All of lore.kernel.org
 help / color / mirror / Atom feed
From: Mike Snitzer <snitzer@redhat.com>
To: Matthias Kaehlcke <mka@chromium.org>
Cc: Alasdair Kergon <agk@redhat.com>,
	Mike Snitzer <snitzer@kernel.org>,
	Kees Cook <keescook@chromium.org>,
	James Morris <jmorris@namei.org>,
	"Serge E . Hallyn" <serge@hallyn.com>,
	dm-devel@redhat.com, linux-kernel@vger.kernel.org,
	linux-raid@vger.kernel.org, Song Liu <song@kernel.org>,
	Douglas Anderson <dianders@chromium.org>,
	linux-security-module@vger.kernel.org
Subject: Re: [PATCH v3 1/3] dm: Add verity helpers for LoadPin
Date: Thu, 12 May 2022 13:19:12 -0400	[thread overview]
Message-ID: <Yn1BkO4t+CXR0nzk@redhat.com> (raw)
In-Reply-To: <YnwioaRiVmYevo8i@google.com>

On Wed, May 11 2022 at  4:54P -0400,
Matthias Kaehlcke <mka@chromium.org> wrote:

> Alasdar/Mike, I'd be interested in your take on adding these functions
> to verity/DM, to get an idea whether this series has a path forward to
> landing upstream.

I'll be reviewing your patchset now. Comments inlined below.

> On Wed, May 04, 2022 at 12:54:17PM -0700, Matthias Kaehlcke wrote:
> > LoadPin limits loading of kernel modules, firmware and certain
> > other files to a 'pinned' file system (typically a read-only
> > rootfs). To provide more flexibility LoadPin is being extended
> > to also allow loading these files from trusted dm-verity
> > devices. For that purpose LoadPin can be provided with a list
> > of verity root digests that it should consider as trusted.
> > 
> > Add a bunch of helpers to allow LoadPin to check whether a DM
> > device is a trusted verity device. The new functions broadly
> > fall in two categories: those that need access to verity
> > internals (like the root digest), and the 'glue' between
> > LoadPin and verity. The new file dm-verity-loadpin.c contains
> > the glue functions.
> > 
> > Signed-off-by: Matthias Kaehlcke <mka@chromium.org>
> > ---
> > 
> > Changes in v3:
> > - none
> > 
> > Changes in v2:
> > - none
> > 
> >  drivers/md/Makefile               |  6 +++
> >  drivers/md/dm-verity-loadpin.c    | 80 +++++++++++++++++++++++++++++++
> >  drivers/md/dm-verity-target.c     | 33 +++++++++++++
> >  drivers/md/dm-verity.h            |  4 ++
> >  include/linux/dm-verity-loadpin.h | 27 +++++++++++
> >  5 files changed, 150 insertions(+)
> >  create mode 100644 drivers/md/dm-verity-loadpin.c
> >  create mode 100644 include/linux/dm-verity-loadpin.h
> > 
> > diff --git a/drivers/md/Makefile b/drivers/md/Makefile
> > index 0454b0885b01..e12cd004d375 100644
> > --- a/drivers/md/Makefile
> > +++ b/drivers/md/Makefile
> > @@ -100,6 +100,12 @@ ifeq ($(CONFIG_IMA),y)
> >  dm-mod-objs			+= dm-ima.o
> >  endif
> >  
> > +ifeq ($(CONFIG_DM_VERITY),y)
> > +ifeq ($(CONFIG_SECURITY_LOADPIN),y)
> > +dm-mod-objs			+= dm-verity-loadpin.o
> > +endif
> > +endif
> > +

Why are you extending dm-mod-objs?  Why not dm-verity-objs?

> >  ifeq ($(CONFIG_DM_VERITY_FEC),y)
> >  dm-verity-objs			+= dm-verity-fec.o
> >  endif
> > diff --git a/drivers/md/dm-verity-loadpin.c b/drivers/md/dm-verity-loadpin.c
> > new file mode 100644
> > index 000000000000..972ca93a2231
> > --- /dev/null
> > +++ b/drivers/md/dm-verity-loadpin.c
> > @@ -0,0 +1,80 @@
> > +// SPDX-License-Identifier: GPL-2.0-only
> > +
> > +#include <linux/list.h>
> > +#include <linux/kernel.h>
> > +#include <linux/dm-verity-loadpin.h>
> > +
> > +#include "dm.h"
> > +#include "dm-verity.h"
> > +
> > +static struct list_head *trusted_root_digests;
> > +
> > +/*
> > + * Sets the root digests of verity devices which LoadPin considers as trusted.
> > + *
> > + * This function must only be called once.
> > + */
> > +void dm_verity_loadpin_set_trusted_root_digests(struct list_head *digests)
> > +{
> > +	if (!trusted_root_digests)
> > +		trusted_root_digests = digests;
> > +	else
> > +		pr_warn("verity root digests trusted by LoadPin are already set!!!\n");
> > +}

Would prefer you set a DM_MSG_PREFIX and use DMWARN() instead.

You never explicitly initialize trusted_root_digests to NULL.

Also, I'll have to look at the caller(s), but without locking this
branching is racey.

> > +
> > +static bool is_trusted_verity_target(struct dm_target *ti)
> > +{
> > +	u8 *root_digest;
> > +	unsigned int digest_size;
> > +	struct trusted_root_digest *trd;
> > +	bool trusted = false;
> > +
> > +	if (!dm_is_verity_target(ti))
> > +		return false;
> > +
> > +	if (dm_verity_get_root_digest(ti, &root_digest, &digest_size))
> > +		return false;
> > +
> > +	list_for_each_entry(trd, trusted_root_digests, node) {
> > +		if ((trd->len == digest_size) &&
> > +		    !memcmp(trd->data, root_digest, digest_size)) {
> > +			trusted = true;
> > +			break;
> > +		}
> > +	}
> > +
> > +	kfree(root_digest);
> > +
> > +	return trusted;
> > +}
> > +
> > +/*
> > + * Determines whether a mapped device is a verity device that is trusted
> > + * by LoadPin.
> > + */
> > +bool dm_verity_loadpin_is_md_trusted(struct mapped_device *md)
> > +{
> > +	int srcu_idx;
> > +	struct dm_table *table;
> > +	unsigned int num_targets;
> > +	bool trusted = false;
> > +	int i;
> > +
> > +	if (!trusted_root_digests || list_empty(trusted_root_digests))
> > +		return false;

Again, where is the locking to protect trusted_root_digests?

> > +	table = dm_get_live_table(md, &srcu_idx);
> > +	num_targets = dm_table_get_num_targets(table);
> > +	for (i = 0; i < num_targets; i++) {
> > +		struct dm_target *ti = dm_table_get_target(table, i);
> > +
> > +		if (is_trusted_verity_target(ti)) {
> > +			trusted = true;
> > +			break;
> > +		}
> > +	}
> > +
> > +	dm_put_live_table(md, srcu_idx);
> > +
> > +	return trusted;
> > +}
> > diff --git a/drivers/md/dm-verity-target.c b/drivers/md/dm-verity-target.c
> > index 80133aae0db3..6f07b849fcb2 100644
> > --- a/drivers/md/dm-verity-target.c
> > +++ b/drivers/md/dm-verity-target.c
> > @@ -19,6 +19,7 @@
> >  #include <linux/module.h>
> >  #include <linux/reboot.h>
> >  #include <linux/scatterlist.h>
> > +#include <linux/string.h>
> >  
> >  #define DM_MSG_PREFIX			"verity"
> >  
> > @@ -1310,6 +1311,38 @@ static int verity_ctr(struct dm_target *ti, unsigned argc, char **argv)
> >  	return r;
> >  }
> >  
> > +/*
> > + * Check whether a DM target is a verity target.
> > + */
> > +bool dm_is_verity_target(struct dm_target *ti)
> > +{
> > +	return ti->type->module == THIS_MODULE;
> > +}
> > +EXPORT_SYMBOL_GPL(dm_is_verity_target);
> > +
> > +/*
> > + * Get the root digest of a verity target.
> > + *
> > + * Returns a copy of the root digest, the caller is responsible for
> > + * freeing the memory of the digest.
> > + */
> > +int dm_verity_get_root_digest(struct dm_target *ti, u8 **root_digest, unsigned int *digest_size)
> > +{
> > +	struct dm_verity *v = ti->private;
> > +
> > +	if (!dm_is_verity_target(ti))
> > +		return -EINVAL;
> > +
> > +	*root_digest = kmemdup(v->root_digest, v->digest_size, GFP_KERNEL);
> > +	if (*root_digest == NULL)
> > +		return -ENOMEM;
> > +
> > +	*digest_size = v->digest_size;
> > +
> > +	return 0;
> > +}
> > +EXPORT_SYMBOL_GPL(dm_verity_get_root_digest);
> > +
> >  static struct target_type verity_target = {
> >  	.name		= "verity",
> >  	.version	= {1, 8, 0},
> > diff --git a/drivers/md/dm-verity.h b/drivers/md/dm-verity.h
> > index 4e769d13473a..c832cc3e3d24 100644
> > --- a/drivers/md/dm-verity.h
> > +++ b/drivers/md/dm-verity.h
> > @@ -129,4 +129,8 @@ extern int verity_hash(struct dm_verity *v, struct ahash_request *req,
> >  extern int verity_hash_for_block(struct dm_verity *v, struct dm_verity_io *io,
> >  				 sector_t block, u8 *digest, bool *is_zero);
> >  
> > +extern bool dm_is_verity_target(struct dm_target *ti);
> > +extern int dm_verity_get_root_digest(struct dm_target *ti, u8 **root_digest,
> > +				     unsigned int *digest_size);
> > +
> >  #endif /* DM_VERITY_H */
> > diff --git a/include/linux/dm-verity-loadpin.h b/include/linux/dm-verity-loadpin.h
> > new file mode 100644
> > index 000000000000..12a86911d05a
> > --- /dev/null
> > +++ b/include/linux/dm-verity-loadpin.h
> > @@ -0,0 +1,27 @@
> > +/* SPDX-License-Identifier: GPL-2.0 */
> > +
> > +#ifndef __LINUX_DM_VERITY_LOADPIN_H
> > +#define __LINUX_DM_VERITY_LOADPIN_H
> > +
> > +#include <linux/list.h>
> > +
> > +struct mapped_device;
> > +
> > +struct trusted_root_digest {
> > +	u8 *data;
> > +	unsigned int len;
> > +	struct list_head node;
> > +};
> > +
> > +#if IS_ENABLED(CONFIG_SECURITY_LOADPIN) && IS_BUILTIN(CONFIG_DM_VERITY)
> > +void dm_verity_loadpin_set_trusted_root_digests(struct list_head *digests);
> > +bool dm_verity_loadpin_is_md_trusted(struct mapped_device *md);
> > +#else
> > +static inline void dm_verity_loadpin_set_trusted_root_digests(struct list_head *digests) {}
> > +static inline bool dm_verity_loadpin_is_md_trusted(struct mapped_device *md)
> > +{
> > +	return false;
> > +}
> > +#endif
> > +
> > +#endif /* __LINUX_DM_LOADPIN_H */
> > -- 
> > 2.36.0.464.gb9c8b46e94-goog
> > 
> 


WARNING: multiple messages have this Message-ID
From: Mike Snitzer <snitzer@redhat.com>
To: Matthias Kaehlcke <mka@chromium.org>
Cc: linux-security-module@vger.kernel.org,
	Douglas Anderson <dianders@chromium.org>,
	Kees Cook <keescook@chromium.org>,
	Mike Snitzer <snitzer@kernel.org>,
	James Morris <jmorris@namei.org>,
	linux-kernel@vger.kernel.org, linux-raid@vger.kernel.org,
	Song Liu <song@kernel.org>,
	dm-devel@redhat.com, Alasdair Kergon <agk@redhat.com>,
	"Serge E . Hallyn" <serge@hallyn.com>
Subject: Re: [dm-devel] [PATCH v3 1/3] dm: Add verity helpers for LoadPin
Date: Thu, 12 May 2022 13:19:12 -0400	[thread overview]
Message-ID: <Yn1BkO4t+CXR0nzk@redhat.com> (raw)
In-Reply-To: <YnwioaRiVmYevo8i@google.com>

On Wed, May 11 2022 at  4:54P -0400,
Matthias Kaehlcke <mka@chromium.org> wrote:

> Alasdar/Mike, I'd be interested in your take on adding these functions
> to verity/DM, to get an idea whether this series has a path forward to
> landing upstream.

I'll be reviewing your patchset now. Comments inlined below.

> On Wed, May 04, 2022 at 12:54:17PM -0700, Matthias Kaehlcke wrote:
> > LoadPin limits loading of kernel modules, firmware and certain
> > other files to a 'pinned' file system (typically a read-only
> > rootfs). To provide more flexibility LoadPin is being extended
> > to also allow loading these files from trusted dm-verity
> > devices. For that purpose LoadPin can be provided with a list
> > of verity root digests that it should consider as trusted.
> > 
> > Add a bunch of helpers to allow LoadPin to check whether a DM
> > device is a trusted verity device. The new functions broadly
> > fall in two categories: those that need access to verity
> > internals (like the root digest), and the 'glue' between
> > LoadPin and verity. The new file dm-verity-loadpin.c contains
> > the glue functions.
> > 
> > Signed-off-by: Matthias Kaehlcke <mka@chromium.org>
> > ---
> > 
> > Changes in v3:
> > - none
> > 
> > Changes in v2:
> > - none
> > 
> >  drivers/md/Makefile               |  6 +++
> >  drivers/md/dm-verity-loadpin.c    | 80 +++++++++++++++++++++++++++++++
> >  drivers/md/dm-verity-target.c     | 33 +++++++++++++
> >  drivers/md/dm-verity.h            |  4 ++
> >  include/linux/dm-verity-loadpin.h | 27 +++++++++++
> >  5 files changed, 150 insertions(+)
> >  create mode 100644 drivers/md/dm-verity-loadpin.c
> >  create mode 100644 include/linux/dm-verity-loadpin.h
> > 
> > diff --git a/drivers/md/Makefile b/drivers/md/Makefile
> > index 0454b0885b01..e12cd004d375 100644
> > --- a/drivers/md/Makefile
> > +++ b/drivers/md/Makefile
> > @@ -100,6 +100,12 @@ ifeq ($(CONFIG_IMA),y)
> >  dm-mod-objs			+= dm-ima.o
> >  endif
> >  
> > +ifeq ($(CONFIG_DM_VERITY),y)
> > +ifeq ($(CONFIG_SECURITY_LOADPIN),y)
> > +dm-mod-objs			+= dm-verity-loadpin.o
> > +endif
> > +endif
> > +

Why are you extending dm-mod-objs?  Why not dm-verity-objs?

> >  ifeq ($(CONFIG_DM_VERITY_FEC),y)
> >  dm-verity-objs			+= dm-verity-fec.o
> >  endif
> > diff --git a/drivers/md/dm-verity-loadpin.c b/drivers/md/dm-verity-loadpin.c
> > new file mode 100644
> > index 000000000000..972ca93a2231
> > --- /dev/null
> > +++ b/drivers/md/dm-verity-loadpin.c
> > @@ -0,0 +1,80 @@
> > +// SPDX-License-Identifier: GPL-2.0-only
> > +
> > +#include <linux/list.h>
> > +#include <linux/kernel.h>
> > +#include <linux/dm-verity-loadpin.h>
> > +
> > +#include "dm.h"
> > +#include "dm-verity.h"
> > +
> > +static struct list_head *trusted_root_digests;
> > +
> > +/*
> > + * Sets the root digests of verity devices which LoadPin considers as trusted.
> > + *
> > + * This function must only be called once.
> > + */
> > +void dm_verity_loadpin_set_trusted_root_digests(struct list_head *digests)
> > +{
> > +	if (!trusted_root_digests)
> > +		trusted_root_digests = digests;
> > +	else
> > +		pr_warn("verity root digests trusted by LoadPin are already set!!!\n");
> > +}

Would prefer you set a DM_MSG_PREFIX and use DMWARN() instead.

You never explicitly initialize trusted_root_digests to NULL.

Also, I'll have to look at the caller(s), but without locking this
branching is racey.

> > +
> > +static bool is_trusted_verity_target(struct dm_target *ti)
> > +{
> > +	u8 *root_digest;
> > +	unsigned int digest_size;
> > +	struct trusted_root_digest *trd;
> > +	bool trusted = false;
> > +
> > +	if (!dm_is_verity_target(ti))
> > +		return false;
> > +
> > +	if (dm_verity_get_root_digest(ti, &root_digest, &digest_size))
> > +		return false;
> > +
> > +	list_for_each_entry(trd, trusted_root_digests, node) {
> > +		if ((trd->len == digest_size) &&
> > +		    !memcmp(trd->data, root_digest, digest_size)) {
> > +			trusted = true;
> > +			break;
> > +		}
> > +	}
> > +
> > +	kfree(root_digest);
> > +
> > +	return trusted;
> > +}
> > +
> > +/*
> > + * Determines whether a mapped device is a verity device that is trusted
> > + * by LoadPin.
> > + */
> > +bool dm_verity_loadpin_is_md_trusted(struct mapped_device *md)
> > +{
> > +	int srcu_idx;
> > +	struct dm_table *table;
> > +	unsigned int num_targets;
> > +	bool trusted = false;
> > +	int i;
> > +
> > +	if (!trusted_root_digests || list_empty(trusted_root_digests))
> > +		return false;

Again, where is the locking to protect trusted_root_digests?

> > +	table = dm_get_live_table(md, &srcu_idx);
> > +	num_targets = dm_table_get_num_targets(table);
> > +	for (i = 0; i < num_targets; i++) {
> > +		struct dm_target *ti = dm_table_get_target(table, i);
> > +
> > +		if (is_trusted_verity_target(ti)) {
> > +			trusted = true;
> > +			break;
> > +		}
> > +	}
> > +
> > +	dm_put_live_table(md, srcu_idx);
> > +
> > +	return trusted;
> > +}
> > diff --git a/drivers/md/dm-verity-target.c b/drivers/md/dm-verity-target.c
> > index 80133aae0db3..6f07b849fcb2 100644
> > --- a/drivers/md/dm-verity-target.c
> > +++ b/drivers/md/dm-verity-target.c
> > @@ -19,6 +19,7 @@
> >  #include <linux/module.h>
> >  #include <linux/reboot.h>
> >  #include <linux/scatterlist.h>
> > +#include <linux/string.h>
> >  
> >  #define DM_MSG_PREFIX			"verity"
> >  
> > @@ -1310,6 +1311,38 @@ static int verity_ctr(struct dm_target *ti, unsigned argc, char **argv)
> >  	return r;
> >  }
> >  
> > +/*
> > + * Check whether a DM target is a verity target.
> > + */
> > +bool dm_is_verity_target(struct dm_target *ti)
> > +{
> > +	return ti->type->module == THIS_MODULE;
> > +}
> > +EXPORT_SYMBOL_GPL(dm_is_verity_target);
> > +
> > +/*
> > + * Get the root digest of a verity target.
> > + *
> > + * Returns a copy of the root digest, the caller is responsible for
> > + * freeing the memory of the digest.
> > + */
> > +int dm_verity_get_root_digest(struct dm_target *ti, u8 **root_digest, unsigned int *digest_size)
> > +{
> > +	struct dm_verity *v = ti->private;
> > +
> > +	if (!dm_is_verity_target(ti))
> > +		return -EINVAL;
> > +
> > +	*root_digest = kmemdup(v->root_digest, v->digest_size, GFP_KERNEL);
> > +	if (*root_digest == NULL)
> > +		return -ENOMEM;
> > +
> > +	*digest_size = v->digest_size;
> > +
> > +	return 0;
> > +}
> > +EXPORT_SYMBOL_GPL(dm_verity_get_root_digest);
> > +
> >  static struct target_type verity_target = {
> >  	.name		= "verity",
> >  	.version	= {1, 8, 0},
> > diff --git a/drivers/md/dm-verity.h b/drivers/md/dm-verity.h
> > index 4e769d13473a..c832cc3e3d24 100644
> > --- a/drivers/md/dm-verity.h
> > +++ b/drivers/md/dm-verity.h
> > @@ -129,4 +129,8 @@ extern int verity_hash(struct dm_verity *v, struct ahash_request *req,
> >  extern int verity_hash_for_block(struct dm_verity *v, struct dm_verity_io *io,
> >  				 sector_t block, u8 *digest, bool *is_zero);
> >  
> > +extern bool dm_is_verity_target(struct dm_target *ti);
> > +extern int dm_verity_get_root_digest(struct dm_target *ti, u8 **root_digest,
> > +				     unsigned int *digest_size);
> > +
> >  #endif /* DM_VERITY_H */
> > diff --git a/include/linux/dm-verity-loadpin.h b/include/linux/dm-verity-loadpin.h
> > new file mode 100644
> > index 000000000000..12a86911d05a
> > --- /dev/null
> > +++ b/include/linux/dm-verity-loadpin.h
> > @@ -0,0 +1,27 @@
> > +/* SPDX-License-Identifier: GPL-2.0 */
> > +
> > +#ifndef __LINUX_DM_VERITY_LOADPIN_H
> > +#define __LINUX_DM_VERITY_LOADPIN_H
> > +
> > +#include <linux/list.h>
> > +
> > +struct mapped_device;
> > +
> > +struct trusted_root_digest {
> > +	u8 *data;
> > +	unsigned int len;
> > +	struct list_head node;
> > +};
> > +
> > +#if IS_ENABLED(CONFIG_SECURITY_LOADPIN) && IS_BUILTIN(CONFIG_DM_VERITY)
> > +void dm_verity_loadpin_set_trusted_root_digests(struct list_head *digests);
> > +bool dm_verity_loadpin_is_md_trusted(struct mapped_device *md);
> > +#else
> > +static inline void dm_verity_loadpin_set_trusted_root_digests(struct list_head *digests) {}
> > +static inline bool dm_verity_loadpin_is_md_trusted(struct mapped_device *md)
> > +{
> > +	return false;
> > +}
> > +#endif
> > +
> > +#endif /* __LINUX_DM_LOADPIN_H */
> > -- 
> > 2.36.0.464.gb9c8b46e94-goog
> > 
> 

--
dm-devel mailing list
dm-devel@redhat.com
https://listman.redhat.com/mailman/listinfo/dm-devel


  reply	other threads:[~2022-05-12 17:19 UTC|newest]

Thread overview: 42+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2022-05-04 19:54 [PATCH v3 0/3] LoadPin: Enable loading from trusted dm-verity devices Matthias Kaehlcke
2022-05-04 19:54 ` [dm-devel] " Matthias Kaehlcke
2022-05-04 19:54 ` [PATCH v3 1/3] dm: Add verity helpers for LoadPin Matthias Kaehlcke
2022-05-04 19:54   ` [dm-devel] " Matthias Kaehlcke
2022-05-11 20:54   ` Matthias Kaehlcke
2022-05-11 20:54     ` [dm-devel] " Matthias Kaehlcke
2022-05-12 17:19     ` Mike Snitzer [this message]
2022-05-12 17:19       ` Mike Snitzer
2022-05-12 18:14       ` Matthias Kaehlcke
2022-05-12 18:14         ` [dm-devel] " Matthias Kaehlcke
2022-05-12 20:44       ` Matthias Kaehlcke
2022-05-12 20:44         ` [dm-devel] " Matthias Kaehlcke
2022-05-13 16:29         ` Mike Snitzer
2022-05-13 16:29           ` [dm-devel] " Mike Snitzer
2022-05-13 16:53           ` Matthias Kaehlcke
2022-05-13 16:53             ` Matthias Kaehlcke
2022-05-13 22:15   ` Kees Cook
2022-05-13 22:15     ` [dm-devel] " Kees Cook
2022-05-16 18:51     ` Matthias Kaehlcke
2022-05-16 18:51       ` [dm-devel] " Matthias Kaehlcke
2022-05-17  3:38       ` Kees Cook
2022-05-17  3:38         ` [dm-devel] " Kees Cook
2022-05-04 19:54 ` [PATCH v3 2/3] LoadPin: Enable loading from trusted dm-verity devices Matthias Kaehlcke
2022-05-04 19:54   ` [dm-devel] " Matthias Kaehlcke
2022-05-04 22:26   ` kernel test robot
2022-05-04 22:26     ` [dm-devel] " kernel test robot
2022-05-13 16:32   ` Mike Snitzer
2022-05-13 16:32     ` [dm-devel] " Mike Snitzer
2022-05-13 17:01     ` Matthias Kaehlcke
2022-05-13 17:01       ` [dm-devel] " Matthias Kaehlcke
2022-05-13 18:26     ` Kees Cook
2022-05-13 18:26       ` [dm-devel] " Kees Cook
2022-05-13 22:36   ` Kees Cook
2022-05-13 22:36     ` [dm-devel] " Kees Cook
2022-05-16 18:17     ` Matthias Kaehlcke
2022-05-16 18:17       ` [dm-devel] " Matthias Kaehlcke
2022-05-17  3:44       ` Kees Cook
2022-05-17  3:44         ` [dm-devel] " Kees Cook
2022-05-17 19:28         ` Matthias Kaehlcke
2022-05-17 19:28           ` [dm-devel] " Matthias Kaehlcke
2022-05-04 19:54 ` [PATCH v3 3/3] dm: verity-loadpin: Use CONFIG_SECURITY_LOADPIN_VERITY for conditional compilation Matthias Kaehlcke
2022-05-04 19:54   ` [dm-devel] " Matthias Kaehlcke

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=Yn1BkO4t+CXR0nzk@redhat.com \
    --to=snitzer@redhat.com \
    --cc=agk@redhat.com \
    --cc=dianders@chromium.org \
    --cc=dm-devel@redhat.com \
    --cc=jmorris@namei.org \
    --cc=keescook@chromium.org \
    --cc=linux-kernel@vger.kernel.org \
    --cc=linux-raid@vger.kernel.org \
    --cc=linux-security-module@vger.kernel.org \
    --cc=mka@chromium.org \
    --cc=serge@hallyn.com \
    --cc=snitzer@kernel.org \
    --cc=song@kernel.org \
    --subject='Re: [PATCH v3 1/3] dm: Add verity helpers for LoadPin' \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.