From: Roberto Sassu <roberto.sassu@huaweicloud.com>
To: Fan Wu <wufan@linux.microsoft.com>,
corbet@lwn.net, zohar@linux.ibm.com, jmorris@namei.org,
serge@hallyn.com, tytso@mit.edu, ebiggers@kernel.org,
axboe@kernel.dk, agk@redhat.com, snitzer@kernel.org,
eparis@redhat.com, paul@paul-moore.com
Cc: dm-devel@redhat.com, linux-doc@vger.kernel.org,
Deven Bowers <deven.desai@linux.microsoft.com>,
roberto.sassu@huawei.com, linux-security-module@vger.kernel.org,
linux-kernel@vger.kernel.org, linux-block@vger.kernel.org,
linux-fscrypt@vger.kernel.org, linux-audit@redhat.com,
linux-integrity@vger.kernel.org
Subject: Re: [RFC PATCH v9 13/16] ipe: enable support for fs-verity as a trust provider
Date: Tue, 31 Jan 2023 15:00:08 +0100 [thread overview]
Message-ID: <d62907da62b5e0b25c9d7bd4b3119a3d1827bd29.camel@huaweicloud.com> (raw)
In-Reply-To: <1675119451-23180-14-git-send-email-wufan@linux.microsoft.com>
On Mon, 2023-01-30 at 14:57 -0800, Fan Wu wrote:
> Enable IPE policy authors to indicate trust for a singular fsverity
> file, identified by the digest information, through "fsverity_digest"
> and all files using fsverity's builtin signatures via
> "fsverity_signature".
>
> This enables file-level integrity claims to be expressed in IPE,
> allowing individual files to be authorized, giving some flexibility
> for policy authors. Such file-level claims are important to be expressed
> for enforcing the integrity of packages, as well as address some of the
> scalability issues in a sole dm-verity based solution (# of loop back
> devices, etc).
>
> This solution cannot be done in userspace as the minimum threat that
> IPE should mitigate is an attacker downloads malicious payload with
> all required dependencies. These dependencies can lack the userspace
> check, bypassing the protection entirely. A similar attack succeeds if
> the userspace component is replaced with a version that does not
> perform the check. As a result, this can only be done in the common
> entry point - the kernel.
>
> Signed-off-by: Deven Bowers <deven.desai@linux.microsoft.com>
> Signed-off-by: Fan Wu <wufan@linux.microsoft.com>
> ---
> v1-v6:
> + Not present
>
> v7:
> Introduced
>
> v8:
> * Undo squash of 08/12, 10/12 - separating drivers/md/ from security/
> * Use common-audit function for fsverity_signature.
> + Change fsverity implementation to use fsverity_get_digest
> + prevent unnecessary copy of fs-verity signature data, instead
> just check for presence of signature data.
> + Remove free_inode_security hook, as the digest is now acquired
> at runtime instead of via LSM blob.
>
> v9:
> + Adapt to the new parser
> ---
> security/ipe/Kconfig | 11 ++++
> security/ipe/audit.c | 23 +++++++
> security/ipe/eval.c | 112 +++++++++++++++++++++++++++++++++++
> security/ipe/eval.h | 10 ++++
> security/ipe/hooks.c | 30 ++++++++++
> security/ipe/hooks.h | 7 +++
> security/ipe/ipe.c | 13 ++++
> security/ipe/ipe.h | 3 +
> security/ipe/policy.h | 3 +
> security/ipe/policy_parser.c | 8 +++
> 10 files changed, 220 insertions(+)
>
> diff --git a/security/ipe/Kconfig b/security/ipe/Kconfig
> index 16e835ce61b0..dd9a066dd35a 100644
> --- a/security/ipe/Kconfig
> +++ b/security/ipe/Kconfig
> @@ -32,6 +32,17 @@ config IPE_PROP_DM_VERITY
>
> If unsure, answer Y.
>
> +config IPE_PROP_FS_VERITY
> + bool "Enable property for fs-verity files"
> + depends on FS_VERITY && FS_VERITY_BUILTIN_SIGNATURES
> + help
> + This option enables the usage of properties "fsverity_signature"
> + and "fsverity_digest". These properties evaluates to TRUE when
> + a file is fsverity enabled and with a signed digest or its
> + diegst matches the supplied value in the policy.
> +
> + if unsure, answer Y.
> +
> endmenu
>
> endif
> diff --git a/security/ipe/audit.c b/security/ipe/audit.c
> index 769ba95d9b0d..16d81645e53c 100644
> --- a/security/ipe/audit.c
> +++ b/security/ipe/audit.c
> @@ -46,6 +46,11 @@ static const char *const audit_prop_names[ipe_prop_max] = {
> "dmverity_signature=FALSE",
> "dmverity_signature=TRUE",
> #endif /* CONFIG_IPE_PROP_DM_VERITY */
> +#ifdef CONFIG_IPE_PROP_FS_VERITY
> + "fsverity_digest=",
> + "fsverity_signature=FALSE",
> + "fsverity_signature=TRUE"
> +#endif /* CONFIG_IPE_PROP_FS_VERITY */
> };
>
> #ifdef CONFIG_IPE_PROP_DM_VERITY
> @@ -64,6 +69,22 @@ static void audit_dmv_roothash(struct audit_buffer *ab, const void *rh)
> }
> #endif /* CONFIG_IPE_PROP_DM_VERITY */
>
> +#ifdef CONFIG_IPE_PROP_FS_VERITY
> +/**
> + * audit_fsv_digest - audit a digest of a fsverity file.
> + * @ab: Supplies a poniter to the audit_buffer to append to.
> + * @d: Supplies a pointer to the digest structure.
> + */
> +static void audit_fsv_digest(struct audit_buffer *ab, const void *d)
> +{
> + ipe_digest_audit(ab, d);
> +}
> +#else
> +static void audit_fsv_digest(struct audit_buffer *ab, const void *d)
> +{
> +}
> +#endif /* CONFIG_IPE_PROP_DM_VERITY */
> +
> /**
> * audit_rule - audit an IPE policy rule approximation.
> * @ab: Supplies a poniter to the audit_buffer to append to.
> @@ -79,6 +100,8 @@ static void audit_rule(struct audit_buffer *ab, const struct ipe_rule *r)
> audit_log_format(ab, "%s", audit_prop_names[ptr->type]);
> if (ptr->type == ipe_prop_dmv_roothash)
> audit_dmv_roothash(ab, ptr->value);
> + if (ptr->type == ipe_prop_fsv_digest)
> + audit_fsv_digest(ab, ptr->value);
>
> audit_log_format(ab, " ");
> }
> diff --git a/security/ipe/eval.c b/security/ipe/eval.c
> index 538af4195ba7..210d3926c0a8 100644
> --- a/security/ipe/eval.c
> +++ b/security/ipe/eval.c
> @@ -81,6 +81,23 @@ static void build_ipe_bdev_ctx(struct ipe_eval_ctx *ctx, const struct inode *con
> }
> #endif /* CONFIG_IPE_PROP_DM_VERITY */
>
> +#ifdef CONFIG_IPE_PROP_FS_VERITY
> +/**
> + * build_ipe_inode_ctx - Build inode fields of an evaluation context.
> + * @ctx: Supplies a pointer to the context to be populdated.
> + * @ino: Supplies the inode struct of the file triggered IPE event.
> + */
> +static void build_ipe_inode_ctx(struct ipe_eval_ctx *ctx, const struct inode *const ino)
> +{
> + ctx->ino = ino;
> + ctx->ipe_inode = ipe_inode(ctx->ino);
> +}
> +#else
> +static void build_ipe_inode_ctx(struct ipe_eval_ctx *ctx, const struct inode *const ino)
> +{
> +}
> +#endif /* CONFIG_IPE_PROP_FS_VERITY */
> +
> /**
> * build_eval_ctx - Build an evaluation context.
> * @ctx: Supplies a pointer to the context to be populdated.
> @@ -99,6 +116,7 @@ void build_eval_ctx(struct ipe_eval_ctx *ctx,
> if (file) {
> ino = d_real_inode(file->f_path.dentry);
> build_ipe_bdev_ctx(ctx, ino);
> + build_ipe_inode_ctx(ctx, ino);
> }
> }
>
> @@ -171,6 +189,91 @@ static bool evaluate_dmv_sig_true(const struct ipe_eval_ctx *const ctx,
> }
> #endif /* CONFIG_IPE_PROP_DM_VERITY */
>
> +#ifdef CONFIG_IPE_PROP_FS_VERITY
> +/**
> + * evaluate_fsv_digest - Analyze @ctx against a fsv digest property.
> + * @ctx: Supplies a pointer to the context being evaluated.
> + * @p: Supplies a pointer to the property being evaluated.
> + *
> + * Return:
> + * * true - The current @ctx match the @p
> + * * false - The current @ctx doesn't match the @p
> + */
> +static bool evaluate_fsv_digest(const struct ipe_eval_ctx *const ctx,
> + struct ipe_prop *p)
> +{
> + enum hash_algo alg;
> + u8 digest[FS_VERITY_MAX_DIGEST_SIZE];
> +
> + if (!ctx->ino)
> + return false;
> + if (fsverity_get_digest((struct inode *)ctx->ino,
> + digest,
> + &alg)) {
> + return false;
> + }
> +
> + return ipe_digest_eval(p->value,
> + digest,
> + hash_digest_size[alg],
> + hash_algo_name[alg]);
> +}
> +
> +/**
> + * evaluate_fsv_sig_false - Analyze @ctx against a fsv sig false property.
> + * @ctx: Supplies a pointer to the context being evaluated.
> + * @p: Supplies a pointer to the property being evaluated.
> + *
> + * Return:
> + * * true - The current @ctx match the @p
> + * * false - The current @ctx doesn't match the @p
> + */
> +static bool evaluate_fsv_sig_false(const struct ipe_eval_ctx *const ctx,
> + struct ipe_prop *p)
> +{
> + return !ctx->ino ||
> + !IS_VERITY(ctx->ino) ||
> + !ctx->ipe_inode ||
> + !ctx->ipe_inode->fs_verity_signed;
> +}
> +
> +/**
> + * evaluate_fsv_sig_true - Analyze @ctx against a fsv sig true property.
> + * @ctx: Supplies a pointer to the context being evaluated.
> + * @p: Supplies a pointer to the property being evaluated.
> + *
> + * Return:
> + * * true - The current @ctx match the @p
> + * * false - The current @ctx doesn't match the @p
> + */
> +static bool evaluate_fsv_sig_true(const struct ipe_eval_ctx *const ctx,
> + struct ipe_prop *p)
> +{
> + return ctx->ino &&
> + IS_VERITY(ctx->ino) &&
> + ctx->ipe_inode &&
> + ctx->ipe_inode->fs_verity_signed;
> +}
Isn't better to just define one function and prepend a ! in
evaluate_property()?
Not sure about the usefulness of the fsverity_signature= property as it
is. I would at minimum allow to specify which keyring signatures are
verified against, and ensure that the keyring has a restriction.
And maybe I would call fsverity_verify_signature() directly, after
extending it to pass the desired keyring.
I would also split this patch in two, one for fsverity_digest= and one
for fsverity_signature=.
Roberto
> +#else
> +static bool evaluate_fsv_digest(const struct ipe_eval_ctx *const ctx,
> + struct ipe_prop *p)
> +{
> + return false;
> +}
> +
> +static bool evaluate_fsv_sig_false(const struct ipe_eval_ctx *const ctx,
> + struct ipe_prop *p)
> +{
> + return false;
> +}
> +
> +static bool evaluate_fsv_sig_true(const struct ipe_eval_ctx *const ctx,
> + struct ipe_prop *p)
> +{
> + return false;
> +}
> +#endif /* CONFIG_IPE_PROP_FS_VERITY */
> +
> /**
> * evaluate_property - Analyze @ctx against a property.
> * @ctx: Supplies a pointer to the context to be evaluated.
> @@ -201,6 +304,15 @@ static bool evaluate_property(const struct ipe_eval_ctx *const ctx,
> case ipe_prop_dmv_sig_true:
> eval = evaluate_dmv_sig_true(ctx, p);
> break;
> + case ipe_prop_fsv_digest:
> + eval = evaluate_fsv_digest(ctx, p);
> + break;
> + case ipe_prop_fsv_sig_false:
> + eval = evaluate_fsv_sig_false(ctx, p);
> + break;
> + case ipe_prop_fsv_sig_true:
> + eval = evaluate_fsv_sig_true(ctx, p);
> + break;
> default:
> eval = false;
> }
> diff --git a/security/ipe/eval.h b/security/ipe/eval.h
> index 4fd832c6893e..d3dce4f04cb4 100644
> --- a/security/ipe/eval.h
> +++ b/security/ipe/eval.h
> @@ -26,6 +26,12 @@ struct ipe_bdev {
> };
> #endif /* CONFIG_IPE_PROP_DM_VERITY */
>
> +#ifdef CONFIG_IPE_PROP_FS_VERITY
> +struct ipe_inode {
> + bool fs_verity_signed;
> +};
> +#endif /* CONFIG_IPE_PROP_FS_VERITY */
> +
> struct ipe_eval_ctx {
> enum ipe_op_type op;
>
> @@ -34,6 +40,10 @@ struct ipe_eval_ctx {
> #ifdef CONFIG_IPE_PROP_DM_VERITY
> const struct ipe_bdev *ipe_bdev;
> #endif /* CONFIG_IPE_PROP_DM_VERITY */
> +#ifdef CONFIG_IPE_PROP_FS_VERITY
> + const struct inode *ino;
> + const struct ipe_inode *ipe_inode;
> +#endif /* CONFIG_IPE_PROP_FS_VERITY */
> };
>
> enum ipe_match {
> diff --git a/security/ipe/hooks.c b/security/ipe/hooks.c
> index 735375d2f858..836f08240372 100644
> --- a/security/ipe/hooks.c
> +++ b/security/ipe/hooks.c
> @@ -243,3 +243,33 @@ int ipe_bdev_setsecurity(struct block_device *bdev, const char *key,
> return -EOPNOTSUPP;
> }
> #endif /* CONFIG_IPE_PROP_DM_VERITY */
> +
> +#ifdef CONFIG_IPE_PROP_FS_VERITY
> +/**
> + * ipe_inode_setsecurity - Sets fields of a inode security blob from @key.
> + * @inode: The inode to source the security blob from.
> + * @name: The name representing the information to be stored.
> + * @value: The value to be stored.
> + * @size: The size of @value.
> + * @flags: unused
> + *
> + * Saves fsverity signature & digest into inode security blob
> + *
> + * Return:
> + * * 0 - OK
> + * * !0 - Error
> + */
> +int ipe_inode_setsecurity(struct inode *inode, const char *name,
> + const void *value, size_t size,
> + int flags)
> +{
> + struct ipe_inode *inode_sec = ipe_inode(inode);
> +
> + if (!strcmp(name, FS_VERITY_INODE_SEC_NAME)) {
> + inode_sec->fs_verity_signed = size > 0 && value;
> + return 0;
> + }
> +
> + return -EOPNOTSUPP;
> +}
> +#endif /* CONFIG_CONFIG_IPE_PROP_FS_VERITY */
> diff --git a/security/ipe/hooks.h b/security/ipe/hooks.h
> index 16611a149158..654aba584a44 100644
> --- a/security/ipe/hooks.h
> +++ b/security/ipe/hooks.h
> @@ -8,6 +8,7 @@
> #include <linux/fs.h>
> #include <linux/binfmts.h>
> #include <linux/security.h>
> +#include <linux/fsverity.h>
> #include <linux/device-mapper.h>
>
> void ipe_sb_free_security(struct super_block *mnt_sb);
> @@ -32,4 +33,10 @@ int ipe_bdev_setsecurity(struct block_device *bdev, const char *key,
> const void *value, size_t len);
> #endif /* CONFIG_IPE_PROP_DM_VERITY */
>
> +#ifdef CONFIG_IPE_PROP_FS_VERITY
> +int ipe_inode_setsecurity(struct inode *inode, const char *name,
> + const void *value, size_t size,
> + int flags);
> +#endif /* CONFIG_IPE_PROP_FS_VERITY */
> +
> #endif /* IPE_HOOKS_H */
> diff --git a/security/ipe/ipe.c b/security/ipe/ipe.c
> index 5612cb3cf1e5..705ce9a003de 100644
> --- a/security/ipe/ipe.c
> +++ b/security/ipe/ipe.c
> @@ -13,6 +13,9 @@ static struct lsm_blob_sizes ipe_blobs __lsm_ro_after_init = {
> #ifdef CONFIG_IPE_PROP_DM_VERITY
> .lbs_bdev = sizeof(struct ipe_bdev),
> #endif /* CONFIG_IPE_PROP_DM_VERITY */
> +#ifdef CONFIG_IPE_PROP_FS_VERITY
> + .lbs_inode = sizeof(struct ipe_inode),
> +#endif /* CONFIG_IPE_PROP_FS_VERITY */
> };
>
> #ifdef CONFIG_IPE_PROP_DM_VERITY
> @@ -22,6 +25,13 @@ struct ipe_bdev *ipe_bdev(struct block_device *b)
> }
> #endif /* CONFIG_IPE_PROP_DM_VERITY */
>
> +#ifdef CONFIG_IPE_PROP_FS_VERITY
> +struct ipe_inode *ipe_inode(const struct inode *inode)
> +{
> + return inode->i_security + ipe_blobs.lbs_inode;
> +}
> +#endif /* CONFIG_IPE_PROP_FS_VERITY */
> +
> static struct security_hook_list ipe_hooks[] __lsm_ro_after_init = {
> LSM_HOOK_INIT(sb_free_security, ipe_sb_free_security),
> LSM_HOOK_INIT(bprm_check_security, ipe_bprm_check_security),
> @@ -33,6 +43,9 @@ static struct security_hook_list ipe_hooks[] __lsm_ro_after_init = {
> LSM_HOOK_INIT(bdev_free_security, ipe_bdev_free_security),
> LSM_HOOK_INIT(bdev_setsecurity, ipe_bdev_setsecurity),
> #endif
> +#ifdef CONFIG_IPE_PROP_FS_VERITY
> + LSM_HOOK_INIT(inode_setsecurity, ipe_inode_setsecurity),
> +#endif /* CONFIG_IPE_PROP_FS_VERITY */
> };
>
> /**
> diff --git a/security/ipe/ipe.h b/security/ipe/ipe.h
> index c2594a45b8f2..138fda645ecf 100644
> --- a/security/ipe/ipe.h
> +++ b/security/ipe/ipe.h
> @@ -15,5 +15,8 @@ extern bool ipe_enabled;
> #ifdef CONFIG_IPE_PROP_DM_VERITY
> struct ipe_bdev *ipe_bdev(struct block_device *b);
> #endif /* CONFIG_IPE_PROP_DM_VERITY */
> +#ifdef CONFIG_IPE_PROP_FS_VERITY
> +struct ipe_inode *ipe_inode(const struct inode *inode);
> +#endif /* CONFIG_IPE_PROP_FS_VERITY */
>
> #endif /* IPE_H */
> diff --git a/security/ipe/policy.h b/security/ipe/policy.h
> index 324eb76c6067..50b8f4c49bc7 100644
> --- a/security/ipe/policy.h
> +++ b/security/ipe/policy.h
> @@ -31,6 +31,9 @@ enum ipe_prop_type {
> ipe_prop_dmv_roothash,
> ipe_prop_dmv_sig_false,
> ipe_prop_dmv_sig_true,
> + ipe_prop_fsv_digest,
> + ipe_prop_fsv_sig_false,
> + ipe_prop_fsv_sig_true,
> ipe_prop_max
> };
>
> diff --git a/security/ipe/policy_parser.c b/security/ipe/policy_parser.c
> index 50a6a763e842..799ee7fda974 100644
> --- a/security/ipe/policy_parser.c
> +++ b/security/ipe/policy_parser.c
> @@ -273,6 +273,11 @@ static const match_table_t property_tokens = {
> {ipe_prop_dmv_sig_false, "dmverity_signature=FALSE"},
> {ipe_prop_dmv_sig_true, "dmverity_signature=TRUE"},
> #endif /* CONFIG_IPE_PROP_DM_VERITY */
> +#ifdef CONFIG_IPE_PROP_FS_VERITY
> + {ipe_prop_fsv_digest, "fsverity_digest=%s"},
> + {ipe_prop_fsv_sig_false, "fsverity_signature=FALSE"},
> + {ipe_prop_fsv_sig_true, "fsverity_signature=TRUE"},
> +#endif /* CONFIG_IPE_PROP_FS_VERITY */
> {ipe_prop_max, NULL}
> };
>
> @@ -304,6 +309,7 @@ int parse_property(char *t, struct ipe_rule *r)
>
> switch (token) {
> case ipe_prop_dmv_roothash:
> + case ipe_prop_fsv_digest:
> dup = match_strdup(&args[0]);
> if (!dup) {
> rc = -ENOMEM;
> @@ -315,6 +321,8 @@ int parse_property(char *t, struct ipe_rule *r)
> case ipe_prop_boot_verified_true:
> case ipe_prop_dmv_sig_false:
> case ipe_prop_dmv_sig_true:
> + case ipe_prop_fsv_sig_false:
> + case ipe_prop_fsv_sig_true:
> p->type = token;
> break;
> case ipe_prop_max:
--
Linux-audit mailing list
Linux-audit@redhat.com
https://listman.redhat.com/mailman/listinfo/linux-audit
next prev parent reply other threads:[~2023-01-31 14:29 UTC|newest]
Thread overview: 74+ messages / expand[flat|nested] mbox.gz Atom feed top
2023-01-30 22:57 [RFC PATCH v9 00/16] Integrity Policy Enforcement LSM (IPE) Fan Wu
2023-01-30 22:57 ` [RFC PATCH v9 01/16] security: add ipe lsm Fan Wu
2023-03-02 19:00 ` Paul Moore
2023-04-06 19:20 ` Fan Wu
2023-01-30 22:57 ` [RFC PATCH v9 02/16] ipe: add policy parser Fan Wu
2023-01-31 10:53 ` Roberto Sassu
2023-02-01 22:38 ` Fan Wu
2023-03-02 19:02 ` Paul Moore
2023-04-06 20:00 ` Fan Wu
2023-04-11 19:13 ` Paul Moore
2023-01-30 22:57 ` [RFC PATCH v9 03/16] ipe: add evaluation loop and introduce 'boot_verified' as a trust provider Fan Wu
2023-01-31 10:29 ` Roberto Sassu
2023-01-31 15:49 ` Roberto Sassu
2023-02-10 23:21 ` Fan Wu
2023-03-02 2:33 ` Paul Moore
2023-03-02 19:03 ` Paul Moore
2023-04-10 18:53 ` Fan Wu
2023-04-11 20:32 ` Paul Moore
2023-01-30 22:57 ` [RFC PATCH v9 04/16] security: add new securityfs delete function Fan Wu
2023-01-30 22:57 ` [RFC PATCH v9 05/16] ipe: add userspace interface Fan Wu
2023-01-31 10:49 ` Roberto Sassu
2023-02-01 19:46 ` Fan Wu
2023-03-02 19:04 ` Paul Moore
2023-04-10 19:10 ` Fan Wu
2023-04-11 21:45 ` Paul Moore
2023-04-12 23:36 ` Fan Wu
2023-04-13 18:45 ` Paul Moore
2023-04-17 18:06 ` Fan Wu
2023-04-17 20:16 ` Paul Moore
2023-04-17 21:18 ` Fan Wu
2023-04-17 21:31 ` Paul Moore
2023-01-30 22:57 ` [RFC PATCH v9 06/16] ipe: add LSM hooks on execution and kernel read Fan Wu
2023-01-31 12:51 ` Roberto Sassu
2023-02-09 22:42 ` Fan Wu
2023-03-02 19:05 ` Paul Moore
2023-04-10 21:22 ` Fan Wu
2023-01-30 22:57 ` [RFC PATCH v9 07/16] uapi|audit|ipe: add ipe auditing support Fan Wu
2023-01-31 12:57 ` Roberto Sassu
2023-01-31 17:10 ` Steve Grubb
2023-03-02 19:05 ` Paul Moore
2023-03-16 22:53 ` Fan Wu
2023-04-11 23:07 ` Paul Moore
2023-04-11 23:21 ` Paul Moore
2023-01-30 22:57 ` [RFC PATCH v9 08/16] ipe: add permissive toggle Fan Wu
2023-03-02 19:06 ` Paul Moore
2023-01-30 22:57 ` [RFC PATCH v9 09/16] block|security: add LSM blob to block_device Fan Wu
2023-01-31 8:53 ` Christoph Hellwig
2023-01-31 23:01 ` Fan Wu
2023-03-02 19:07 ` Paul Moore
2023-01-30 22:57 ` [RFC PATCH v9 10/16] dm-verity: consume root hash digest and signature data via LSM hook Fan Wu
2023-01-31 13:22 ` Roberto Sassu
2023-02-01 23:26 ` Fan Wu
2023-02-02 8:21 ` Roberto Sassu
2023-02-07 23:52 ` Fan Wu
2023-01-30 22:57 ` [RFC PATCH v9 11/16] ipe: add support for dm-verity as a trust provider Fan Wu
2023-03-02 19:08 ` Paul Moore
2023-03-16 22:10 ` Fan Wu
2023-01-30 22:57 ` [RFC PATCH v9 12/16] fsverity: consume builtin signature via LSM hook Fan Wu
2023-02-09 3:30 ` Eric Biggers
2023-02-09 22:21 ` Fan Wu
2023-01-30 22:57 ` [RFC PATCH v9 13/16] ipe: enable support for fs-verity as a trust provider Fan Wu
2023-01-31 14:00 ` Roberto Sassu [this message]
2023-02-01 23:50 ` Fan Wu
2023-02-02 9:51 ` Roberto Sassu
2023-02-08 0:16 ` Fan Wu
2023-01-30 22:57 ` [RFC PATCH v9 14/16] scripts: add boot policy generation program Fan Wu
2023-01-30 22:57 ` [RFC PATCH v9 15/16] ipe: kunit test for parser Fan Wu
2023-01-30 22:57 ` [RFC PATCH v9 16/16] documentation: add ipe documentation Fan Wu
2023-01-31 3:59 ` Bagas Sanjaya
2023-02-02 0:19 ` Fan Wu
2023-01-31 14:22 ` [RFC PATCH v9 00/16] Integrity Policy Enforcement LSM (IPE) Roberto Sassu
2023-02-01 0:48 ` Fan Wu
2023-02-02 10:48 ` Roberto Sassu
2023-02-08 0:31 ` Fan Wu
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=d62907da62b5e0b25c9d7bd4b3119a3d1827bd29.camel@huaweicloud.com \
--to=roberto.sassu@huaweicloud.com \
--cc=agk@redhat.com \
--cc=axboe@kernel.dk \
--cc=corbet@lwn.net \
--cc=deven.desai@linux.microsoft.com \
--cc=dm-devel@redhat.com \
--cc=ebiggers@kernel.org \
--cc=eparis@redhat.com \
--cc=jmorris@namei.org \
--cc=linux-audit@redhat.com \
--cc=linux-block@vger.kernel.org \
--cc=linux-doc@vger.kernel.org \
--cc=linux-fscrypt@vger.kernel.org \
--cc=linux-integrity@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-security-module@vger.kernel.org \
--cc=paul@paul-moore.com \
--cc=roberto.sassu@huawei.com \
--cc=serge@hallyn.com \
--cc=snitzer@kernel.org \
--cc=tytso@mit.edu \
--cc=wufan@linux.microsoft.com \
--cc=zohar@linux.ibm.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).