From: Eric Biggers <ebiggers@kernel.org>
To: Mimi Zohar <zohar@linux.ibm.com>
Cc: linux-integrity@vger.kernel.org, linux-fscrypt@vger.kernel.org,
linux-kernel@vger.kernel.org
Subject: Re: [PATCH 2/4] ima: define a new signature type named IMA_VERITY_DIGSIG
Date: Mon, 29 Nov 2021 18:33:03 -0800 [thread overview]
Message-ID: <YaWNX3nwslG/Q2aH@sol.localdomain> (raw)
In-Reply-To: <20211129170057.243127-3-zohar@linux.ibm.com>
On Mon, Nov 29, 2021 at 12:00:55PM -0500, Mimi Zohar wrote:
> To differentiate between a regular file hash and an fs-verity file digest
> based signature stored as security.ima xattr, define a new signature type
> named IMA_VERITY_DIGSIG.
>
> Signed-off-by: Mimi Zohar <zohar@linux.ibm.com>
For this new signature type, what bytes are actually signed? It looks like it's
just the raw digest, which isn't sufficient since it is ambiguous. It needs to
include information that makes it clear what the signer is actually signing,
such as "this is an fs-verity SHA-256 file digest". See
'struct fsverity_formatted_digest' for an example of this (but it isn't
necessary to use that exact structure).
I think the existing IMA signatures have the same problem (but it is hard for me
to understand the code). However, a new signature type doesn't have
backwards-compatibility concerns, so it could be done right.
- Eric
next prev parent reply other threads:[~2021-11-30 2:33 UTC|newest]
Thread overview: 23+ messages / expand[flat|nested] mbox.gz Atom feed top
2021-11-29 17:00 [PATCH 0/4] ima: support fs-verity signatures stored as Mimi Zohar
2021-11-29 17:00 ` [PATCH 1/4] fs-verity: define a function to return the integrity protected file digest Mimi Zohar
2021-11-29 23:16 ` kernel test robot
2021-11-29 23:36 ` kernel test robot
2021-11-30 2:19 ` Eric Biggers
2021-11-30 5:33 ` Lakshmi Ramasubramanian
2021-11-30 6:30 ` Eric Biggers
2021-11-29 17:00 ` [PATCH 2/4] ima: define a new signature type named IMA_VERITY_DIGSIG Mimi Zohar
2021-11-30 2:33 ` Eric Biggers [this message]
2021-11-30 18:14 ` Mimi Zohar
2021-12-02 16:25 ` Mimi Zohar
2021-12-02 21:17 ` Eric Biggers
2021-12-02 21:56 ` Mimi Zohar
2021-11-29 17:00 ` [PATCH 3/4] ima: limit including fs-verity's file digest in measurement list Mimi Zohar
2021-11-30 2:35 ` Eric Biggers
2021-11-30 13:15 ` Mimi Zohar
2021-11-30 5:46 ` Lakshmi Ramasubramanian
2021-11-29 17:00 ` [PATCH 4/4] ima: support fs-verity file digest based signatures Mimi Zohar
2021-11-30 5:56 ` Lakshmi Ramasubramanian
2021-11-30 13:36 ` Mimi Zohar
2021-11-30 2:36 ` [PATCH 0/4] ima: support fs-verity signatures stored as Eric Biggers
2021-11-30 12:56 ` Mimi Zohar
2021-11-30 22:49 ` Mimi Zohar
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=YaWNX3nwslG/Q2aH@sol.localdomain \
--to=ebiggers@kernel.org \
--cc=linux-fscrypt@vger.kernel.org \
--cc=linux-integrity@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=zohar@linux.ibm.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).