Received: by 2002:a25:f815:0:0:0:0:0 with SMTP id u21csp4036718ybd; Tue, 25 Jun 2019 12:54:08 -0700 (PDT) X-Google-Smtp-Source: APXvYqxLqJMtEtJejd7VsdT2eByoy7ni9NEOU1Dja6oCS2YZifIFmvpjgdfTm/u9QkR6LtzyR6MD X-Received: by 2002:a63:550:: with SMTP id 77mr9316971pgf.341.1561492447921; Tue, 25 Jun 2019 12:54:07 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1561492447; cv=none; d=google.com; s=arc-20160816; b=laFtM2vmmsX3j7mITSMlpcVGkD3CvUu0lumnOTE93pFP7jO2cFsKG2uDO20BHN24Lb 9KQsMgXahEI8KFh5bnTeTl+/ZCou5uB+1KzhMUHRMzs5KVpyX1dOUiNWxP0Qmjix9N2b QPrOqf0qP3gI7Xh0EXTgByGHF3NinQGlmLpv7HZ/PV3rAflk+IMJCkpBc/vQS3Cezm+H 9lht9AT3lZQ92jvVkd9T0NTESdKQuPHHY/bcP8HKPe3tVDioLt9HELTYY6ywggScJOSB B67b8rU3Xw29ZYQzLoxX7RbLQJAcxQyiYgx5DfcO4z25PVNVSE1wy1PpUXdbGMv6w3Vn nf0g== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:user-agent:in-reply-to :content-disposition:mime-version:references:message-id:subject:cc :to:from:date; bh=QttirJ49SdFKH1m7ieWtkvHWvjnKOhgDR7uQbJZtJXE=; b=CrMm/wnQQZmGpbtGCv1WFK5lQApeCpNxT+fSGV4usTcv0m/yBUCAYZMf0PX5y65hf6 nz4Hcca4bi/tfd6A+bcATlqRKJFC1qpTjIf4vLCA6P8uz2mQ9MCvUoljdgA6v7YzjMix nuHRuuWBpgLlbm5x8DsZ5Ka7u+sXvTLdLvgfhdXJP3qS1G7pnAmJbslkkde6lhNknQj3 NXIv21wbpIJq8HCtd7eDrbRr0pJ8NZ2CANTq7d7ntINC7SH3sqGwRRgYKp9z3Qqxiq4+ Mg1sbPEKnqF78gZq/waPxODLV46JumrgPdfbnd90PpV+jiEnSwJDOw/VfD8iabH2RAZq qb7w== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=redhat.com Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id 62si1068678plb.258.2019.06.25.12.53.52; Tue, 25 Jun 2019 12:54:07 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=redhat.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1732895AbfFYSUW (ORCPT + 99 others); Tue, 25 Jun 2019 14:20:22 -0400 Received: from mx1.redhat.com ([209.132.183.28]:37294 "EHLO mx1.redhat.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1727138AbfFYSUW (ORCPT ); Tue, 25 Jun 2019 14:20:22 -0400 Received: from smtp.corp.redhat.com (int-mx08.intmail.prod.int.phx2.redhat.com [10.5.11.23]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mx1.redhat.com (Postfix) with ESMTPS id C107D223885; Tue, 25 Jun 2019 18:20:11 +0000 (UTC) Received: from localhost (unknown [10.18.25.174]) by smtp.corp.redhat.com (Postfix) with ESMTPS id 9BFC51972E; Tue, 25 Jun 2019 18:20:05 +0000 (UTC) Date: Tue, 25 Jun 2019 14:20:04 -0400 From: Mike Snitzer To: Jaskaran Khurana , gmazyland@gmail.com Cc: linux-security-module@vger.kernel.org, linux-kernel@vger.kernel.org, linux-integrity@vger.kernel.org, linux-fsdevel@vger.kernel.org, scottsh@microsoft.com, ebiggers@google.com, jmorris@namei.org, dm-devel@redhat.com, mpatocka@redhat.com, agk@redhat.com Subject: Re: [RFC PATCH v5 1/1] Add dm verity root hash pkcs7 sig validation. Message-ID: <20190625182004.GA32075@redhat.com> References: <20190619191048.20365-1-jaskarankhurana@linux.microsoft.com> <20190619191048.20365-2-jaskarankhurana@linux.microsoft.com> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <20190619191048.20365-2-jaskarankhurana@linux.microsoft.com> User-Agent: Mutt/1.5.21 (2010-09-15) X-Scanned-By: MIMEDefang 2.84 on 10.5.11.23 X-Greylist: Sender IP whitelisted, not delayed by milter-greylist-4.5.16 (mx1.redhat.com [10.5.110.39]); Tue, 25 Jun 2019 18:20:21 +0000 (UTC) Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Wed, Jun 19 2019 at 3:10pm -0400, Jaskaran Khurana wrote: > The verification is to support cases where the roothash is not secured by > Trusted Boot, UEFI Secureboot or similar technologies. > One of the use cases for this is for dm-verity volumes mounted after boot, > the root hash provided during the creation of the dm-verity volume has to > be secure and thus in-kernel validation implemented here will be used > before we trust the root hash and allow the block device to be created. > > The signature being provided for verification must verify the root hash and > must be trusted by the builtin keyring for verification to succeed. > > The hash is added as a key of type "user" and the description is passed to > the kernel so it can look it up and use it for verification. > > Kernel commandline parameter will indicate whether to check (only if > specified) or force (for all dm verity volumes) roothash signature > verification. > > Kernel commandline: dm_verity.verify_sig=1 or 2 for check/force root hash > signature validation respectively. > > Signed-off-by: Jaskaran Khurana Milan and/or others: could you please provide review and if you're OK with this patch respond accordingly? Thanks, Mike