Re: [RFC PATCH v3 0/1] Add dm verity root hash pkcs7 sig validation.

From: Milan Broz
Date: Sat Jun 08 2019 - 04:50:45 EST

Next message: Richard Weinberger: "Re: [PATCH] ubifs: Add support for zstd compression."
Previous message: Hariprasad Kelam: "[PATCH] nfc: nci: fix warning comparison to bool"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On 08/06/2019 00:31, Jaskaran Khurana wrote:
> This patch set adds in-kernel pkcs7 signature checking for the roothash of
> the dm-verity hash tree.
> The verification is to support cases where the roothash is not secured by
> Trusted Boot, UEFI Secureboot or similar technologies.

...
> drivers/md/Kconfig | 23 ++++++
> drivers/md/Makefile | 2 +-
> drivers/md/dm-verity-target.c | 34 +++++++-
> drivers/md/dm-verity-verify-sig.c | 132 ++++++++++++++++++++++++++++++
> drivers/md/dm-verity-verify-sig.h | 30 +++++++

Please could you also modify Documentation/device-mapper/verity.txt and
describe the new table parameter?

It would be also nice to have a reference example how to configure it,
including how to create the signature file.

Milan

Next message: Richard Weinberger: "Re: [PATCH] ubifs: Add support for zstd compression."
Previous message: Hariprasad Kelam: "[PATCH] nfc: nci: fix warning comparison to bool"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]