Received: by 2002:a25:ab43:0:0:0:0:0 with SMTP id u61csp3759376ybi; Mon, 10 Jun 2019 16:29:00 -0700 (PDT) X-Google-Smtp-Source: APXvYqxqImqX3CuCHF9VUZscDAjzjDU38vQ3Wl7UKpJRpx9V+x1z0mXpC6oZBqYnopL/MCqTn+ZB X-Received: by 2002:a62:2ec4:: with SMTP id u187mr75872239pfu.84.1560209340456; Mon, 10 Jun 2019 16:29:00 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1560209340; cv=none; d=google.com; s=arc-20160816; b=bOiCuZ1NzgdW3pwPXbp8915PmBTcKHeJuR0w8BZcCvF95N3DUzlWg5/CgDvlaf8ptN ZyH2WaWPM5LfyeHU6Z2TsYMvg8bR+rRLgilrhKorDUC6sFQ7D9yzVTul2QJz7mYqIxqn L52qaDyIDlxBmIOV49H1FDNlXmDN+sDTs3D+pSlZUhC3gM8T6T1eMnY+7mVdzxoBQsHg D9LFd7e+UFAexBh2b0CkRXyDyb1Tx5zEOBmA2FjBj2ekkfVGuJo1weF9QLBxowdnMVs6 MxLtMCSSbfZV6osvhZ84McDVSghqXoV8uBz6bS0wL+jKY+IyiFZ5AMRRx/rQXtb2h4b1 PyRg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:mime-version:user-agent:references :message-id:in-reply-to:subject:cc:to:from:date; bh=kxEy9AkQaf8Wx2T4o8pfUjVVBN1+rhf3bXlJdyjnrfQ=; b=tpO3F0f/WawJIxidCSuBE2/Xfi8FSlITX7hq+oHMXmARB2RzsFBUauAv2blNNqhpM2 fvpTXO9Um2A1aGJoYmNGkqxgnOgFFly9L/NjAyAYbUteA63FCSVo65nEyiFKFLx6gXmi lnLVIu7GdOdjI3z9kYJCrbRl7kTXl3clftH1NZLA05IRU6ft4C5q7j2LKas4Z7kKrHag Ayq4N+3ZYML0daf6/AtHdSDtX6uHk0iGaIXd1RtMTecwMLxncD23dmZde+xVY0fyib6M FnmmzWYbT4uNzaIFFWb5lrM1RGMc0wwnsMf2l74zpG5i+0+Knc5cCpDW3fN7RYkZDe73 7Olg== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=linux.microsoft.com Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id a10si6663453pff.277.2019.06.10.16.28.43; Mon, 10 Jun 2019 16:29:00 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=linux.microsoft.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S2390574AbfFJX1W (ORCPT + 99 others); Mon, 10 Jun 2019 19:27:22 -0400 Received: from linux.microsoft.com ([13.77.154.182]:50240 "EHLO linux.microsoft.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S2390500AbfFJX1V (ORCPT ); Mon, 10 Jun 2019 19:27:21 -0400 Received: by linux.microsoft.com (Postfix, from userid 1029) id 2B7FD20B7194; Mon, 10 Jun 2019 16:27:21 -0700 (PDT) Received: from localhost (localhost [127.0.0.1]) by linux.microsoft.com (Postfix) with ESMTP id 25042311B1C8; Mon, 10 Jun 2019 16:27:21 -0700 (PDT) Date: Mon, 10 Jun 2019 16:27:21 -0700 (PDT) From: Jaskaran Singh Khurana X-X-Sender: jaskarankhurana@linuxonhyperv3.guj3yctzbm1etfxqx2vob5hsef.xx.internal.cloudapp.net To: Milan Broz cc: linux-security-module@vger.kernel.org, linux-kernel@vger.kernel.org, linux-integrity@vger.kernel.org, linux-fsdevel@vger.kernel.org, agk@redhat.com, snitzer@redhat.com, dm-devel@redhat.com, jmorris@namei.org, scottsh@microsoft.com, ebiggers@google.com, Mikulas Patocka Subject: Re: [RFC PATCH v3 1/1] Add dm verity root hash pkcs7 sig validation In-Reply-To: <54170d18-31c7-463d-10b5-9af8b666df0f@gmail.com> Message-ID: References: <20190607223140.16979-1-jaskarankhurana@linux.microsoft.com> <20190607223140.16979-2-jaskarankhurana@linux.microsoft.com> <54170d18-31c7-463d-10b5-9af8b666df0f@gmail.com> User-Agent: Alpine 2.21 (LRH 202 2017-01-01) MIME-Version: 1.0 Content-Type: text/plain; charset=US-ASCII; format=flowed Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Sat, 8 Jun 2019, Milan Broz wrote: > On 08/06/2019 00:31, Jaskaran Khurana wrote: >> The verification is to support cases where the roothash is not secured by > >> + key = request_key(&key_type_user, >> + key_desc, NULL); >> + if (IS_ERR(key)) >> + return PTR_ERR(key); > > You will need dependence on keyring here (kernel can be configured without it), > try to compile it without CONFIG_KEYS selected. > > I think it is ok that DM_VERITY_VERIFY_ROOTHASH_SIG can directly require CONFIG_KEYS. > (Add depends on CONFIG_KEYS in KConfig) > DM_VERITY_VERIFY_ROOTHASH_SIG selects SYSTEM_DATA_VERIFICATION and SYSTEM_DATA_VERIFICATION selects KEYS so we should be OK here. > > Thanks, > Milan > Thanks, Jaskaran.