[RFC PATCH v6 0/1] Add dm verity root hash pkcs7 sig validation.
Jaskaran Khurana
jaskarankhurana at linux.microsoft.com
Mon Jul 1 18:19:57 UTC 2019
Changes in v6:
Address comments from Milan Broz and Eric Biggers on v5.
-Keep the verification code under config DM_VERITY_VERIFY_ROOTHASH_SIG.
-Change the command line parameter to requires_signatures(bool) which will
force root hash to be signed and trusted if specified.
-Fix the signature not being present in verity_status. Merged the
https://git.kernel.org/pub/scm/linux/kernel/git/mbroz/linux.git/commit/?h=dm-cryptsetup&id=a26c10806f5257e255b6a436713127e762935ad3
made by Milan Broz and tested it.
Jaskaran Khurana (1):
Add dm verity root hash pkcs7 sig validation.
Documentation/device-mapper/verity.txt | 7 ++
drivers/md/Kconfig | 12 +++
drivers/md/Makefile | 5 +
drivers/md/dm-verity-target.c | 43 +++++++-
drivers/md/dm-verity-verify-sig.c | 133 +++++++++++++++++++++++++
drivers/md/dm-verity-verify-sig.h | 60 +++++++++++
drivers/md/dm-verity.h | 2 +
7 files changed, 257 insertions(+), 5 deletions(-)
create mode 100644 drivers/md/dm-verity-verify-sig.c
create mode 100644 drivers/md/dm-verity-verify-sig.h
--
2.17.1
More information about the Linux-security-module-archive
mailing list