[PATCH v20 12/20] dm verity: expose root hash digest and signature data to LSMs
Fan Wu
wufan at linux.microsoft.com
Mon Aug 19 17:47:01 UTC 2024
On 8/18/2024 10:22 AM, Paul Moore wrote:
> On Fri, Aug 16, 2024 at 3:11 PM Fan Wu <wufan at linux.microsoft.com> wrote:
>> On 8/16/2024 6:35 AM, Mikulas Patocka wrote:
>
> ...
>
>>>>>>
>>>>>> +#ifdef CONFIG_SECURITY
>>>>>> + u8 *root_digest_sig; /* signature of the root digest */
>>>>>> +#endif /* CONFIG_SECURITY */
>>>>>> unsigned int salt_size;
>>>>>> sector_t data_start; /* data offset in 512-byte sectors */
>>>>>> sector_t hash_start; /* hash start in blocks */
>>>>>> @@ -58,6 +61,9 @@ struct dm_verity {
>>>>>> bool hash_failed:1; /* set if hash of any block failed */
>>>>>> bool use_bh_wq:1; /* try to verify in BH wq before normal work-queue */
>>>>>> unsigned int digest_size; /* digest size for the current hash algorithm */
>>>>>> +#ifdef CONFIG_SECURITY
>>>>>> + unsigned int sig_size; /* root digest signature size */
>>>>>> +#endif /* CONFIG_SECURITY */
>>>>>> unsigned int hash_reqsize; /* the size of temporary space for crypto */
>>>>>> enum verity_mode mode; /* mode for handling verification errors */
>>>>>> unsigned int corrupted_errs;/* Number of errors for corrupted blocks */
>>>
>>> Just nit-picking: I would move "unsigned int sig_size" up, after "u8
>>> *root_digest_sig" entry.
>>>
>>> Mikulas
>>
>> Sure, I can make these two fields together.
>
> Fan, do you want me to move the @sig_size field when merging or are
> you planning to submit another revision? I'm happy to do it during
> the merge, but I don't want to bother if you are going to post another
> patchset.
>
Thanks, Paul. It seems moving the field during the merge can expedite
the process. Please go ahead with that. I appreciate your help with this!
-Fan
More information about the Linux-security-module-archive
mailing list