3xwh8KQVXnuH1P9IuYGKfroQ8N6jDn07fKgc0e3Oy2emyuhXoKOh
         J3558/LFMNTahrH0qPOg74V6zByZ+wZFJdewwrTLligeloCEN9w7Cd1si9r7RbGFSKuu
         1IRHJzZ1lTgKBQT9MQkL19EHjSu0p+bj5KIMmcpu5ZtCD0rPNLCFdUBMcU5esYmFPrM1
         z1tA==
ARC-Authentication-Results: i=1; mx.google.com;
       spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org
Return-Path: <linux-kernel-owner@vger.kernel.org>
Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67])
        by mx.google.com with ESMTP id ay2-v6si1614838plb.664.2018.01.25.00.50.04;
        Thu, 25 Jan 2018 00:50:18 -0800 (PST)
Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67;
Authentication-Results: mx.google.com;
       spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S1751398AbeAYIth convert rfc822-to-8bit (ORCPT
        <rfc822;marvinzhang.kernel@gmail.com> + 99 others);
        Thu, 25 Jan 2018 03:49:37 -0500
Received: from lilium.sigma-star.at ([109.75.188.150]:45836 "EHLO
        lilium.sigma-star.at" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
        with ESMTP id S1751318AbeAYItg (ORCPT
        <rfc822;linux-kernel@vger.kernel.org>);
        Thu, 25 Jan 2018 03:49:36 -0500
Received: from localhost (localhost [127.0.0.1])
        by lilium.sigma-star.at (Postfix) with ESMTP id CF209181878AA;
        Thu, 25 Jan 2018 09:49:34 +0100 (CET)
X-Virus-Scanned: amavisd-new at lilium.sigma-star.at
Content-Type: text/plain;
        charset=us-ascii
Mime-Version: 1.0 (Mac OS X Mail 11.2 \(3445.5.20\))
Subject: Re: [RFC] UBIFS authentication
From:   David Gstir <david@sigma-star.at>
In-Reply-To: <E6D3BD02-AF3A-4B75-92FD-A8A07B4C9C51@sigma-star.at>
Date:   Thu, 25 Jan 2018 09:49:32 +0100
Cc:     Richard Weinberger <richard@nod.at>, linux-kernel@vger.kernel.org,
        kernel@pengutronix.de
Content-Transfer-Encoding: 8BIT
Message-Id: <AF303146-8E37-48B2-B9DF-8C3193138EFA@sigma-star.at>
References: <E6D3BD02-AF3A-4B75-92FD-A8A07B4C9C51@sigma-star.at>
To:     linux-fscrypt@vger.kernel.org, linux-fsdevel@vger.kernel.org,
        linux-mtd@lists.infradead.org
X-Mailer: Apple Mail (2.3445.5.20)
Sender: linux-kernel-owner@vger.kernel.org
Precedence: bulk
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org

Hi!

> On 17.01.2018, at 16:19, David Gstir <david@sigma-star.at> wrote:
> 
> Hi everybody!
> 
> Richard and I have been working on extending UBIFS' security features and came
> up with the following concept to add full file contents and metadata authentication.
> 
> For block devices like eMMCs dm-crypt and dm-verity/dm-integrity can be used to
> get full data confidentiality and authenticity, but for raw flash or more
> specifically UBIFS, existing options are not ideal:
> 
> One option is to use eCryptfs with some out-of-tree patches that add AEAD cipher
> (AES-GCM) support, but does not look like there was much progress recently [1].
> 
> Another option is to use IMA/EVM as described by Marc Kleine-Budde in his
> ELCE 2016 talk [2], but this just protects the file payload and some attributes
> and not the full filesystem data structures.
> 
> A short overview of existing options is also given here [3].
> 
> Due to the design of UBIFS it is actually a bit easier than on other filesystems
> to authenticate its data structures and ensure consistency of on-flash data.
> 
> I've attached the whitepaper below and also published it here [4].
> 
> Comments are welcome. :)

*ping*

Did anybody get a chance to look at this yet, or is everybody still busy with Meltdown and Spectre? ;D

Thanks,
David