Minki/linux
1
0
Fork 1
mirror of https://github.com/torvalds/linux.git synced 2024-11-10 22:21:40 +00:00
Code Issues Packages Projects Releases Wiki Activity

fsverity: update the documentation

Browse Source 
Update the fsverity documentation related to IMA signature support.

Acked-by: Stefan Berger <stefanb@linux.ibm.com>
Acked-by: Eric Biggers <ebiggers@google.com>
Signed-off-by: Mimi Zohar <zohar@linux.ibm.com>
This commit is contained in:
Mimi Zohar 2021-12-02 13:13:51 -05:00
parent 398c42e2c4
commit 02ee2316b9
1 changed files with 23 additions and 12 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

35
Documentation/filesystems/fsverity.rst
View File

@ -70,12 +70,23 @@ must live on a read-write filesystem because they are independently
updated and potentially user-installed, so dm-verity cannot be used.
The base fs-verity feature is a hashing mechanism only; actually
authenticating the files is up to userspace. However, to meet some
users' needs, fs-verity optionally supports a simple signature
verification mechanism where users can configure the kernel to require
that all fs-verity files be signed by a key loaded into a keyring; see
`Built-in signature verification`_. Support for fs-verity file hashes
in IMA (Integrity Measurement Architecture) policies is also planned.
authenticating the files may be done by:
* Userspace-only
* Builtin signature verification + userspace policy
fs-verity optionally supports a simple signature verification
mechanism where users can configure the kernel to require that
all fs-verity files be signed by a key loaded into a keyring;
see `Built-in signature verification`_.
* Integrity Measurement Architecture (IMA)
IMA supports including fs-verity file digests and signatures in the
IMA measurement list and verifying fs-verity based file signatures
stored as security.ima xattrs, based on policy.
User API
========
@ -653,12 +664,12 @@ weren't already directly answered in other parts of this document.
hashed and what to do with those hashes, such as log them,
authenticate them, or add them to a measurement list.
IMA is planned to support the fs-verity hashing mechanism as an
alternative to doing full file hashes, for people who want the
performance and security benefits of the Merkle tree based hash.
But it doesn't make sense to force all uses of fs-verity to be
through IMA. As a standalone filesystem feature, fs-verity
already meets many users' needs, and it's testable like other
IMA supports the fs-verity hashing mechanism as an alternative
to full file hashes, for those who want the performance and
security benefits of the Merkle tree based hash. However, it
doesn't make sense to force all uses of fs-verity to be through
IMA. fs-verity already meets many users' needs even as a
standalone filesystem feature, and it's testable like other
filesystem features e.g. with xfstests.
:Q: Isn't fs-verity useless because the attacker can just modify the