Received: by 2002:a05:6a10:af89:0:0:0:0 with SMTP id iu9csp2297663pxb; Sun, 30 Jan 2022 11:09:05 -0800 (PST) X-Google-Smtp-Source: ABdhPJxJ54nqWzGt+xNdee25P8CrRvs62dnz3MGEl0yRXA9iEqr2/ygK5UDJFO6DRajwOw40ilfo X-Received: by 2002:aa7:dbc3:: with SMTP id v3mr18089965edt.32.1643569745473; Sun, 30 Jan 2022 11:09:05 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1643569745; cv=none; d=google.com; s=arc-20160816; b=Q5iUUerqfQomxMP/hECgIJBb1QelJavGuMqxADvvWGxX/2AYof5upxGJhsG5mdMCVc +CDLaoFjEgZyEsU/OzBM5lgLFtgYGwZo+pnznQ1E9CtbD2pnExE8mAhDinq+z9Ndfk51 8SIDO1nzxOZXFUu4rUo9GT9ifgpveW1HLSDdIf72qQpIvgBNt+noMWXFhaQm1tsMOVaz yhsKtQdV2K4GCyo3n01a+t3ARVG31QIJKhLbmxYkTmjxJjHtkN8ctVD5JSxGMGGH/S0k 3z+JysPU4Na4YQxRa2Mjna/6ASoki4HBsj+k2nYKKDl2s1ZZRR26JggHQ9XK8jRAnoa4 llNQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:mime-version:content-transfer-encoding :content-language:accept-language:in-reply-to:references:message-id :date:thread-index:thread-topic:subject:cc:to:from; bh=xE8bbwwe/bRHDxJYXatnAwHCJbvf2we5uYOlGxF7nGk=; b=jinTSDgptA+PTesRp4ZIJUbyVrtFKPnbN1reIgqmQVRMYRmSGPWEea0zLg2yIauMRd q7dFcvXZBGvS2x65jEzIIJvne76osIYrdFkAB5VGvuspQEnM1dhyL8SVmQbsl/tZsMBu oPEsCNB4/2vG63WpGaR8puyv8n2oxG22MpKnBhKLrfn9EqMpQb6/YVxt6MZmV37N03AJ h/Cy6lrxHKCOz8E+E3CwPE+Kcl65Y83Izny5U7JS/tDDYManG4eKKTyXSsMvnDhqg++s 2xLEzxfpbtWLa7DcxQWzEUsa6fwRapfW409OKfXXVXb8S116+CoZC2ACTHYrIwXvMnEf uW8w== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=fail (p=QUARANTINE sp=QUARANTINE dis=NONE) header.from=huawei.com Return-Path: Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18]) by mx.google.com with ESMTP id g12si8109343edz.238.2022.01.30.11.08.41; Sun, 30 Jan 2022 11:09:05 -0800 (PST) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18; Authentication-Results: mx.google.com; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=fail (p=QUARANTINE sp=QUARANTINE dis=NONE) header.from=huawei.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S237611AbiA1JFF convert rfc822-to-8bit (ORCPT + 99 others); Fri, 28 Jan 2022 04:05:05 -0500 Received: from frasgout.his.huawei.com ([185.176.79.56]:4537 "EHLO frasgout.his.huawei.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S231806AbiA1JFE (ORCPT ); Fri, 28 Jan 2022 04:05:04 -0500 Received: from fraeml714-chm.china.huawei.com (unknown [172.18.147.200]) by frasgout.his.huawei.com (SkyGuard) with ESMTP id 4JlWfJ32hPz67tnp; Fri, 28 Jan 2022 17:01:28 +0800 (CST) Received: from fraeml714-chm.china.huawei.com (10.206.15.33) by fraeml714-chm.china.huawei.com (10.206.15.33) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2308.21; Fri, 28 Jan 2022 10:05:01 +0100 Received: from fraeml714-chm.china.huawei.com ([10.206.15.33]) by fraeml714-chm.china.huawei.com ([10.206.15.33]) with mapi id 15.01.2308.021; Fri, 28 Jan 2022 10:05:01 +0100 From: Roberto Sassu To: Eric Biggers CC: "linux-integrity@vger.kernel.org" , "zohar@linux.ibm.com" , "stefanb@linux.ibm.com" , "linux-fscrypt@vger.kernel.org" , "linux-kernel@vger.kernel.org" Subject: RE: [RFC][PATCH v3a 00/11] ima: support fs-verity digests and signatures (alternative) Thread-Topic: [RFC][PATCH v3a 00/11] ima: support fs-verity digests and signatures (alternative) Thread-Index: AQHYE64xQMi+Kgkov0iDDqwbxhwgiax3MeAAgAABPQCAAOKyQA== Date: Fri, 28 Jan 2022 09:05:01 +0000 Message-ID: References: <20220127184614.2837938-1-roberto.sassu@huawei.com> In-Reply-To: Accept-Language: en-US Content-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: x-originating-ip: [10.204.63.33] Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 8BIT MIME-Version: 1.0 X-CFilter-Loop: Reflected Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org > From: Eric Biggers [mailto:ebiggers@kernel.org] > Sent: Thursday, January 27, 2022 8:40 PM > On Thu, Jan 27, 2022 at 11:35:12AM -0800, Eric Biggers wrote: > > On Thu, Jan 27, 2022 at 07:46:09PM +0100, Roberto Sassu wrote: > > > I wanted to propose a different approach for handling fsverity digests and > > > signatures, compared to: > > > > > > https://lore.kernel.org/linux-integrity/20220126000658.138345-1- > zohar@linux.ibm.com/ > > > > > > In the original proposal, a new signature version has been introduced (v3) > > > to allow the possibility of signing the digest of a more flexible data > > > structure, ima_file_id, which could also include the fsverity file digest. > > > > > > While the new signature type would be sufficient to handle fsverity file > > > digests, the problem is that its format would not be compatible with the > > > signature format supported by the built-in verification module in fsverity. > > > The rpm package manager already has an extension to include fsverity > > > signatures, with the existing format, in the RPM header. > > > > > > Given that the fsverity signature is in the PKCS#7 format, IMA has already > > > the capability of handling it with the existing code, more specifically the > > > modsig code. It would be sufficient to provide to modsig the correct data > > > to avoid introducing a new signature format. > > > > I think it would be best to get people moved off of the fs-verity built-in > > signatures, rather than further extend the use of it. PKCS#7 is a pretty > > terrible signature format. The IMA one is better, though it's unfortunate that > > IMA still relies on X.509 for keys. > > Note, the only reason that support for fs-verity built-in signatures was added > to RPM is that people didn't want to use IMA: > https://lore.kernel.org/linux-fscrypt/b49b4367-51e7-f62a-6209- > b46a6880824b@gmail.com > > If people are going to use IMA anyway, then there would be no point. Hi Eric I thought that the solution I came with could satisfy multiple needs. For people that don't want to use IMA, they could still continue to use the existing signature format, and wait for an LSM that satisfy their needs. They also have the option to migrate to the new signature format you are defining. But will those people be willing to switch to something IMA-specific? For people that use IMA, they could benefit from the effort of people creating packages with the original fsverity signature. For people that are skeptical about IMA, they could be interested in trying the full solution, which would probably be more easily available if the efforts from both sides converge. If, as you say, you have concerns about the existing signature format, wouldn't it be better that you address them from the fsverity side, so that all users of fsverity can benefit from it? Currently, fsverity hashes the formatted digest whose format is FSVerity. Couldn't IMA hash the same data as well? An idea could be to always sign the formatted digest, and have a selector for the signature format: IMA, PKCS#7 or PGP. Thanks Roberto HUAWEI TECHNOLOGIES Duesseldorf GmbH, HRB 56063 Managing Director: Li Peng, Zhong Ronghua