Received: by 2002:a25:ad19:0:0:0:0:0 with SMTP id y25csp865526ybi; Wed, 17 Jul 2019 06:08:59 -0700 (PDT) X-Google-Smtp-Source: APXvYqwdRcBPePQBxHzPPglSyMO6T+Rq58dxZUFq8emb7JmSz8tXkWvQC6LSSTWzcstXAvpFPj+F X-Received: by 2002:a63:4554:: with SMTP id u20mr41947778pgk.406.1563368938991; Wed, 17 Jul 2019 06:08:58 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1563368938; cv=none; d=google.com; s=arc-20160816; b=iWn+FQyGnMdj/Avu4H9z5/pOPn1PGpOMWQnacLvEgCBs1H3/37rNKKBdLdz+rC/3G7 qsMUjVC11uRa7gyuDxc99NTJosQJe/n2C+hKi+rm1eMF5LWlqEPyxMBCw9Hu70wCnj9A iVxE+dYJLBIk0Y69KTm6zHFw51RP/CJiQLYE76oGfaMKgnJ1GVJjCmS8fmLZXqHPcQgF 5p0sWbo7nLX1L0HbmLVjFajbRm63anJFZ2mGTnAEaICQsSBxXvckGYfGITCOVG5CbRfq Xs8VB3+pG3NEBCAntbqIEKSkN29WAxS+z+v2bt2UsCTuB85oR4b4cNaQZbXfrIpm0F7h rwhQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:content-transfer-encoding :content-language:in-reply-to:mime-version:user-agent:date :message-id:openpgp:from:references:cc:to:subject:dkim-signature; bh=h2yLsvzismF8aSznQ40gS7iVeJd2FnjlYb1X34YBrA8=; b=dt25WFZUnJe3hX8IafYaBHCb2FpdYxg/nmmKD7iUlN5luEYuLMZqx8CgD/pKIKsGQ8 AOMEf8E1Xpaz6U0dKKrXBq254eLnYavrJZ7Z6xoJ9vC8RmsvEPBQX+EW0d8D4NwNn0HF eWAlv1LrEHz4Dml6GIrBSqJw6eVWaTeOW0R1voRVACMlP5pNzejVDcpvZlYqWeRn0hHu c8YTocJsbJsYiiEla2a1HIfkHm+fCPXmxpcdxjdijJ8p2kNL+EJp/M8gVELYFLLIac1q emA6rr/GFOAYzOGkmJZP8boIY/rR6DUYUZpBKrrMvJb/Y59MGHMMx8Ve/7AB4S1oDGpb PGEw== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@gmail.com header.s=20161025 header.b=hTIrJmKd; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=QUARANTINE dis=NONE) header.from=gmail.com Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id m186si9933277pgm.423.2019.07.17.06.08.39; Wed, 17 Jul 2019 06:08:58 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; dkim=pass header.i=@gmail.com header.s=20161025 header.b=hTIrJmKd; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=QUARANTINE dis=NONE) header.from=gmail.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1726962AbfGQNIS (ORCPT + 99 others); Wed, 17 Jul 2019 09:08:18 -0400 Received: from mail-wm1-f67.google.com ([209.85.128.67]:39430 "EHLO mail-wm1-f67.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1725873AbfGQNIS (ORCPT ); Wed, 17 Jul 2019 09:08:18 -0400 Received: by mail-wm1-f67.google.com with SMTP id u25so11738836wmc.4; Wed, 17 Jul 2019 06:08:16 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=subject:to:cc:references:from:openpgp:message-id:date:user-agent :mime-version:in-reply-to:content-language:content-transfer-encoding; bh=h2yLsvzismF8aSznQ40gS7iVeJd2FnjlYb1X34YBrA8=; b=hTIrJmKdb4eBexEx/Rfsp2Pg7LnciIrsWX1mLz99xre2zIlgoiZaRCMFERkDAw8DDI 5SSzeqshErtNi7bSc3tgUmHN3HPsgCWWlvGsy5P/jXXVo0NoNhymFSNuVUOA4bwJMwQq MtK+PW3Kf6jxpRM6/m4vtBsrRPTyXrgx/CfumOVFW75rvSeMeoGDLotXbLZ4dZj9XvW8 zdFqWe7FC1i2CMy81xtbA8AfUzcU8z4KSd/Vr3Dpsm935/ni2Spayq5xnOomWsic77dq G/PfZx5IhgH+2aj5ZUt9rXZNbq+d9eLIiBIHkaNMX3oLc2RTPfkQ84cO11KPR8XNTi+r Hnlw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:subject:to:cc:references:from:openpgp:message-id :date:user-agent:mime-version:in-reply-to:content-language :content-transfer-encoding; bh=h2yLsvzismF8aSznQ40gS7iVeJd2FnjlYb1X34YBrA8=; b=O1e78+1J2f40rNBND+xZyUcC3m3V8AwikoMYItnpKQr22vdoVUePEX1gPcIsPzLDRF quwPWEU9mEhkQ3C/t43TALj/yJfZ22rTmDc19+kZn352qwjtXJBzoYDPjVh0e8CWyuIB VJ98Ue2AyFQpSVFMJ0nv9THVXR7DX/bCcdI8LCYXepO8+Ni5sLagLtvj124xPjoS8TYX fJ8DHGsZG+M8nTu3o2mOl1mN8d1ChFC+YXOLmAwGuQam4mpNo4bF2z49p6Qn7fbU+Yfw iz3CSAvQ7GqTKljuxw3jTVe6++1tIuy/sxNly4YjI4fCCG5m+gbLDHqF9+X/WP0FZ4qh 4fDA== X-Gm-Message-State: APjAAAXtsvPN2Iboe5msYUSDqHsIRdgStBMbDIp+OrqwVt85C7TSNwYJ ZyEDyeo077APxs+3FFhiC+/nXYEUVIk= X-Received: by 2002:a1c:9a53:: with SMTP id c80mr34774771wme.173.1563368895160; Wed, 17 Jul 2019 06:08:15 -0700 (PDT) Received: from [10.43.17.52] (nat-pool-brq-t.redhat.com. [213.175.37.10]) by smtp.gmail.com with ESMTPSA id n12sm24739515wmc.24.2019.07.17.06.08.13 (version=TLS1_3 cipher=AEAD-AES128-GCM-SHA256 bits=128/128); Wed, 17 Jul 2019 06:08:14 -0700 (PDT) Subject: Re: [RFC PATCH v6 0/1] Add dm verity root hash pkcs7 sig validation. To: Jaskaran Singh Khurana Cc: ebiggers@google.com, linux-security-module@vger.kernel.org, linux-kernel@vger.kernel.org, linux-integrity@vger.kernel.org, linux-fsdevel@vger.kernel.org, agk@redhat.com, snitzer@redhat.com, dm-devel@redhat.com, jmorris@namei.org, Scott Shell , Nazmus Sakib , mpatocka@redhat.com References: <20190701181958.6493-1-jaskarankhurana@linux.microsoft.com> <395efa90-65d8-d832-3e2b-2b8ee3794688@gmail.com> From: Milan Broz Openpgp: preference=signencrypt Message-ID: Date: Wed, 17 Jul 2019 15:08:13 +0200 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:60.0) Gecko/20100101 Thunderbird/60.8.0 MIME-Version: 1.0 In-Reply-To: Content-Type: text/plain; charset=utf-8 Content-Language: en-US Content-Transfer-Encoding: 7bit Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Hi, On 16/07/2019 20:08, Jaskaran Singh Khurana wrote: >>> Could you please provide feedback on this v6 version. >> >> Hi, >> >> I am ok with the v6 patch; I think Mike will return to it in 5.4 reviews. >> > > Thanks for the help and also for reviewing this patch. Could you please > add Reviewed-by/Tested-by tag to the patch. ok, you can add Tested-and-Reviewed-by: Milan Broz or just use the version on my git, I already updated few lines because of recent kernel changes, mainly the revert of keyring changes, tested patch is here https://git.kernel.org/pub/scm/linux/kernel/git/mbroz/linux.git/commit/?h=dm-cryptsetup&id=266f7c9c74b23e4cb2e67ceb813dd707061c1641 ... > The steps and workflow is correct. I will send the cryptsetup changes for > review. ok, I'll probably try to use our existing userspace libcryptsetup API to avoid introducing new calls, but that is not important for now - the kernel bits must be in the mainline kernel first. Thanks, Milan