[RFC PATCH v6 0/1] Add dm verity root hash pkcs7 sig validation.

From: Jaskaran Khurana
Date: Mon Jul 01 2019 - 14:20:21 EST

Next message: Jaskaran Khurana: "[RFC PATCH v6 1/1] Add dm verity root hash pkcs7 sig validation."
Previous message: David Ahern: "Re: [PATCH net v2] ipv4: don't set IPv6 only flags to IPv4 addresses"
Next in thread: Jaskaran Khurana: "[RFC PATCH v6 1/1] Add dm verity root hash pkcs7 sig validation."
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Changes in v6:

Address comments from Milan Broz and Eric Biggers on v5.

-Keep the verification code under config DM_VERITY_VERIFY_ROOTHASH_SIG.

-Change the command line parameter to requires_signatures(bool) which will
force root hash to be signed and trusted if specified.

-Fix the signature not being present in verity_status. Merged the
https://git.kernel.org/pub/scm/linux/kernel/git/mbroz/linux.git/commit/?h=dm-cryptsetup&id=a26c10806f5257e255b6a436713127e762935ad3
made by Milan Broz and tested it.

Jaskaran Khurana (1):
Add dm verity root hash pkcs7 sig validation.

Documentation/device-mapper/verity.txt | 7 ++
drivers/md/Kconfig | 12 +++
drivers/md/Makefile | 5 +
drivers/md/dm-verity-target.c | 43 +++++++-
drivers/md/dm-verity-verify-sig.c | 133 +++++++++++++++++++++++++
drivers/md/dm-verity-verify-sig.h | 60 +++++++++++
drivers/md/dm-verity.h | 2 +
7 files changed, 257 insertions(+), 5 deletions(-)
create mode 100644 drivers/md/dm-verity-verify-sig.c
create mode 100644 drivers/md/dm-verity-verify-sig.h

--
2.17.1

Next message: Jaskaran Khurana: "[RFC PATCH v6 1/1] Add dm verity root hash pkcs7 sig validation."
Previous message: David Ahern: "Re: [PATCH net v2] ipv4: don't set IPv6 only flags to IPv4 addresses"
Next in thread: Jaskaran Khurana: "[RFC PATCH v6 1/1] Add dm verity root hash pkcs7 sig validation."
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]