Received: by 2002:a05:6358:3188:b0:123:57c1:9b43 with SMTP id q8csp32853394rwd; Fri, 7 Jul 2023 23:53:38 -0700 (PDT) X-Google-Smtp-Source: APBJJlFF4OnX5c9IPnhDNY09Mv5oEh5VlBRdJhkaa7mS7Twsyf9hwS824+5WbBZa5swWFUMfTYFL X-Received: by 2002:a05:6a00:148b:b0:67a:8f2a:2cb2 with SMTP id v11-20020a056a00148b00b0067a8f2a2cb2mr6246003pfu.20.1688799217771; Fri, 07 Jul 2023 23:53:37 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1688799217; cv=none; d=google.com; s=arc-20160816; b=0DgPHH1kD7txsGH9cmpq0gYNfcUc3qh0wst/p0BxUOxcIgPZchPlPjbvcan1cOEanT J8EPTJljWdQXJ90y49Ey86VjF9lnOL+nXgws4MHmr+wvWGVBUe3iaanAo1iqbRGJXI17 4EY1hbdZgpYHQtbRb2ExdjP/uw905sTnjJE1tI949Pvloq18ZnmCikBkTaFgwODAcaC6 Y1GDM8/Cb8mHsY3cWu6/pE6F1LTx2o8qlWztHQUQHFo618a0B0PrnG1gcxSbBA879XPZ Z7HEG0o3Z/YIZzstPzlZBvm4wTkQU4MWJmHD5BMh5RU0idnKXcN6e8gw42RrP9o7FRgi GBgA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:in-reply-to:references:subject:cc:to:from :message-id:date:dkim-signature; bh=+Hz3LNSJIA32LS0w6BjIcScwNW8naJ0tmp1lMEgiYII=; fh=Vmgb78f+UWtIut1Oluhwx2oDAe4UZFJl5iee0zHKAXI=; b=dneXbW3/qGJpdv41+fmgQEvFkpfy4btK3dXKon/B5aaEGRz6T1MhErdL4r1iwv5eke TdKSkl66xEnyhN1sCUmvxp/+RHnIDUcHj1t5XBbO9Xd3VBIOQLZweqd/hxOH+CASvc0V eRjRkn/Fir3mpD+lo2/MEMjWSDrm4FHUEX6fOOAxkVTvBPYUlSNBLCPKGxxIaXJHfxl8 JCQ3zmw8ae9TiAfI5PD9PiaejqNNCZaz3doduOo/J+o/uv93rZTVyrH/TEZTZ4aSPiM5 cUKQmlYbzw2tn+7BjTy4aF/DUpMI+R5panpmoRysEX0rlTlgk43FW80V/wumYtGCz6th 0kZQ== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@paul-moore.com header.s=google header.b=WMjK0HEy; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=paul-moore.com Return-Path: Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20]) by mx.google.com with ESMTP id g13-20020a056a001a0d00b0067eeaacd277si5545118pfv.124.2023.07.07.23.53.26; Fri, 07 Jul 2023 23:53:37 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20; Authentication-Results: mx.google.com; dkim=pass header.i=@paul-moore.com header.s=google header.b=WMjK0HEy; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=paul-moore.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S233068AbjGHFik (ORCPT + 99 others); Sat, 8 Jul 2023 01:38:40 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:43602 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S233000AbjGHFhr (ORCPT ); Sat, 8 Jul 2023 01:37:47 -0400 Received: from mail-qv1-xf33.google.com (mail-qv1-xf33.google.com [IPv6:2607:f8b0:4864:20::f33]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id EAA1E26B3 for ; Fri, 7 Jul 2023 22:37:03 -0700 (PDT) Received: by mail-qv1-xf33.google.com with SMTP id 6a1803df08f44-63770af327fso16994296d6.2 for ; Fri, 07 Jul 2023 22:37:03 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=paul-moore.com; s=google; t=1688794623; x=1691386623; h=in-reply-to:references:subject:cc:to:from:message-id:date:from:to :cc:subject:date:message-id:reply-to; bh=+Hz3LNSJIA32LS0w6BjIcScwNW8naJ0tmp1lMEgiYII=; b=WMjK0HEyLb6k8Lr9S8HYjINbqxFLs2ibv2n9WI7AnF2cBRrod0QTwW2rDHTsYk8Ju5 QKB7L7j1kAZdO89V+9fU9rA4znRoQV17IMA0VV5QCToHaNcGDHjU3KUEuict4N+aLesT sGaK8i9hrVkpBpuqqFMmufNeAqpBBQk+AV3rOUbbVxRJZyPg14Ii71zfzyg9kGDrxOgO x7cB0oc2kSF4xkvDUiJgla79AxECldOnSOLbNF8Q5utVVSYRg0vz5LfBbBvKLux3/XYe k2XmHMVL8eIZ404ULZpznHcq70SU7ouLCfw21989uHJmHsIHYP4UnIDmKiR3XQJY+fK/ 23ww== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20221208; t=1688794623; x=1691386623; h=in-reply-to:references:subject:cc:to:from:message-id:date :x-gm-message-state:from:to:cc:subject:date:message-id:reply-to; bh=+Hz3LNSJIA32LS0w6BjIcScwNW8naJ0tmp1lMEgiYII=; b=WReEI89WAVO2rYNRLkKb6++zmTLzF34IO2VNtjGIBTIwcYvcd2as1xBz9UhdeYKt69 I2hBJ+9w5NrJml5kUbKhH2SvVq96RdQ/D6qTx+IZsskvEKlgokxbkqvJm6xXwUPfChm9 54ksYO2NUHIQhZHzRxCIF21vRwBMKsV8HC7PVaXAR7nVT6oXUXwAISqaRkmEZUwZvPb+ M7zgP1/SGBBY3h+kdnvw6p6PtDF+/DCZseropFq8jIxZl9EkJ06L6NIaRYTFTeQa3i59 m4+hU2yInasUMYwBhnDMAplii54Ww6bDzrpickY4C8Q3Hj1ROrSmuz6627weD/Y5Ssgb 00NQ== X-Gm-Message-State: ABy/qLZlmtcbtxEwN4Ib8kD+tzISh+88eXSwbuaygjOP22RNzSV0nUZI fZUWkB5P46VjfHL9FSVfWxqM X-Received: by 2002:a0c:9a06:0:b0:631:e696:7b6 with SMTP id p6-20020a0c9a06000000b00631e69607b6mr6291591qvd.53.1688794622811; Fri, 07 Jul 2023 22:37:02 -0700 (PDT) Received: from localhost ([70.22.175.108]) by smtp.gmail.com with ESMTPSA id a6-20020a0cca86000000b0062df126ca11sm2943746qvk.21.2023.07.07.22.37.02 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Fri, 07 Jul 2023 22:37:02 -0700 (PDT) Date: Sat, 08 Jul 2023 01:37:02 -0400 Message-ID: From: Paul Moore To: Fan Wu , corbet@lwn.net, zohar@linux.ibm.com, jmorris@namei.org, serge@hallyn.com, tytso@mit.edu, ebiggers@kernel.org, axboe@kernel.dk, agk@redhat.com, snitzer@kernel.org, eparis@redhat.com Cc: linux-doc@vger.kernel.org, linux-integrity@vger.kernel.org, linux-security-module@vger.kernel.org, linux-fscrypt@vger.kernel.org, linux-block@vger.kernel.org, dm-devel@redhat.com, audit@vger.kernel.org, roberto.sassu@huawei.com, linux-kernel@vger.kernel.org, Deven Bowers , Fan Wu Subject: Re: [PATCH RFC v10 12/17] ipe: add support for dm-verity as a trust provider References: <1687986571-16823-13-git-send-email-wufan@linux.microsoft.com> In-Reply-To: <1687986571-16823-13-git-send-email-wufan@linux.microsoft.com> X-Spam-Status: No, score=-2.1 required=5.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,RCVD_IN_DNSWL_NONE, SPF_HELO_NONE,SPF_PASS,T_SCC_BODY_TEXT_LINE,URIBL_BLOCKED autolearn=unavailable autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Jun 28, 2023 Fan Wu wrote: > > Allows author of IPE policy to indicate trust for a singular dm-verity > volume, identified by roothash, through "dmverity_roothash" and all > signed dm-verity volumes, through "dmverity_signature". > > Signed-off-by: Deven Bowers > Signed-off-by: Fan Wu > --- > security/ipe/Kconfig | 18 +++++ > security/ipe/Makefile | 1 + > security/ipe/audit.c | 25 ++++++ > security/ipe/digest.c | 142 +++++++++++++++++++++++++++++++++++ > security/ipe/digest.h | 26 +++++++ > security/ipe/eval.c | 101 ++++++++++++++++++++++++- > security/ipe/eval.h | 13 ++++ > security/ipe/hooks.c | 51 +++++++++++++ > security/ipe/hooks.h | 8 ++ > security/ipe/ipe.c | 15 ++++ > security/ipe/ipe.h | 4 + > security/ipe/policy.h | 3 + > security/ipe/policy_parser.c | 21 ++++++ > 13 files changed, 427 insertions(+), 1 deletion(-) > create mode 100644 security/ipe/digest.c > create mode 100644 security/ipe/digest.h ... > diff --git a/security/ipe/hooks.c b/security/ipe/hooks.c > index 6f94f5c8a0c3..9651e582791e 100644 > --- a/security/ipe/hooks.c > +++ b/security/ipe/hooks.c > @@ -192,3 +195,51 @@ void ipe_sb_free_security(struct super_block *mnt_sb) > { > ipe_invalidate_pinned_sb(mnt_sb); > } > + > +#ifdef CONFIG_IPE_PROP_DM_VERITY > +/** > + * ipe_bdev_free_security - free IPE's LSM blob of block_devices. > + * @bdev: Supplies a pointer to a block_device that contains the structure > + * to free. > + */ > +void ipe_bdev_free_security(struct block_device *bdev) > +{ > + struct ipe_bdev *blob = ipe_bdev(bdev); > + > + kfree(blob->digest); > + kfree(blob->digest_algo); > +} > + > +/** > + * ipe_bdev_setsecurity - save data from a bdev to IPE's LSM blob. > + * @bdev: Supplies a pointer to a block_device that contains the LSM blob. > + * @key: Supplies the string key that uniquely identifies the value. > + * @value: Supplies the value to store. > + * @len: The length of @value. > + */ > +int ipe_bdev_setsecurity(struct block_device *bdev, const char *key, > + const void *value, size_t len) > +{ > + struct ipe_bdev *blob = ipe_bdev(bdev); Before you can interpret the @key value, you need to first determine which type of block device you have been handed. It is possible that multiple block device types could share the same key with very different meanings for that key, yes? > + if (!strcmp(key, DM_VERITY_ROOTHASH_SEC_NAME)) { > + const struct dm_verity_digest *digest = value; > + > + blob->digest = kmemdup(digest->digest, digest->digest_len, GFP_KERNEL); > + if (!blob->digest) > + return -ENOMEM; > + > + blob->digest_algo = kstrdup_const(digest->algo, GFP_KERNEL); > + if (!blob->digest_algo) > + return -ENOMEM; > + > + blob->digest_len = digest->digest_len; > + return 0; > + } else if (!strcmp(key, DM_VERITY_SIGNATURE_SEC_NAME)) { > + blob->dm_verity_signed = true; > + return 0; > + } > + > + return -EOPNOTSUPP; > +} > +#endif /* CONFIG_IPE_PROP_DM_VERITY */ -- paul-moore.com