Received: by 10.223.176.46 with SMTP id f43csp1850267wra; Thu, 25 Jan 2018 00:50:19 -0800 (PST) X-Google-Smtp-Source: AH8x2262EBTElU9VhVVOV8P+o+kOKMxiYKndIv3nhP/XHSR0Tug8f7/UT0XALGDtwNBv7oy13FvD X-Received: by 10.98.194.212 with SMTP id w81mr15112235pfk.232.1516870218980; Thu, 25 Jan 2018 00:50:18 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1516870218; cv=none; d=google.com; s=arc-20160816; b=NfvEDmtNZJyzZUC1hJ0V1+8e1WZMYN9lpe3OTbN1oU2zoOBbDRsgABP0PlvkStKJFm Fc3pw2cxv23uKri32x6kJCm39jFahgjjx5mJjtO+PkGZ5gS60AD9j85KKrc8juydYhsZ m1I3XAZuZQZqXbG3LphQD6FQIuw7SkuzEjYEVZmTGfQNHXPAL52zfJG8jD0/Yi72Uvwl 8B1YhMBtIHn/kkbL1oKDKpts5MlKKUSdStIszHNY5L2TaTTaaeWNi+jM/n3d5UH6wIRD scqUVGxEtdiDrkBGbiA7XxfeJIvOWcHWdRuerNq+hPHT5Bbej1nTknkmSMPwn49Nn4aS sxJg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:to:references:message-id :content-transfer-encoding:cc:date:in-reply-to:from:subject :mime-version:arc-authentication-results; bh=221S59UhhOe4wVNnOWDPcLej7j1DJHeSDRC+sS/9qMM=; b=aur5QndT0slEes5ZGkLJ/MWhEsmFYNtctpkpgqZ4NRiuYkJYBn5SklcX/82OUrFda2 /MwqpiUS4p9CAR0EgEyeaPSjgm+7gi/4pkDoU4aPqJxqa7L+116rrx7Z6rmH1xZXqe27 +M/8BK+2HU2VaZqs3xwh8KQVXnuH1P9IuYGKfroQ8N6jDn07fKgc0e3Oy2emyuhXoKOh J3558/LFMNTahrH0qPOg74V6zByZ+wZFJdewwrTLligeloCEN9w7Cd1si9r7RbGFSKuu 1IRHJzZ1lTgKBQT9MQkL19EHjSu0p+bj5KIMmcpu5ZtCD0rPNLCFdUBMcU5esYmFPrM1 z1tA== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id ay2-v6si1614838plb.664.2018.01.25.00.50.04; Thu, 25 Jan 2018 00:50:18 -0800 (PST) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1751398AbeAYIth convert rfc822-to-8bit (ORCPT + 99 others); Thu, 25 Jan 2018 03:49:37 -0500 Received: from lilium.sigma-star.at ([109.75.188.150]:45836 "EHLO lilium.sigma-star.at" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1751318AbeAYItg (ORCPT ); Thu, 25 Jan 2018 03:49:36 -0500 Received: from localhost (localhost [127.0.0.1]) by lilium.sigma-star.at (Postfix) with ESMTP id CF209181878AA; Thu, 25 Jan 2018 09:49:34 +0100 (CET) X-Virus-Scanned: amavisd-new at lilium.sigma-star.at Content-Type: text/plain; charset=us-ascii Mime-Version: 1.0 (Mac OS X Mail 11.2 \(3445.5.20\)) Subject: Re: [RFC] UBIFS authentication From: David Gstir In-Reply-To: Date: Thu, 25 Jan 2018 09:49:32 +0100 Cc: Richard Weinberger , linux-kernel@vger.kernel.org, kernel@pengutronix.de Content-Transfer-Encoding: 8BIT Message-Id: References: To: linux-fscrypt@vger.kernel.org, linux-fsdevel@vger.kernel.org, linux-mtd@lists.infradead.org X-Mailer: Apple Mail (2.3445.5.20) Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Hi! > On 17.01.2018, at 16:19, David Gstir wrote: > > Hi everybody! > > Richard and I have been working on extending UBIFS' security features and came > up with the following concept to add full file contents and metadata authentication. > > For block devices like eMMCs dm-crypt and dm-verity/dm-integrity can be used to > get full data confidentiality and authenticity, but for raw flash or more > specifically UBIFS, existing options are not ideal: > > One option is to use eCryptfs with some out-of-tree patches that add AEAD cipher > (AES-GCM) support, but does not look like there was much progress recently [1]. > > Another option is to use IMA/EVM as described by Marc Kleine-Budde in his > ELCE 2016 talk [2], but this just protects the file payload and some attributes > and not the full filesystem data structures. > > A short overview of existing options is also given here [3]. > > Due to the design of UBIFS it is actually a bit easier than on other filesystems > to authenticate its data structures and ensure consistency of on-flash data. > > I've attached the whitepaper below and also published it here [4]. > > Comments are welcome. :) *ping* Did anybody get a chance to look at this yet, or is everybody still busy with Meltdown and Spectre? ;D Thanks, David