[RFC PATCH v3 1/1] Add dm verity root hash pkcs7 sig validation
Jaskaran Singh Khurana
jaskarankhurana at linux.microsoft.com
Mon Jun 10 23:27:21 UTC 2019
On Sat, 8 Jun 2019, Milan Broz wrote:
> On 08/06/2019 00:31, Jaskaran Khurana wrote:
>> The verification is to support cases where the roothash is not secured by
>
>> + key = request_key(&key_type_user,
>> + key_desc, NULL);
>> + if (IS_ERR(key))
>> + return PTR_ERR(key);
>
> You will need dependence on keyring here (kernel can be configured without it),
> try to compile it without CONFIG_KEYS selected.
>
> I think it is ok that DM_VERITY_VERIFY_ROOTHASH_SIG can directly require CONFIG_KEYS.
> (Add depends on CONFIG_KEYS in KConfig)
>
DM_VERITY_VERIFY_ROOTHASH_SIG selects SYSTEM_DATA_VERIFICATION and
SYSTEM_DATA_VERIFICATION selects KEYS so we should be OK here.
>
> Thanks,
> Milan
>
Thanks,
Jaskaran.
More information about the Linux-security-module-archive
mailing list