[PATCH v4 8/8] fsverity: update the documentation

From: Mimi Zohar
Date: Mon Feb 07 2022 - 20:49:07 EST

Next message: Cai Huoqing: "[PATCH v2] net: ethernet: litex: Add the dependency on HAS_IOMEM"
Previous message: Andy Lutomirski: "Re: [PATCH 00/35] Shadow stacks for userspace"
In reply to: Mimi Zohar: "[PATCH v4 2/8] ima: define ima_max_digest_data struct without a flexible array variable"
Next in thread: Mimi Zohar: "[PATCH v4 5/8] ima: permit fsverity's file digests in the IMA measurement list"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Update the fsverity documentation related to IMA signature support.

Signed-off-by: Mimi Zohar <zohar@xxxxxxxxxxxxx>
---
Documentation/filesystems/fsverity.rst | 22 +++++++++++++---------
1 file changed, 13 insertions(+), 9 deletions(-)

diff --git a/Documentation/filesystems/fsverity.rst b/Documentation/filesystems/fsverity.rst
index 1d831e3cbcb3..28a47488848e 100644
--- a/Documentation/filesystems/fsverity.rst
+++ b/Documentation/filesystems/fsverity.rst
@@ -74,8 +74,12 @@ authenticating the files is up to userspace. However, to meet some
users' needs, fs-verity optionally supports a simple signature
verification mechanism where users can configure the kernel to require
that all fs-verity files be signed by a key loaded into a keyring; see
-`Built-in signature verification`_. Support for fs-verity file hashes
-in IMA (Integrity Measurement Architecture) policies is also planned.
+`Built-in signature verification`_.
+
+IMA supports including fs-verity file digests and signatures in the
+IMA (Integrity Measurement Architecture) measurement list and
+verifying fs-verity based file signatures stored as security.ima
+xattrs, based on policy.

User API
========
@@ -653,13 +657,13 @@ weren't already directly answered in other parts of this document.
hashed and what to do with those hashes, such as log them,
authenticate them, or add them to a measurement list.

- IMA is planned to support the fs-verity hashing mechanism as an
- alternative to doing full file hashes, for people who want the
- performance and security benefits of the Merkle tree based hash.
- But it doesn't make sense to force all uses of fs-verity to be
- through IMA. As a standalone filesystem feature, fs-verity
- already meets many users' needs, and it's testable like other
- filesystem features e.g. with xfstests.
+ IMA supports the fs-verity hashing mechanism as an alternative
+ to doing full file hashes, for people who want the performance
+ and security benefits of the Merkle tree based hash. But it
+ doesn't make sense to force all uses of fs-verity to be through
+ IMA. As a standalone filesystem feature, fs-verity already meets
+ many users' needs, and it's testable like other filesystem
+ features e.g. with xfstests.

:Q: Isn't fs-verity useless because the attacker can just modify the
hashes in the Merkle tree, which is stored on-disk?
--
2.27.0

Next message: Cai Huoqing: "[PATCH v2] net: ethernet: litex: Add the dependency on HAS_IOMEM"
Previous message: Andy Lutomirski: "Re: [PATCH 00/35] Shadow stacks for userspace"
In reply to: Mimi Zohar: "[PATCH v4 2/8] ima: define ima_max_digest_data struct without a flexible array variable"
Next in thread: Mimi Zohar: "[PATCH v4 5/8] ima: permit fsverity's file digests in the IMA measurement list"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]