| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <59357d13-c980-4f5a-a9e1-6ad6e480d46e@linux.microsoft.com> Date: Mon, 18 Mar 2024 13:40:41 -0700 From: Fan Wu <wufan@...ux.microsoft.com> To: Eric Biggers <ebiggers@...nel.org> Cc: corbet@....net, zohar@...ux.ibm.com, jmorris@...ei.org, serge@...lyn.com, tytso@....edu, axboe@...nel.dk, agk@...hat.com, snitzer@...nel.org, eparis@...hat.com, paul@...l-moore.com, linux-doc@...r.kernel.org, linux-integrity@...r.kernel.org, linux-security-module@...r.kernel.org, fsverity@...ts.linux.dev, linux-block@...r.kernel.org, dm-devel@...ts.linux.dev, audit@...r.kernel.org, linux-kernel@...r.kernel.org, Deven Bowers <deven.desai@...ux.microsoft.com> Subject: Re: [RFC PATCH v15 18/21] ipe: enable support for fs-verity as a trust provider On 3/17/2024 10:17 PM, Eric Biggers wrote: > On Fri, Mar 15, 2024 at 08:35:48PM -0700, Fan Wu wrote: >> +config IPE_PROP_FS_VERITY >> + bool "Enable property for fs-verity files" >> + depends on FS_VERITY && FS_VERITY_BUILTIN_SIGNATURES >> + help >> + This option enables the usage of properties "fsverity_signature" >> + and "fsverity_digest". These properties evaluate to TRUE when >> + a file is fsverity enabled and with a signed digest > > Again: why would anyone care if there is a signature, if that signature is not > checked. > > I think you meant to write something like: "when a file is fsverity enabled and > has a valid builtin signature whose signing cert is in the .fs-verity keyring". > > - Eric Thanks for the suggestion. I agree this is a more accurate description. I'll update the description to include these details. -Fan
Powered by blists - more mailing lists