[RFC PATCH v3 0/1] Add dm verity root hash pkcs7 sig validation.
Milan Broz
gmazyland at gmail.com
Sat Jun 8 08:46:19 UTC 2019
On 08/06/2019 00:31, Jaskaran Khurana wrote:
> This patch set adds in-kernel pkcs7 signature checking for the roothash of
> the dm-verity hash tree.
> The verification is to support cases where the roothash is not secured by
> Trusted Boot, UEFI Secureboot or similar technologies.
...
> drivers/md/Kconfig | 23 ++++++
> drivers/md/Makefile | 2 +-
> drivers/md/dm-verity-target.c | 34 +++++++-
> drivers/md/dm-verity-verify-sig.c | 132 ++++++++++++++++++++++++++++++
> drivers/md/dm-verity-verify-sig.h | 30 +++++++
Please could you also modify Documentation/device-mapper/verity.txt and
describe the new table parameter?
It would be also nice to have a reference example how to configure it,
including how to create the signature file.
Milan
More information about the Linux-security-module-archive
mailing list