[RFC PATCH v3 0/1] Add dm verity root hash pkcs7 sig validation.

Milan Broz gmazyland at gmail.com
Sat Jun 8 08:46:19 UTC 2019


On 08/06/2019 00:31, Jaskaran Khurana wrote:
> This patch set adds in-kernel pkcs7 signature checking for the roothash of
> the dm-verity hash tree.
> The verification is to support cases where the roothash is not secured by
> Trusted Boot, UEFI Secureboot or similar technologies.

...
>  drivers/md/Kconfig                |  23 ++++++
>  drivers/md/Makefile               |   2 +-
>  drivers/md/dm-verity-target.c     |  34 +++++++-
>  drivers/md/dm-verity-verify-sig.c | 132 ++++++++++++++++++++++++++++++
>  drivers/md/dm-verity-verify-sig.h |  30 +++++++

Please could you also modify Documentation/device-mapper/verity.txt and
describe the new table parameter?

It would be also nice to have a reference example how to configure it,
including how to create the signature file.

Milan



More information about the Linux-security-module-archive mailing list