[RFC PATCH v11 16/19] ipe: enable support for fs-verity as a trust provider
Fan Wu
wufan at linux.microsoft.com
Thu Oct 5 02:45:50 UTC 2023
On 10/4/2023 4:58 PM, Randy Dunlap wrote:
>
>
> On 10/4/23 15:09, Fan Wu wrote:
>
> | diff --git a/security/ipe/Kconfig b/security/ipe/Kconfig
> | index 7afb1ce0cb99..9dd5c4769d79 100644
> | --- a/security/ipe/Kconfig
> | +++ b/security/ipe/Kconfig
> | @@ -30,6 +30,19 @@ config IPE_PROP_DM_VERITY
> | that was mounted with a signed root-hash or the volume's
> | root hash matches the supplied value in the policy.
> |
> | + If unsure, answer Y.
> | +
> | +config IPE_PROP_FS_VERITY
> | + bool "Enable property for fs-verity files"
> | + depends on FS_VERITY && FS_VERITY_BUILTIN_SIGNATURES
> | + help
> | + This option enables the usage of properties "fsverity_signature"
> | + and "fsverity_digest". These properties evaluates to TRUE when
>
> evaluate
>
> | + a file is fsverity enabled and with a signed digest or its
> | + diegst matches the supplied value in the policy.
>
> digest
>
> | +
> | + if unsure, answer Y.
> | +
> | endmenu
> |
> | endif
>
>
Thanks for catching the typo/error. Not sure why my spell script didn't
find them. Maybe I should consider using a better tool.
-Fan
More information about the Linux-security-module-archive
mailing list