Received: by 2002:a25:ad19:0:0:0:0:0 with SMTP id y25csp2403865ybi;
        Mon, 1 Jul 2019 11:24:51 -0700 (PDT)
X-Google-Smtp-Source: APXvYqxbsT9h9kVZ+y7cqGMTZZC+9UZsSuDdr/oZwQw4dqHxAiUoXQeAKvMt7tL0YVktKPWDC9+N
X-Received: by 2002:a63:61cb:: with SMTP id v194mr24529291pgb.95.1562005491699;
        Mon, 01 Jul 2019 11:24:51 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; t=1562005491; cv=none;
        d=google.com; s=arc-20160816;
        b=STujlLHj7finfpZeNSrN5aa+kZzxpj8sCmqEnP5pmZwjwKu/a1cZ8W1GSVL1Kj+24Y
         ZrmVXOGC6mHaigR6nuRLMDMBZVkUTiNVA23pO7yjpaOh1fgB4YeQp8lGN9yIaq9PHqQA
         NXR8ou9+rouJDM9WAbqY8b0ZXhxtBWwCNlIuP+PX0nPsUZNmnhUg8pElS/puS3jCB5nI
         hV7VFQX0XHrfUfHrs1NVO6qQ426FLyTyQ9fPgW98g8zoFKeUcCHBQRO+RHSt2phU15ms
         s6mnyyhZBnDXfcFfCi5txfTavWzXtUVpGPNk6xKTrITkoD1Yog3RGoEEAdpnUZqhbRGP
         cQGQ==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816;
        h=list-id:precedence:sender:message-id:date:subject:cc:to:from;
        bh=e5n7CW6Bcn8d2GK5XYNZ+k5KJ64guZzHutjIxN7Q0Sw=;
        b=bqhBllU2p0aTRMPa8GYYs7FtRw505HkSGdUs70ZIQnW/4560I23NRP78uNr6eY+NTX
         qpz3fiOHyBeollNY4mKKvetO2qICYmwdIcmNVQymNGTIYfhkwuWOqvqqy8M0K2tnN4Ru
         P2Bni1ot0SfzMgjKXjmUarEB2NTZETDIYt6Vkb3J7xwOGLeeQhNB4+mrnjKcxPJ36Moo
         gYF0sr6Y9eIboDIlvO2cDJSVTQ3nEBUCFkC+0+W9BqowX/YU0CdqpxG2emrAaGK7599d
         EWLB/ejX6t0m3eASLuOCxluEWGjv9tf1B+EBWarBdqG4B9eqId2SyoEqOMT3Nj9BO0kn
         JkCQ==
ARC-Authentication-Results: i=1; mx.google.com;
       spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
       dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=linux.microsoft.com
Return-Path: <linux-kernel-owner@vger.kernel.org>
Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67])
        by mx.google.com with ESMTP id 36si11570423pla.80.2019.07.01.11.24.37;
        Mon, 01 Jul 2019 11:24:51 -0700 (PDT)
Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67;
Authentication-Results: mx.google.com;
       spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
       dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=linux.microsoft.com
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S1727230AbfGASUT (ORCPT <rfc822;linux.lists.archive@gmail.com>
        + 99 others); Mon, 1 Jul 2019 14:20:19 -0400
Received: from linux.microsoft.com ([13.77.154.182]:42222 "EHLO
        linux.microsoft.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
        with ESMTP id S1725853AbfGASUS (ORCPT
        <rfc822;linux-kernel@vger.kernel.org>);
        Mon, 1 Jul 2019 14:20:18 -0400
Received: from jaskaran-Intel-Server-Board-S1200V3RPS-UEFI-Development-Kit.corp.microsoft.com (unknown [131.107.160.238])
        by linux.microsoft.com (Postfix) with ESMTPSA id 28A9620425FF;
        Mon,  1 Jul 2019 11:20:18 -0700 (PDT)
From:   Jaskaran Khurana <jaskarankhurana@linux.microsoft.com>
To:     gmazyland@gmail.com, ebiggers@google.com
Cc:     linux-security-module@vger.kernel.org,
        linux-kernel@vger.kernel.org, linux-integrity@vger.kernel.org,
        linux-fsdevel@vger.kernel.org, agk@redhat.com, snitzer@redhat.com,
        dm-devel@redhat.com, jmorris@namei.org, scottsh@microsoft.com,
        mdsakib@microsoft.com, mpatocka@redhat.com
Subject: [RFC PATCH v6 0/1] Add dm verity root hash pkcs7 sig validation.
Date:   Mon,  1 Jul 2019 11:19:57 -0700
Message-Id: <20190701181958.6493-1-jaskarankhurana@linux.microsoft.com>
X-Mailer: git-send-email 2.17.1
Sender: linux-kernel-owner@vger.kernel.org
Precedence: bulk
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org

Changes in v6:

Address comments from Milan Broz and Eric Biggers on v5.

-Keep the verification code under config DM_VERITY_VERIFY_ROOTHASH_SIG.

-Change the command line parameter to requires_signatures(bool) which will
force root hash to be signed and trusted if specified.

-Fix the signature not being present in verity_status. Merged the
https://git.kernel.org/pub/scm/linux/kernel/git/mbroz/linux.git/commit/?h=dm-cryptsetup&id=a26c10806f5257e255b6a436713127e762935ad3
made by Milan Broz and tested it.


Jaskaran Khurana (1):
  Add dm verity root hash pkcs7 sig validation.

 Documentation/device-mapper/verity.txt |   7 ++
 drivers/md/Kconfig                     |  12 +++
 drivers/md/Makefile                    |   5 +
 drivers/md/dm-verity-target.c          |  43 +++++++-
 drivers/md/dm-verity-verify-sig.c      | 133 +++++++++++++++++++++++++
 drivers/md/dm-verity-verify-sig.h      |  60 +++++++++++
 drivers/md/dm-verity.h                 |   2 +
 7 files changed, 257 insertions(+), 5 deletions(-)
 create mode 100644 drivers/md/dm-verity-verify-sig.c
 create mode 100644 drivers/md/dm-verity-verify-sig.h

-- 
2.17.1