Received: by 2002:a05:6500:2018:b0:1fb:9675:f89d with SMTP id t24csp55211lqh; Thu, 30 May 2024 13:55:12 -0700 (PDT) X-Forwarded-Encrypted: i=2; AJvYcCWI4Dg6uk0ZW6HTjSSx3Ju5cTwgGW0KBbS3AQSJctC7u2wi8kZ9ZRNUVGmiQvi7D9svAUvLEGCatDS8gwrHNhYWBnl2jbUrr7KusOsNkQ== X-Google-Smtp-Source: AGHT+IF5T1RpQ/ljz6Uh0pv7RO1EZmB4lGWrLjO2dQ4DhypzJzLwtTS7+AafNL7W988yB6VrRIPV X-Received: by 2002:a17:906:da89:b0:a59:a85d:31c6 with SMTP id a640c23a62f3a-a68224460b9mr1141666b.66.1717102512247; Thu, 30 May 2024 13:55:12 -0700 (PDT) Return-Path: Received: from am.mirrors.kernel.org (am.mirrors.kernel.org. [2604:1380:4601:e00::3]) by mx.google.com with ESMTPS id a640c23a62f3a-a67eb723249si13093166b.970.2024.05.30.13.55.12 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Thu, 30 May 2024 13:55:12 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel+bounces-195899-linux.lists.archive=gmail.com@vger.kernel.org designates 2604:1380:4601:e00::3 as permitted sender) client-ip=2604:1380:4601:e00::3; Authentication-Results: mx.google.com; dkim=neutral (body hash did not verify) header.i=@paul-moore.com header.s=google header.b=BrzIFDm5; arc=fail (body hash mismatch); spf=pass (google.com: domain of linux-kernel+bounces-195899-linux.lists.archive=gmail.com@vger.kernel.org designates 2604:1380:4601:e00::3 as permitted sender) smtp.mailfrom="linux-kernel+bounces-195899-linux.lists.archive=gmail.com@vger.kernel.org"; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=paul-moore.com Received: from smtp.subspace.kernel.org (wormhole.subspace.kernel.org [52.25.139.140]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by am.mirrors.kernel.org (Postfix) with ESMTPS id BF8801F24A41 for ; Thu, 30 May 2024 20:55:11 +0000 (UTC) Received: from localhost.localdomain (localhost.localdomain [127.0.0.1]) by smtp.subspace.kernel.org (Postfix) with ESMTP id DB446182D3E; Thu, 30 May 2024 20:54:52 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; dkim=fail reason="signature verification failed" (2048-bit key) header.d=paul-moore.com header.i=@paul-moore.com header.b="BrzIFDm5" Received: from mail-yw1-f180.google.com (mail-yw1-f180.google.com [209.85.128.180]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 1A96B181D0E for ; Thu, 30 May 2024 20:54:49 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=209.85.128.180 ARC-Seal:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1717102492; cv=none; b=YXeaaHr1W+SnxbO+Uxc7uCRI2JYKqG9UACtughKgkLrEXGUn3ZexUdgtcx/neOc4r40v1Sk8l/Am8J0E7ouHBfHITUJ7clDvEg8bkaoSM2bdx1jdqWosr1RJ09A3iSwYHezYBITT+sSRojoOT8D6gBjBViEGc9H1fVlhLwunalM= ARC-Message-Signature:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1717102492; c=relaxed/simple; bh=eg+MIkwiEVxSkImTnP9/42HiBWABCU3sNxsgUn+kexk=; h=MIME-Version:References:In-Reply-To:From:Date:Message-ID:Subject: To:Cc:Content-Type; b=ex0EKIMrDvT3GNVDIp6VNjRdAvJlRH8HiimYC9KvXzrzCzPZ37G4r8wScyDRnL6rgjkU7WcATrtDJ3pfcPikAunplKoMUAsQW3QmmPJguM1xytAAmT2URAhGowB+N64Hf8Cvb+9VIyiHuGnuRbGh5KDutGlDclzLcmJdD3EfqI0= ARC-Authentication-Results:i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=paul-moore.com; spf=pass smtp.mailfrom=paul-moore.com; dkim=pass (2048-bit key) header.d=paul-moore.com header.i=@paul-moore.com header.b=BrzIFDm5; arc=none smtp.client-ip=209.85.128.180 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=paul-moore.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=paul-moore.com Received: by mail-yw1-f180.google.com with SMTP id 00721157ae682-62a2424ed01so14145947b3.1 for ; Thu, 30 May 2024 13:54:49 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=paul-moore.com; s=google; t=1717102489; x=1717707289; darn=vger.kernel.org; h=content-transfer-encoding:cc:to:subject:message-id:date:from :in-reply-to:references:mime-version:from:to:cc:subject:date :message-id:reply-to; bh=IHhnEY8EBCWzfeI4r7ZxHSk1OcUfnIeP4X4PVOCwAbA=; b=BrzIFDm5u1OGrheVMzkYq0tj0rbabzbKf0pTE8oxaIY+RyN0ZEytQzCrnnJreDPOIg 7TQl9X+VZ0fTaRlX8iqumOhB09WMOpzndyPEMdEykX7NyENEaOKkQZfnijFXjWEozH3z 8Jpd+FQxLvzyhMT7cBq724wOfUQslHfL7cnw/ncQNudTDP+XWoyKxjHiBawIxliDwHlv 6Ck785H97sLYf86QFP/eOO/nxuZAAO/OzLO/ClrGsCTjSBbC4T16jgjO+ijjmzjwY+8e nRz9WgFbGVZalnPuTw229RHuigu3tO8iUWyIqbb3VCvm0OPGAkN25fTRlj7b9Rfjy5qD QNcw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1717102489; x=1717707289; h=content-transfer-encoding:cc:to:subject:message-id:date:from :in-reply-to:references:mime-version:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=IHhnEY8EBCWzfeI4r7ZxHSk1OcUfnIeP4X4PVOCwAbA=; b=QEc1omw6OkHg28Jz/4TvrLu8ExBF/imwcdQL1ew3A/c++JTbqLG05dRoYlKFx2nr8x tk67OIHysibLEZkGj5L+UVpK0Bahdri7997vEE2bGzpcqkjH8deBUZrYDfslz6CdU1Bm LhUo8q5j6TIMQkmpvVlY9rkS/mgfVqGZ+OcpEwN0pNnivwURlD8/3FOOFFR9lPyKK0EV 415efpjVY48irmuuNP4EA4t2e1R5ScHqfDVlOmf2qaYR91DUhMT5FkNsLYM0uRn9HvC8 nfWtMd+NE3K1LVTn8pCGVJgXNssOompNaXlU2sLygqRmp9Q+YEaG+wqeynf1hx4UXU4Z DiDQ== X-Forwarded-Encrypted: i=1; AJvYcCVvJa2TI5j13HyOqQFCfDsynhE6JYWICjJ2l5iX24d9AuSQzSEngM8yJJl6G2P05hpLhFCBkWvKsZFtWDPckuOYgJaCq57HYckzB66d X-Gm-Message-State: AOJu0YyembT66sh/OxJ1i4BbiUauj31rP7A4E/V8rfxS8QYm3vA3/vUn KO02JXgHGe4tXEAgJ+8w2NZNIe8yYF5eUHz/GbK23S3qi7EURaxSOwNIjwGL6bc9fgwW6Dis0WD toknfz/wJBw0RXa0PhyRiTfE5MVNm7pWi+OMm X-Received: by 2002:a0d:dc83:0:b0:61b:33fc:ad0e with SMTP id 00721157ae682-62c6bc3120bmr35459887b3.17.1717102489115; Thu, 30 May 2024 13:54:49 -0700 (PDT) Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 References: <1716583609-21790-1-git-send-email-wufan@linux.microsoft.com> <1716583609-21790-16-git-send-email-wufan@linux.microsoft.com> <20240530030605.GA29189@sol.localdomain> In-Reply-To: <20240530030605.GA29189@sol.localdomain> From: Paul Moore Date: Thu, 30 May 2024 16:54:37 -0400 Message-ID: Subject: Re: [PATCH v19 15/20] fsverity: expose verified fsverity built-in signatures to LSMs To: Eric Biggers Cc: Fan Wu , corbet@lwn.net, zohar@linux.ibm.com, jmorris@namei.org, serge@hallyn.com, tytso@mit.edu, axboe@kernel.dk, agk@redhat.com, snitzer@kernel.org, mpatocka@redhat.com, eparis@redhat.com, linux-doc@vger.kernel.org, linux-integrity@vger.kernel.org, linux-security-module@vger.kernel.org, fsverity@lists.linux.dev, linux-block@vger.kernel.org, dm-devel@lists.linux.dev, audit@vger.kernel.org, linux-kernel@vger.kernel.org, Deven Bowers Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable On Wed, May 29, 2024 at 11:06=E2=80=AFPM Eric Biggers = wrote: > On Wed, May 29, 2024 at 09:46:57PM -0400, Paul Moore wrote: > > On Fri, May 24, 2024 at 4:46=E2=80=AFPM Fan Wu wrote: > > > > > > This patch enhances fsverity's capabilities to support both integrity= and > > > authenticity protection by introducing the exposure of built-in > > > signatures through a new LSM hook. This functionality allows LSMs, > > > e.g. IPE, to enforce policies based on the authenticity and integrity= of > > > files, specifically focusing on built-in fsverity signatures. It enab= les > > > a policy enforcement layer within LSMs for fsverity, offering granula= r > > > control over the usage of authenticity claims. For instance, a policy > > > could be established to permit the execution of all files with verifi= ed > > > built-in fsverity signatures while restricting kernel module loading > > > from specified fsverity files via fsverity digests. .. > > Eric, can you give this patch in particular a look to make sure you > > are okay with everything? I believe Fan has addressed all of your > > previous comments and it would be nice to have your Ack/Review tag if > > you are okay with the current revision. > > Sorry, I've just gotten a bit tired of finding so many basic issues in th= is > patchset even after years of revisions. > > This patch in particular is finally looking better. There are a couple i= ssues > that I still see. (BTW, you're welcome to review it too to help find the= se > things, given that you seem to have an interest in getting this landed...= ): I too have been reviewing this patchset across multiple years and have worked with Fan to fix locking issues, parsing issues, the initramfs approach, etc. My interest in getting this landed is simply a combination of fulfilling my role as LSM maintainer as well as being Fan's coworker. While I realize you don't work with Fan, you are listed as the fs-verity maintainer and as such I've been looking to you to help review and authorize the fs-verity related code. If you are too busy, frustrated, or to continue reviewing this patchset it would be helpful if you could identify an authorized fs-verity reviewer. I don't see any besides you and Ted listed in the MAINTAINERS file, but perhaps the fs-verity entry is dated. Regardless, I appreciate your time and feedback thus far and I'm sure Fan does as well. --=20 paul-moore.com