[RFC PATCH v11 16/19] ipe: enable support for fs-verity as a trust provider

Fan Wu wufan at linux.microsoft.com
Thu Oct 5 02:45:50 UTC 2023



On 10/4/2023 4:58 PM, Randy Dunlap wrote:
> 
> 
> On 10/4/23 15:09, Fan Wu wrote:
> 
> | diff --git a/security/ipe/Kconfig b/security/ipe/Kconfig
> | index 7afb1ce0cb99..9dd5c4769d79 100644
> | --- a/security/ipe/Kconfig
> | +++ b/security/ipe/Kconfig
> | @@ -30,6 +30,19 @@ config IPE_PROP_DM_VERITY
> |  	  that was mounted with a signed root-hash or the volume's
> |  	  root hash matches the supplied value in the policy.
> |
> | +	  If unsure, answer Y.
> | +
> | +config IPE_PROP_FS_VERITY
> | +	bool "Enable property for fs-verity files"
> | +	depends on FS_VERITY && FS_VERITY_BUILTIN_SIGNATURES
> | +	help
> | +	  This option enables the usage of properties "fsverity_signature"
> | +	  and "fsverity_digest". These properties evaluates to TRUE when
> 
> 	                                          evaluate
> 
> | +	  a file is fsverity enabled and with a signed digest or its
> | +	  diegst matches the supplied value in the policy.
> 
> 	  digest
> 
> | +
> | +	  if unsure, answer Y.
> | +
> |  endmenu
> |
> |  endif
> 
> 

Thanks for catching the typo/error. Not sure why my spell script didn't 
find them. Maybe I should consider using a better tool.

-Fan



More information about the Linux-security-module-archive mailing list