Received: by 10.223.185.116 with SMTP id b49csp2247665wrg;
        Sat, 17 Feb 2018 16:19:09 -0800 (PST)
X-Google-Smtp-Source: AH8x226f/DjGjvxnM/w3U2FfUiHvIpydpK1xLwpR5FTlEuR1D/M6zLy7xM6Vv58RRHe1DhQA2aTI
X-Received: by 10.99.103.69 with SMTP id b66mr8656768pgc.233.1518913149626;
        Sat, 17 Feb 2018 16:19:09 -0800 (PST)
ARC-Seal: i=1; a=rsa-sha256; t=1518913149; cv=none;
        d=google.com; s=arc-20160816;
        b=r7LQQA4PyBqNqk198PEMxhyygbcUpYBV/hxBhsvx/T3fI99x4/xuoV4QHYLHpeECvm
         ncJ7EeMHp+htM1dAVMFV1vTXo06V+bz3xqCW4+H/61eM7i2inhmfDmVzlE4lkVmcJHD9
         6L5E0X1+d1bGVgBOc6HVwkXjWGlT15+yhY101J6ffOyU9j5lIbH17PSoW0x0DJHv08Z/
         JuqtjDa4LXM2Y8255Q3sqSJfnvHn71JO708M1T5l6JCknXzQPocao/kHdrly+dJvjs8B
         GErdc/suQdQAizwjd2mo914ecD+6P/cPGGhOONIBPYCIABklZu3zb6sQSdnucdMC4SvN
         nthQ==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816;
        h=list-id:precedence:sender:message-id:content-transfer-encoding
         :mime-version:references:in-reply-to:date:cc:to:from:subject
         :arc-authentication-results;
        bh=fG/YiDnCqnvtwrqC7m7uwoQ5cN6U8tpOWG6tMoMu54M=;
        b=tP7tAhbgV4rhrhGGI/jZxamCAfFYbTTCOZV++MeMFVR03GTV+ReDE51pu66iJyhEZP
         ZrWPsc0WUZMiQ4Ccn/+rroW7GyYI9tq/8p27SH84BW0hLAEKvwJJMkRbycQH3tM/19DM
         hUVsS4SHuuT0hQWB+1YDdBmzEssLKyLAcbRSO7x5NLHamsky059CPw8Pvqn0gtOCnhLT
         uxcr0UgjHnl/ngnPAoqgQOEj20e21AkLPzcdT6jtligWxBoqDWYPrfaeKRCX35vF/WQV
         RQ+0rqGzRyGmi4uW1t81X4sKTyMAstOn5r8eV5MSNDGGrjvqDHVjbt3mmyUZIT+IF4vB
         NT+g==
ARC-Authentication-Results: i=1; mx.google.com;
       spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
       dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=ibm.com
Return-Path: <linux-kernel-owner@vger.kernel.org>
Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67])
        by mx.google.com with ESMTP id t3si3267829pgp.222.2018.02.17.16.18.14;
        Sat, 17 Feb 2018 16:19:09 -0800 (PST)
Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67;
Authentication-Results: mx.google.com;
       spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
       dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=ibm.com
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S1751247AbeBRAPY (ORCPT <rfc822;morganleezd2003@gmail.com>
        + 99 others); Sat, 17 Feb 2018 19:15:24 -0500
Received: from mx0b-001b2d01.pphosted.com ([148.163.158.5]:43160 "EHLO
        mx0a-001b2d01.pphosted.com" rhost-flags-OK-OK-OK-FAIL)
        by vger.kernel.org with ESMTP id S1751083AbeBRAPX (ORCPT
        <rfc822;linux-kernel@vger.kernel.org>);
        Sat, 17 Feb 2018 19:15:23 -0500
Received: from pps.filterd (m0098417.ppops.net [127.0.0.1])
        by mx0a-001b2d01.pphosted.com (8.16.0.22/8.16.0.22) with SMTP id w1I0ETnR075958
        for <linux-kernel@vger.kernel.org>; Sat, 17 Feb 2018 19:15:22 -0500
Received: from e06smtp12.uk.ibm.com (e06smtp12.uk.ibm.com [195.75.94.108])
        by mx0a-001b2d01.pphosted.com with ESMTP id 2g6h5gb0cc-1
        (version=TLSv1.2 cipher=AES256-SHA bits=256 verify=NOT)
        for <linux-kernel@vger.kernel.org>; Sat, 17 Feb 2018 19:15:22 -0500
Received: from localhost
        by e06smtp12.uk.ibm.com with IBM ESMTP SMTP Gateway: Authorized Use Only! Violators will be prosecuted
        for <linux-kernel@vger.kernel.org> from <zohar@linux.vnet.ibm.com>;
        Sun, 18 Feb 2018 00:15:20 -0000
Received: from b06cxnps4075.portsmouth.uk.ibm.com (9.149.109.197)
        by e06smtp12.uk.ibm.com (192.168.101.142) with IBM ESMTP SMTP Gateway: Authorized Use Only! Violators will be prosecuted;
        Sun, 18 Feb 2018 00:15:15 -0000
Received: from d06av25.portsmouth.uk.ibm.com (d06av25.portsmouth.uk.ibm.com [9.149.105.61])
        by b06cxnps4075.portsmouth.uk.ibm.com (8.14.9/8.14.9/NCO v10.0) with ESMTP id w1I0FEsB34996460;
        Sun, 18 Feb 2018 00:15:14 GMT
Received: from d06av25.portsmouth.uk.ibm.com (unknown [127.0.0.1])
        by IMSVA (Postfix) with ESMTP id AD3D811C050;
        Sun, 18 Feb 2018 00:08:22 +0000 (GMT)
Received: from d06av25.portsmouth.uk.ibm.com (unknown [127.0.0.1])
        by IMSVA (Postfix) with ESMTP id 17BAE11C04C;
        Sun, 18 Feb 2018 00:08:21 +0000 (GMT)
Received: from localhost.localdomain (unknown [9.80.98.17])
        by d06av25.portsmouth.uk.ibm.com (Postfix) with ESMTP;
        Sun, 18 Feb 2018 00:08:20 +0000 (GMT)
Subject: Re: [PATCH v3 01/15] Documentation: add newcx initramfs format
 description
From:   Mimi Zohar <zohar@linux.vnet.ibm.com>
To:     "H. Peter Anvin" <hpa@zytor.com>,
        Taras Kondratiuk <takondra@cisco.com>,
        Al Viro <viro@zeniv.linux.org.uk>,
        Arnd Bergmann <arnd@arndb.de>, Rob Landley <rob@landley.net>,
        Jonathan Corbet <corbet@lwn.net>,
        James McMechan <james.w.mcmechan@gmail.com>
Cc:     initramfs@vger.kernel.org, Victor Kamensky <kamensky@cisco.com>,
        linux-doc@vger.kernel.org, linux-kernel@vger.kernel.org,
        linux-security-module@vger.kernel.org, xe-linux-external@cisco.com
Date:   Sat, 17 Feb 2018 19:15:12 -0500
In-Reply-To: <d69f329c-8365-bb0e-69ee-774cbea141b2@zytor.com>
References: <1518813234-5874-1-git-send-email-takondra@cisco.com>
         <1518813234-5874-2-git-send-email-takondra@cisco.com>
         <d69f329c-8365-bb0e-69ee-774cbea141b2@zytor.com>
Content-Type: text/plain; charset="UTF-8"
X-Mailer: Evolution 3.20.5 (3.20.5-1.fc24) 
Mime-Version: 1.0
Content-Transfer-Encoding: 8bit
X-TM-AS-GCONF: 00
x-cbid: 18021800-0008-0000-0000-000004D0D33D
X-IBM-AV-DETECTION: SAVI=unused REMOTE=unused XFE=unused
x-cbparentid: 18021800-0009-0000-0000-00001E63DB29
Message-Id: <1518912912.5667.277.camel@linux.vnet.ibm.com>
X-Proofpoint-Virus-Version: vendor=fsecure engine=2.50.10432:,, definitions=2018-02-17_09:,,
 signatures=0
X-Proofpoint-Spam-Details: rule=outbound_notspam policy=outbound score=0 priorityscore=1501
 malwarescore=0 suspectscore=0 phishscore=0 bulkscore=0 spamscore=0
 clxscore=1011 lowpriorityscore=0 impostorscore=0 adultscore=0
 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.0.1-1709140000
 definitions=main-1802180002
Sender: linux-kernel-owner@vger.kernel.org
Precedence: bulk
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org

On Fri, 2018-02-16 at 12:59 -0800, H. Peter Anvin wrote:
> On 02/16/18 12:33, Taras Kondratiuk wrote:
> > Many of the Linux security/integrity features are dependent on file
> > metadata, stored as extended attributes (xattrs), for making decisions.
> > These features need to be initialized during initcall and enabled as
> > early as possible for complete security coverage.
> > 
> > Initramfs (tmpfs) supports xattrs, but newc CPIO archive format does not
> > support including them into the archive.
> > 
> > This patch describes "extended" newc format (newcx) that is based on
> > newc and has following changes:
> > - extended attributes support
> > - increased size of filesize to support files >4GB
> > - increased mtime field size to have 64 bits of seconds and added a
> >   field for nanoseconds
> > - removed unused checksum field
> > 
> 
> If you are going to implement a new, non-backwards-compatible format,
> you shouldn't replicate the mistakes of the current format.  Specifically:
> 
> 1. The use of ASCII-encoded fixed-length numbers is an idiotic legacy
> from an era before there were any portable way of dealing with numbers
> with prespecified endianness.  If you are going to use ASCII, make them
> delimited so that they don't have fixed limits, or just use binary.
> 
> The cpio header isn't fixed size, so that argument goes away, in fact
> the only way to determine the end of the header is to scan forward.
> 
> 2. Alignment sensitivity!  Because there is no header length
> information, the above scan tells you where the header ends, but there
> is padding before the data, and the size of that padding is only defined
> by alignment.
> 
> 3. Inband encoding of EOF: if you actually have a filename "TRAILER!!!"
> you have problems.
> 
> But first, before you define a whole new format for which no tools exist
> (you will have to work with the maintainers of the GNU tools to add
> support) you should see how complex it would be to support the POSIX
> tar/pax format, which already has all the features you are seeking, and
> by now is well-supported.

The discussion about including xattrs in the initramfs didn't start
yesterday.  It's been on the list of measurement/appraisal gaps that
need to be closed for years.  Initially I planned on using tar, but at
the 2014 Kernel Summit I spoke with Al at length.  At the time, he was
very clear that tar is unnecessarily overly complicated and
recommended extending CPIO.

I took his advice.  Unfortunately, as soon as I posted an initial
patch set to include xattrs in CPIO, all of the problems with CPIO had
to be addressed before defining a new CPIO number.  Unfortunately,
this wasn't the only measurement/appraisal gap that needed to be
addressed.  I've been working on closing other gaps.

I'm really happy that someone has taken the time to work on this.
 Instead of derailing their attempt of extending CPIO to include
xattrs, I'd appreciate your making constructive suggestions.

Mimi