From: Fan Wu <wufan@linux.microsoft.com>
To: corbet@lwn.net, zohar@linux.ibm.com, jmorris@namei.org,
serge@hallyn.com, tytso@mit.edu, ebiggers@kernel.org,
axboe@kernel.dk, agk@redhat.com, snitzer@kernel.org,
eparis@redhat.com, paul@paul-moore.com
Cc: linux-doc@vger.kernel.org, linux-integrity@vger.kernel.org,
linux-security-module@vger.kernel.org,
linux-fscrypt@vger.kernel.org, linux-block@vger.kernel.org,
dm-devel@redhat.com, audit@vger.kernel.org,
roberto.sassu@huawei.com, linux-kernel@vger.kernel.org,
Deven Bowers <deven.desai@linux.microsoft.com>,
Fan Wu <wufan@linux.microsoft.com>
Subject: [RFC PATCH v11 05/19] ipe: introduce 'boot_verified' as a trust provider
Date: Wed, 4 Oct 2023 15:09:32 -0700 [thread overview]
Message-ID: <1696457386-3010-6-git-send-email-wufan@linux.microsoft.com> (raw)
In-Reply-To: <1696457386-3010-1-git-send-email-wufan@linux.microsoft.com>
From: Deven Bowers <deven.desai@linux.microsoft.com>
IPE is designed to provide system level trust guarantees, this usually
implies that trust starts from bootup with a hardware root of trust,
which validates the bootloader. After this, the bootloader verifies the
kernel and the initramfs.
As there's no currently supported integrity method for initramfs, and
it's typically already verified by the bootloader, introduce a property
that causes the first superblock to have an execution to be "pinned",
which is typically initramfs.
When the "pinned" device is unmounted, it will be "unpinned" and
`boot_verified` property will always evaluate to false afterward.
We use a pointer with a spin_lock to "pin" the device instead of rcu
because rcu synchronization may sleep, which is not allowed when
unmounting a device.
Signed-off-by: Deven Bowers <deven.desai@linux.microsoft.com>
Signed-off-by: Fan Wu <wufan@linux.microsoft.com>
---
v2:
+No Changes
v3:
+ Remove useless caching system
+ Move ipe_load_properties to this match
+ Minor changes from checkpatch --strict warnings
v4:
+ Remove comments from headers that was missed previously.
+ Grammatical corrections.
v5:
+ No significant changes
v6:
+ No changes
v7:
+ Reword and refactor patch 04/12 to [09/16], based on changes in the underlying system.
+ Add common audit function for boolean values
+ Use common audit function as implementation.
v8:
+ No changes
v9:
+ No changes
v10:
+ Replace struct file with struct super_block
v11:
+ Fix code style issues
---
security/ipe/eval.c | 72 +++++++++++++++++++++++++++++++++++-
security/ipe/eval.h | 2 +
security/ipe/hooks.c | 12 ++++++
security/ipe/hooks.h | 2 +
security/ipe/ipe.c | 1 +
security/ipe/policy.h | 2 +
security/ipe/policy_parser.c | 35 +++++++++++++++++-
7 files changed, 124 insertions(+), 2 deletions(-)
diff --git a/security/ipe/eval.c b/security/ipe/eval.c
index 8a8bcc5c7d7f..bdac4abc0ddb 100644
--- a/security/ipe/eval.c
+++ b/security/ipe/eval.c
@@ -9,6 +9,7 @@
#include <linux/file.h>
#include <linux/sched.h>
#include <linux/rcupdate.h>
+#include <linux/spinlock.h>
#include "ipe.h"
#include "eval.h"
@@ -16,6 +17,44 @@
struct ipe_policy __rcu *ipe_active_policy;
+static const struct super_block *pinned_sb;
+static DEFINE_SPINLOCK(pin_lock);
+#define FILE_SUPERBLOCK(f) ((f)->f_path.mnt->mnt_sb)
+
+/**
+ * pin_sb - Pin the underlying superblock of @f, marking it as trusted.
+ * @sb: Supplies a super_block structure to be pinned.
+ */
+static void pin_sb(const struct super_block *sb)
+{
+ if (!sb)
+ return;
+ spin_lock(&pin_lock);
+ if (!pinned_sb)
+ pinned_sb = sb;
+ spin_unlock(&pin_lock);
+}
+
+/**
+ * from_pinned - Determine whether @sb is the pinned super_block.
+ * @sb: Supplies a super_block to check against the pinned super_block.
+ *
+ * Return:
+ * * true - @sb is the pinned super_block
+ * * false - @sb is not the pinned super_block
+ */
+static bool from_pinned(const struct super_block *sb)
+{
+ bool rv;
+
+ if (!sb)
+ return false;
+ spin_lock(&pin_lock);
+ rv = !IS_ERR_OR_NULL(pinned_sb) && pinned_sb == sb;
+ spin_unlock(&pin_lock);
+ return rv;
+}
+
/**
* build_eval_ctx - Build an evaluation context.
* @ctx: Supplies a pointer to the context to be populdated.
@@ -26,8 +65,14 @@ void build_eval_ctx(struct ipe_eval_ctx *ctx,
const struct file *file,
enum ipe_op_type op)
{
+ if (op == IPE_OP_EXEC && file)
+ pin_sb(FILE_SUPERBLOCK(file));
+
ctx->file = file;
ctx->op = op;
+
+ if (file)
+ ctx->from_init_sb = from_pinned(FILE_SUPERBLOCK(file));
}
/**
@@ -42,7 +87,14 @@ void build_eval_ctx(struct ipe_eval_ctx *ctx,
static bool evaluate_property(const struct ipe_eval_ctx *const ctx,
struct ipe_prop *p)
{
- return false;
+ switch (p->type) {
+ case IPE_PROP_BOOT_VERIFIED_FALSE:
+ return !ctx->from_init_sb;
+ case IPE_PROP_BOOT_VERIFIED_TRUE:
+ return ctx->from_init_sb;
+ default:
+ return false;
+ }
}
/**
@@ -108,3 +160,21 @@ int ipe_evaluate_event(const struct ipe_eval_ctx *const ctx)
return 0;
}
+
+/**
+ * ipe_invalidate_pinned_sb - invalidate the ipe pinned super_block.
+ * @mnt_sb: super_block to check against the pinned super_block.
+ *
+ * This function is called a super_block like the initramfs's is freed,
+ * if the super_block is currently pinned by ipe it will be invalided,
+ * so ipe won't consider the block device is boot verified afterward.
+ */
+void ipe_invalidate_pinned_sb(const struct super_block *mnt_sb)
+{
+ spin_lock(&pin_lock);
+
+ if (mnt_sb == pinned_sb)
+ pinned_sb = ERR_PTR(-EIO);
+
+ spin_unlock(&pin_lock);
+}
diff --git a/security/ipe/eval.h b/security/ipe/eval.h
index cfdf3c8dfe8a..9769da42c65f 100644
--- a/security/ipe/eval.h
+++ b/security/ipe/eval.h
@@ -19,9 +19,11 @@ struct ipe_eval_ctx {
enum ipe_op_type op;
const struct file *file;
+ bool from_init_sb;
};
void build_eval_ctx(struct ipe_eval_ctx *ctx, const struct file *file, enum ipe_op_type op);
int ipe_evaluate_event(const struct ipe_eval_ctx *const ctx);
+void ipe_invalidate_pinned_sb(const struct super_block *mnt_sb);
#endif /* _IPE_EVAL_H */
diff --git a/security/ipe/hooks.c b/security/ipe/hooks.c
index 6164a9b53361..e9386762a597 100644
--- a/security/ipe/hooks.c
+++ b/security/ipe/hooks.c
@@ -181,3 +181,15 @@ int ipe_kernel_load_data(enum kernel_load_data_id id, bool contents)
build_eval_ctx(&ctx, NULL, op);
return ipe_evaluate_event(&ctx);
}
+
+/**
+ * ipe_sb_free_security - ipe security hook function for super_block.
+ * @mnt_sb: Supplies a pointer to a super_block is about to be freed.
+ *
+ * IPE does not have any structures with mnt_sb, but uses this hook to
+ * invalidate a pinned super_block.
+ */
+void ipe_sb_free_security(struct super_block *mnt_sb)
+{
+ ipe_invalidate_pinned_sb(mnt_sb);
+}
diff --git a/security/ipe/hooks.h b/security/ipe/hooks.h
index 23205452f758..ac0cdfd9877f 100644
--- a/security/ipe/hooks.h
+++ b/security/ipe/hooks.h
@@ -22,4 +22,6 @@ int ipe_kernel_read_file(struct file *file, enum kernel_read_file_id id,
int ipe_kernel_load_data(enum kernel_load_data_id id, bool contents);
+void ipe_sb_free_security(struct super_block *mnt_sb);
+
#endif /* _IPE_HOOKS_H */
diff --git a/security/ipe/ipe.c b/security/ipe/ipe.c
index 77c950459810..06da94a58aba 100644
--- a/security/ipe/ipe.c
+++ b/security/ipe/ipe.c
@@ -15,6 +15,7 @@ static struct security_hook_list ipe_hooks[] __ro_after_init = {
LSM_HOOK_INIT(file_mprotect, ipe_file_mprotect),
LSM_HOOK_INIT(kernel_read_file, ipe_kernel_read_file),
LSM_HOOK_INIT(kernel_load_data, ipe_kernel_load_data),
+ LSM_HOOK_INIT(sb_free_security, ipe_sb_free_security),
};
/**
diff --git a/security/ipe/policy.h b/security/ipe/policy.h
index 77aa91f2b953..45704465dc01 100644
--- a/security/ipe/policy.h
+++ b/security/ipe/policy.h
@@ -30,6 +30,8 @@ enum ipe_action_type {
#define IPE_ACTION_INVALID __IPE_ACTION_MAX
enum ipe_prop_type {
+ IPE_PROP_BOOT_VERIFIED_FALSE,
+ IPE_PROP_BOOT_VERIFIED_TRUE,
__IPE_PROP_MAX
};
diff --git a/security/ipe/policy_parser.c b/security/ipe/policy_parser.c
index c09458bd348d..ee7646de72ed 100644
--- a/security/ipe/policy_parser.c
+++ b/security/ipe/policy_parser.c
@@ -265,6 +265,12 @@ static enum ipe_action_type parse_action(char *t)
return match_token(t, action_tokens, args);
}
+static const match_table_t property_tokens = {
+ {IPE_PROP_BOOT_VERIFIED_FALSE, "boot_verified=FALSE"},
+ {IPE_PROP_BOOT_VERIFIED_TRUE, "boot_verified=TRUE"},
+ {IPE_PROP_INVALID, NULL}
+};
+
/**
* parse_property - Parse the property type given a token string.
* @t: Supplies the token string to be parsed.
@@ -277,7 +283,34 @@ static enum ipe_action_type parse_action(char *t)
*/
static int parse_property(char *t, struct ipe_rule *r)
{
- return -EBADMSG;
+ substring_t args[MAX_OPT_ARGS];
+ struct ipe_prop *p = NULL;
+ int rc = 0;
+ int token;
+
+ p = kzalloc(sizeof(*p), GFP_KERNEL);
+ if (!p)
+ return -ENOMEM;
+
+ token = match_token(t, property_tokens, args);
+
+ switch (token) {
+ case IPE_PROP_BOOT_VERIFIED_FALSE:
+ case IPE_PROP_BOOT_VERIFIED_TRUE:
+ p->type = token;
+ break;
+ default:
+ rc = -EBADMSG;
+ break;
+ }
+ if (rc)
+ goto err;
+ list_add_tail(&p->next, &r->props);
+
+ return rc;
+err:
+ kfree(p);
+ return rc;
}
/**
--
2.25.1
WARNING: multiple messages have this Message-ID (diff)
From: Fan Wu <wufan@linux.microsoft.com>
To: corbet@lwn.net, zohar@linux.ibm.com, jmorris@namei.org,
serge@hallyn.com, tytso@mit.edu, ebiggers@kernel.org,
axboe@kernel.dk, agk@redhat.com, snitzer@kernel.org,
eparis@redhat.com, paul@paul-moore.com
Cc: dm-devel@redhat.com, linux-doc@vger.kernel.org,
Deven Bowers <deven.desai@linux.microsoft.com>,
roberto.sassu@huawei.com, linux-security-module@vger.kernel.org,
linux-kernel@vger.kernel.org, linux-block@vger.kernel.org,
audit@vger.kernel.org, linux-fscrypt@vger.kernel.org,
Fan Wu <wufan@linux.microsoft.com>,
linux-integrity@vger.kernel.org
Subject: [dm-devel] [RFC PATCH v11 05/19] ipe: introduce 'boot_verified' as a trust provider
Date: Wed, 4 Oct 2023 15:09:32 -0700 [thread overview]
Message-ID: <1696457386-3010-6-git-send-email-wufan@linux.microsoft.com> (raw)
In-Reply-To: <1696457386-3010-1-git-send-email-wufan@linux.microsoft.com>
From: Deven Bowers <deven.desai@linux.microsoft.com>
IPE is designed to provide system level trust guarantees, this usually
implies that trust starts from bootup with a hardware root of trust,
which validates the bootloader. After this, the bootloader verifies the
kernel and the initramfs.
As there's no currently supported integrity method for initramfs, and
it's typically already verified by the bootloader, introduce a property
that causes the first superblock to have an execution to be "pinned",
which is typically initramfs.
When the "pinned" device is unmounted, it will be "unpinned" and
`boot_verified` property will always evaluate to false afterward.
We use a pointer with a spin_lock to "pin" the device instead of rcu
because rcu synchronization may sleep, which is not allowed when
unmounting a device.
Signed-off-by: Deven Bowers <deven.desai@linux.microsoft.com>
Signed-off-by: Fan Wu <wufan@linux.microsoft.com>
---
v2:
+No Changes
v3:
+ Remove useless caching system
+ Move ipe_load_properties to this match
+ Minor changes from checkpatch --strict warnings
v4:
+ Remove comments from headers that was missed previously.
+ Grammatical corrections.
v5:
+ No significant changes
v6:
+ No changes
v7:
+ Reword and refactor patch 04/12 to [09/16], based on changes in the underlying system.
+ Add common audit function for boolean values
+ Use common audit function as implementation.
v8:
+ No changes
v9:
+ No changes
v10:
+ Replace struct file with struct super_block
v11:
+ Fix code style issues
---
security/ipe/eval.c | 72 +++++++++++++++++++++++++++++++++++-
security/ipe/eval.h | 2 +
security/ipe/hooks.c | 12 ++++++
security/ipe/hooks.h | 2 +
security/ipe/ipe.c | 1 +
security/ipe/policy.h | 2 +
security/ipe/policy_parser.c | 35 +++++++++++++++++-
7 files changed, 124 insertions(+), 2 deletions(-)
diff --git a/security/ipe/eval.c b/security/ipe/eval.c
index 8a8bcc5c7d7f..bdac4abc0ddb 100644
--- a/security/ipe/eval.c
+++ b/security/ipe/eval.c
@@ -9,6 +9,7 @@
#include <linux/file.h>
#include <linux/sched.h>
#include <linux/rcupdate.h>
+#include <linux/spinlock.h>
#include "ipe.h"
#include "eval.h"
@@ -16,6 +17,44 @@
struct ipe_policy __rcu *ipe_active_policy;
+static const struct super_block *pinned_sb;
+static DEFINE_SPINLOCK(pin_lock);
+#define FILE_SUPERBLOCK(f) ((f)->f_path.mnt->mnt_sb)
+
+/**
+ * pin_sb - Pin the underlying superblock of @f, marking it as trusted.
+ * @sb: Supplies a super_block structure to be pinned.
+ */
+static void pin_sb(const struct super_block *sb)
+{
+ if (!sb)
+ return;
+ spin_lock(&pin_lock);
+ if (!pinned_sb)
+ pinned_sb = sb;
+ spin_unlock(&pin_lock);
+}
+
+/**
+ * from_pinned - Determine whether @sb is the pinned super_block.
+ * @sb: Supplies a super_block to check against the pinned super_block.
+ *
+ * Return:
+ * * true - @sb is the pinned super_block
+ * * false - @sb is not the pinned super_block
+ */
+static bool from_pinned(const struct super_block *sb)
+{
+ bool rv;
+
+ if (!sb)
+ return false;
+ spin_lock(&pin_lock);
+ rv = !IS_ERR_OR_NULL(pinned_sb) && pinned_sb == sb;
+ spin_unlock(&pin_lock);
+ return rv;
+}
+
/**
* build_eval_ctx - Build an evaluation context.
* @ctx: Supplies a pointer to the context to be populdated.
@@ -26,8 +65,14 @@ void build_eval_ctx(struct ipe_eval_ctx *ctx,
const struct file *file,
enum ipe_op_type op)
{
+ if (op == IPE_OP_EXEC && file)
+ pin_sb(FILE_SUPERBLOCK(file));
+
ctx->file = file;
ctx->op = op;
+
+ if (file)
+ ctx->from_init_sb = from_pinned(FILE_SUPERBLOCK(file));
}
/**
@@ -42,7 +87,14 @@ void build_eval_ctx(struct ipe_eval_ctx *ctx,
static bool evaluate_property(const struct ipe_eval_ctx *const ctx,
struct ipe_prop *p)
{
- return false;
+ switch (p->type) {
+ case IPE_PROP_BOOT_VERIFIED_FALSE:
+ return !ctx->from_init_sb;
+ case IPE_PROP_BOOT_VERIFIED_TRUE:
+ return ctx->from_init_sb;
+ default:
+ return false;
+ }
}
/**
@@ -108,3 +160,21 @@ int ipe_evaluate_event(const struct ipe_eval_ctx *const ctx)
return 0;
}
+
+/**
+ * ipe_invalidate_pinned_sb - invalidate the ipe pinned super_block.
+ * @mnt_sb: super_block to check against the pinned super_block.
+ *
+ * This function is called a super_block like the initramfs's is freed,
+ * if the super_block is currently pinned by ipe it will be invalided,
+ * so ipe won't consider the block device is boot verified afterward.
+ */
+void ipe_invalidate_pinned_sb(const struct super_block *mnt_sb)
+{
+ spin_lock(&pin_lock);
+
+ if (mnt_sb == pinned_sb)
+ pinned_sb = ERR_PTR(-EIO);
+
+ spin_unlock(&pin_lock);
+}
diff --git a/security/ipe/eval.h b/security/ipe/eval.h
index cfdf3c8dfe8a..9769da42c65f 100644
--- a/security/ipe/eval.h
+++ b/security/ipe/eval.h
@@ -19,9 +19,11 @@ struct ipe_eval_ctx {
enum ipe_op_type op;
const struct file *file;
+ bool from_init_sb;
};
void build_eval_ctx(struct ipe_eval_ctx *ctx, const struct file *file, enum ipe_op_type op);
int ipe_evaluate_event(const struct ipe_eval_ctx *const ctx);
+void ipe_invalidate_pinned_sb(const struct super_block *mnt_sb);
#endif /* _IPE_EVAL_H */
diff --git a/security/ipe/hooks.c b/security/ipe/hooks.c
index 6164a9b53361..e9386762a597 100644
--- a/security/ipe/hooks.c
+++ b/security/ipe/hooks.c
@@ -181,3 +181,15 @@ int ipe_kernel_load_data(enum kernel_load_data_id id, bool contents)
build_eval_ctx(&ctx, NULL, op);
return ipe_evaluate_event(&ctx);
}
+
+/**
+ * ipe_sb_free_security - ipe security hook function for super_block.
+ * @mnt_sb: Supplies a pointer to a super_block is about to be freed.
+ *
+ * IPE does not have any structures with mnt_sb, but uses this hook to
+ * invalidate a pinned super_block.
+ */
+void ipe_sb_free_security(struct super_block *mnt_sb)
+{
+ ipe_invalidate_pinned_sb(mnt_sb);
+}
diff --git a/security/ipe/hooks.h b/security/ipe/hooks.h
index 23205452f758..ac0cdfd9877f 100644
--- a/security/ipe/hooks.h
+++ b/security/ipe/hooks.h
@@ -22,4 +22,6 @@ int ipe_kernel_read_file(struct file *file, enum kernel_read_file_id id,
int ipe_kernel_load_data(enum kernel_load_data_id id, bool contents);
+void ipe_sb_free_security(struct super_block *mnt_sb);
+
#endif /* _IPE_HOOKS_H */
diff --git a/security/ipe/ipe.c b/security/ipe/ipe.c
index 77c950459810..06da94a58aba 100644
--- a/security/ipe/ipe.c
+++ b/security/ipe/ipe.c
@@ -15,6 +15,7 @@ static struct security_hook_list ipe_hooks[] __ro_after_init = {
LSM_HOOK_INIT(file_mprotect, ipe_file_mprotect),
LSM_HOOK_INIT(kernel_read_file, ipe_kernel_read_file),
LSM_HOOK_INIT(kernel_load_data, ipe_kernel_load_data),
+ LSM_HOOK_INIT(sb_free_security, ipe_sb_free_security),
};
/**
diff --git a/security/ipe/policy.h b/security/ipe/policy.h
index 77aa91f2b953..45704465dc01 100644
--- a/security/ipe/policy.h
+++ b/security/ipe/policy.h
@@ -30,6 +30,8 @@ enum ipe_action_type {
#define IPE_ACTION_INVALID __IPE_ACTION_MAX
enum ipe_prop_type {
+ IPE_PROP_BOOT_VERIFIED_FALSE,
+ IPE_PROP_BOOT_VERIFIED_TRUE,
__IPE_PROP_MAX
};
diff --git a/security/ipe/policy_parser.c b/security/ipe/policy_parser.c
index c09458bd348d..ee7646de72ed 100644
--- a/security/ipe/policy_parser.c
+++ b/security/ipe/policy_parser.c
@@ -265,6 +265,12 @@ static enum ipe_action_type parse_action(char *t)
return match_token(t, action_tokens, args);
}
+static const match_table_t property_tokens = {
+ {IPE_PROP_BOOT_VERIFIED_FALSE, "boot_verified=FALSE"},
+ {IPE_PROP_BOOT_VERIFIED_TRUE, "boot_verified=TRUE"},
+ {IPE_PROP_INVALID, NULL}
+};
+
/**
* parse_property - Parse the property type given a token string.
* @t: Supplies the token string to be parsed.
@@ -277,7 +283,34 @@ static enum ipe_action_type parse_action(char *t)
*/
static int parse_property(char *t, struct ipe_rule *r)
{
- return -EBADMSG;
+ substring_t args[MAX_OPT_ARGS];
+ struct ipe_prop *p = NULL;
+ int rc = 0;
+ int token;
+
+ p = kzalloc(sizeof(*p), GFP_KERNEL);
+ if (!p)
+ return -ENOMEM;
+
+ token = match_token(t, property_tokens, args);
+
+ switch (token) {
+ case IPE_PROP_BOOT_VERIFIED_FALSE:
+ case IPE_PROP_BOOT_VERIFIED_TRUE:
+ p->type = token;
+ break;
+ default:
+ rc = -EBADMSG;
+ break;
+ }
+ if (rc)
+ goto err;
+ list_add_tail(&p->next, &r->props);
+
+ return rc;
+err:
+ kfree(p);
+ return rc;
}
/**
--
2.25.1
--
dm-devel mailing list
dm-devel@redhat.com
https://listman.redhat.com/mailman/listinfo/dm-devel
next prev parent reply other threads:[~2023-10-04 22:10 UTC|newest]
Thread overview: 105+ messages / expand[flat|nested] mbox.gz Atom feed top
2023-10-04 22:09 [RFC PATCH v11 00/19] Integrity Policy Enforcement LSM (IPE) Fan Wu
2023-10-04 22:09 ` [dm-devel] " Fan Wu
2023-10-04 22:09 ` [RFC PATCH v11 01/19] security: add ipe lsm Fan Wu
2023-10-04 22:09 ` [dm-devel] " Fan Wu
2023-10-04 22:09 ` [RFC PATCH v11 02/19] ipe: add policy parser Fan Wu
2023-10-04 22:09 ` [dm-devel] " Fan Wu
2023-10-24 3:52 ` [PATCH RFC v11 2/19] " Paul Moore
2023-10-24 3:52 ` Paul Moore
2023-10-25 22:45 ` Fan Wu
2023-10-25 22:45 ` Fan Wu
2023-10-26 21:36 ` Paul Moore
2023-10-26 21:36 ` Paul Moore
2023-10-04 22:09 ` [RFC PATCH v11 03/19] ipe: add evaluation loop Fan Wu
2023-10-04 22:09 ` [dm-devel] " Fan Wu
2023-10-24 3:52 ` [PATCH RFC v11 3/19] " Paul Moore
2023-10-24 3:52 ` Paul Moore
2023-10-26 0:15 ` Fan Wu
2023-10-26 0:15 ` Fan Wu
2023-10-04 22:09 ` [RFC PATCH v11 04/19] ipe: add LSM hooks on execution and kernel read Fan Wu
2023-10-04 22:09 ` [dm-devel] " Fan Wu
2023-10-05 8:24 ` kernel test robot
2023-10-24 3:52 ` [PATCH RFC v11 4/19] " Paul Moore
2023-10-24 3:52 ` Paul Moore
2023-10-04 22:09 ` Fan Wu [this message]
2023-10-04 22:09 ` [dm-devel] [RFC PATCH v11 05/19] ipe: introduce 'boot_verified' as a trust provider Fan Wu
2023-10-24 3:52 ` [PATCH RFC v11 5/19] " Paul Moore
2023-10-24 3:52 ` Paul Moore
2023-10-26 21:33 ` Fan Wu
2023-10-26 21:33 ` Fan Wu
2023-10-26 22:12 ` Paul Moore
2023-10-26 22:12 ` Paul Moore
2023-11-02 22:46 ` Fan Wu
2023-11-03 22:15 ` Paul Moore
2023-11-03 22:30 ` Paul Moore
2023-10-04 22:09 ` [RFC PATCH v11 06/19] security: add new securityfs delete function Fan Wu
2023-10-04 22:09 ` [dm-devel] " Fan Wu
2023-10-04 22:09 ` [RFC PATCH v11 07/19] ipe: add userspace interface Fan Wu
2023-10-04 22:09 ` [dm-devel] " Fan Wu
2023-10-05 10:32 ` kernel test robot
2023-10-24 3:52 ` [PATCH RFC v11 7/19] " Paul Moore
2023-10-04 22:09 ` [RFC PATCH v11 08/19] uapi|audit|ipe: add ipe auditing support Fan Wu
2023-10-04 22:09 ` [dm-devel] " Fan Wu
2023-10-05 13:00 ` kernel test robot
2023-10-24 3:52 ` [PATCH RFC v11 8/19] " Paul Moore
2023-10-24 3:52 ` Paul Moore
2023-11-02 22:55 ` Fan Wu
2023-10-04 22:09 ` [RFC PATCH v11 09/19] ipe: add permissive toggle Fan Wu
2023-10-04 22:09 ` [dm-devel] " Fan Wu
2023-10-24 3:52 ` [PATCH RFC v11 9/19] " Paul Moore
2023-10-24 3:52 ` Paul Moore
2023-11-02 22:56 ` Fan Wu
2023-10-04 22:09 ` [RFC PATCH v11 10/19] block|security: add LSM blob to block_device Fan Wu
2023-10-04 22:09 ` [dm-devel] " Fan Wu
2023-10-04 22:09 ` [RFC PATCH v11 11/19] dm verity: set DM_TARGET_SINGLETON feature flag Fan Wu
2023-10-04 22:09 ` [dm-devel] " Fan Wu
2023-10-24 3:52 ` [PATCH RFC " Paul Moore
2023-10-24 3:52 ` Paul Moore
2023-11-02 0:40 ` Paul Moore
2023-10-04 22:09 ` [RFC PATCH v11 12/19] dm: add finalize hook to target_type Fan Wu
2023-10-04 22:09 ` [dm-devel] " Fan Wu
2023-10-24 3:52 ` [PATCH RFC " Paul Moore
2023-10-24 3:52 ` Paul Moore
2023-11-02 0:41 ` Paul Moore
2023-10-04 22:09 ` [RFC PATCH v11 13/19] dm verity: consume root hash digest and signature data via LSM hook Fan Wu
2023-10-04 22:09 ` [dm-devel] " Fan Wu
2023-10-24 3:52 ` [PATCH RFC " Paul Moore
2023-10-24 3:52 ` Paul Moore
2023-11-02 0:41 ` Paul Moore
2023-10-04 22:09 ` [RFC PATCH v11 14/19] ipe: add support for dm-verity as a trust provider Fan Wu
2023-10-04 22:09 ` [dm-devel] " Fan Wu
2023-10-24 3:52 ` [PATCH RFC " Paul Moore
2023-10-24 3:52 ` Paul Moore
2023-11-02 22:40 ` Fan Wu
2023-10-04 22:09 ` [RFC PATCH v11 15/19] fsverity: consume builtin signature via LSM hook Fan Wu
2023-10-04 22:09 ` [dm-devel] " Fan Wu
2023-10-05 2:27 ` Eric Biggers
2023-10-05 2:27 ` [dm-devel] " Eric Biggers
2023-10-05 2:49 ` Fan Wu
2023-10-05 2:49 ` Fan Wu
2023-10-24 3:52 ` [PATCH RFC " Paul Moore
2023-10-24 3:52 ` Paul Moore
2023-11-02 0:40 ` Paul Moore
2023-11-02 2:53 ` Eric Biggers
2023-11-02 15:42 ` Paul Moore
2023-11-02 19:33 ` Fan Wu
2023-10-04 22:09 ` [RFC PATCH v11 16/19] ipe: enable support for fs-verity as a trust provider Fan Wu
2023-10-04 22:09 ` [dm-devel] " Fan Wu
2023-10-04 23:58 ` Randy Dunlap
2023-10-04 23:58 ` [dm-devel] " Randy Dunlap
2023-10-05 2:45 ` Fan Wu
2023-10-05 2:45 ` [dm-devel] " Fan Wu
2023-10-24 3:52 ` [PATCH RFC " Paul Moore
2023-10-24 3:52 ` Paul Moore
2023-10-04 22:09 ` [RFC PATCH v11 17/19] scripts: add boot policy generation program Fan Wu
2023-10-04 22:09 ` [dm-devel] " Fan Wu
2023-10-24 3:52 ` [PATCH RFC " Paul Moore
2023-10-24 3:52 ` Paul Moore
2023-11-02 23:09 ` Fan Wu
2023-10-04 22:09 ` [RFC PATCH v11 18/19] ipe: kunit test for parser Fan Wu
2023-10-04 22:09 ` [dm-devel] " Fan Wu
2023-10-24 3:52 ` [PATCH RFC " Paul Moore
2023-10-24 3:52 ` Paul Moore
2023-11-02 23:11 ` Fan Wu
2023-10-04 22:09 ` [RFC PATCH v11 19/19] documentation: add ipe documentation Fan Wu
2023-10-04 22:09 ` [dm-devel] " Fan Wu
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=1696457386-3010-6-git-send-email-wufan@linux.microsoft.com \
--to=wufan@linux.microsoft.com \
--cc=agk@redhat.com \
--cc=audit@vger.kernel.org \
--cc=axboe@kernel.dk \
--cc=corbet@lwn.net \
--cc=deven.desai@linux.microsoft.com \
--cc=dm-devel@redhat.com \
--cc=ebiggers@kernel.org \
--cc=eparis@redhat.com \
--cc=jmorris@namei.org \
--cc=linux-block@vger.kernel.org \
--cc=linux-doc@vger.kernel.org \
--cc=linux-fscrypt@vger.kernel.org \
--cc=linux-integrity@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-security-module@vger.kernel.org \
--cc=paul@paul-moore.com \
--cc=roberto.sassu@huawei.com \
--cc=serge@hallyn.com \
--cc=snitzer@kernel.org \
--cc=tytso@mit.edu \
--cc=zohar@linux.ibm.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.