[PATCH v20 12/20] dm verity: expose root hash digest and signature data to LSMs
Paul Moore
paul at paul-moore.com
Mon Aug 19 19:40:58 UTC 2024
On Mon, Aug 19, 2024 at 1:47 PM Fan Wu <wufan at linux.microsoft.com> wrote:
> On 8/18/2024 10:22 AM, Paul Moore wrote:
> > On Fri, Aug 16, 2024 at 3:11 PM Fan Wu <wufan at linux.microsoft.com> wrote:
> >> On 8/16/2024 6:35 AM, Mikulas Patocka wrote:
> >
> > ...
> >
> >>>>>>
> >>>>>> +#ifdef CONFIG_SECURITY
> >>>>>> + u8 *root_digest_sig; /* signature of the root digest */
> >>>>>> +#endif /* CONFIG_SECURITY */
> >>>>>> unsigned int salt_size;
> >>>>>> sector_t data_start; /* data offset in 512-byte sectors */
> >>>>>> sector_t hash_start; /* hash start in blocks */
> >>>>>> @@ -58,6 +61,9 @@ struct dm_verity {
> >>>>>> bool hash_failed:1; /* set if hash of any block failed */
> >>>>>> bool use_bh_wq:1; /* try to verify in BH wq before normal work-queue */
> >>>>>> unsigned int digest_size; /* digest size for the current hash algorithm */
> >>>>>> +#ifdef CONFIG_SECURITY
> >>>>>> + unsigned int sig_size; /* root digest signature size */
> >>>>>> +#endif /* CONFIG_SECURITY */
> >>>>>> unsigned int hash_reqsize; /* the size of temporary space for crypto */
> >>>>>> enum verity_mode mode; /* mode for handling verification errors */
> >>>>>> unsigned int corrupted_errs;/* Number of errors for corrupted blocks */
> >>>
> >>> Just nit-picking: I would move "unsigned int sig_size" up, after "u8
> >>> *root_digest_sig" entry.
> >>>
> >>> Mikulas
> >>
> >> Sure, I can make these two fields together.
> >
> > Fan, do you want me to move the @sig_size field when merging or are
> > you planning to submit another revision? I'm happy to do it during
> > the merge, but I don't want to bother if you are going to post another
> > patchset.
>
> Thanks, Paul. It seems moving the field during the merge can expedite
> the process. Please go ahead with that. I appreciate your help with this!
No problem. I'm going to merge these this afternoon, I'll send
another note when they are in the repo.
--
paul-moore.com
More information about the Linux-security-module-archive
mailing list