From: Mimi Zohar <zohar@linux.ibm.com>
To: linux-integrity@vger.kernel.org
Cc: Mimi Zohar <zohar@linux.ibm.com>,
Eric Biggers <ebiggers@kernel.org>,
Stefan Berger <stefanb@linux.ibm.com>,
linux-fscrypt@vger.kernel.org, linux-kernel@vger.kernel.org
Subject: [PATCH v9 7/7] fsverity: update the documentation
Date: Thu, 5 May 2022 08:31:41 -0400 [thread overview]
Message-ID: <20220505123141.1599622-8-zohar@linux.ibm.com> (raw)
In-Reply-To: <20220505123141.1599622-1-zohar@linux.ibm.com>
Update the fsverity documentation related to IMA signature support.
Acked-by: Stefan Berger <stefanb@linux.ibm.com>
Signed-off-by: Mimi Zohar <zohar@linux.ibm.com>
---
Documentation/filesystems/fsverity.rst | 35 +++++++++++++++++---------
1 file changed, 23 insertions(+), 12 deletions(-)
diff --git a/Documentation/filesystems/fsverity.rst b/Documentation/filesystems/fsverity.rst
index 8cc536d08f51..b7d42fd65e9d 100644
--- a/Documentation/filesystems/fsverity.rst
+++ b/Documentation/filesystems/fsverity.rst
@@ -70,12 +70,23 @@ must live on a read-write filesystem because they are independently
updated and potentially user-installed, so dm-verity cannot be used.
The base fs-verity feature is a hashing mechanism only; actually
-authenticating the files is up to userspace. However, to meet some
-users' needs, fs-verity optionally supports a simple signature
-verification mechanism where users can configure the kernel to require
-that all fs-verity files be signed by a key loaded into a keyring; see
-`Built-in signature verification`_. Support for fs-verity file hashes
-in IMA (Integrity Measurement Architecture) policies is also planned.
+authenticating the files may be done by:
+
+* Userspace-only
+
+* Builtin signature verification + userspace policy
+
+ fs-verity optionally supports a simple signature verification
+ mechanism where users can configure the kernel to require that
+ all fs-verity files be signed by a key loaded into a keyring;
+ see `Built-in signature verification`_.
+
+* Integrity Measurement Architecture (IMA)
+
+ IMA supports including fs-verity file digests and signatures in the
+ IMA measurement list and verifying fs-verity based file signatures
+ stored as security.ima xattrs, based on policy.
+
User API
========
@@ -653,12 +664,12 @@ weren't already directly answered in other parts of this document.
hashed and what to do with those hashes, such as log them,
authenticate them, or add them to a measurement list.
- IMA is planned to support the fs-verity hashing mechanism as an
- alternative to doing full file hashes, for people who want the
- performance and security benefits of the Merkle tree based hash.
- But it doesn't make sense to force all uses of fs-verity to be
- through IMA. As a standalone filesystem feature, fs-verity
- already meets many users' needs, and it's testable like other
+ IMA supports the fs-verity hashing mechanism as an alternative
+ to full file hashes, for those who want the performance and
+ security benefits of the Merkle tree based hash. However, it
+ doesn't make sense to force all uses of fs-verity to be through
+ IMA. fs-verity already meets many users' needs even as a
+ standalone filesystem feature, and it's testable like other
filesystem features e.g. with xfstests.
:Q: Isn't fs-verity useless because the attacker can just modify the
--
2.27.0
next prev parent reply other threads:[~2022-05-05 12:32 UTC|newest]
Thread overview: 14+ messages / expand[flat|nested] mbox.gz Atom feed top
2022-05-05 12:31 [PATCH v9 0/7] ima: support fs-verity digests and signatures Mimi Zohar
2022-05-05 12:31 ` [PATCH v9 1/7] ima: fix 'd-ng' comments and documentation Mimi Zohar
2022-05-05 12:31 ` [PATCH v9 2/7] ima: use IMA default hash algorithm for integrity violations Mimi Zohar
2022-05-05 12:31 ` [PATCH v9 3/7] fs-verity: define a function to return the integrity protected file digest Mimi Zohar
2022-05-05 12:31 ` [PATCH v9 4/7] ima: define a new template field named 'd-ngv2' and templates Mimi Zohar
2022-05-05 20:34 ` [PATCH v9 4/7] ima: define a new template field named 'd-ngv2' and templates (repost) Mimi Zohar
2022-05-05 20:39 ` [PATCH v9 4/7] ima: define a new template field named 'd-ngv2' and templates (repost with fix) Mimi Zohar
2022-05-05 12:31 ` [PATCH v9 5/7] ima: permit fsverity's file digests in the IMA measurement list Mimi Zohar
2022-05-05 12:31 ` [PATCH v9 6/7] ima: support fs-verity file digest based version 3 signatures Mimi Zohar
2022-05-05 17:12 ` Stefan Berger
2022-05-06 11:34 ` Mimi Zohar
2022-05-05 12:31 ` Mimi Zohar [this message]
2022-05-12 6:19 ` [PATCH v9 7/7] fsverity: update the documentation Eric Biggers
2022-05-12 22:48 ` Mimi Zohar
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20220505123141.1599622-8-zohar@linux.ibm.com \
--to=zohar@linux.ibm.com \
--cc=ebiggers@kernel.org \
--cc=linux-fscrypt@vger.kernel.org \
--cc=linux-integrity@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=stefanb@linux.ibm.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.