On Thu, Sep 08 2022 at 12:13P -0400, Kees Cook <keescook@xxxxxxxxxxxx> wrote: > On Thu, Sep 08, 2022 at 11:25:36AM -0400, Mike Snitzer wrote: > > On Wed, Sep 07 2022 at 6:34P -0400, > > Kees Cook <keescook@xxxxxxxxxxxx> wrote: > > > > > On Wed, 7 Sep 2022 13:30:58 -0700, Matthias Kaehlcke wrote: > > > > Verity targets can be configured to ignore corrupted data blocks. > > > > LoadPin must only trust verity targets that are configured to > > > > perform some kind of enforcement when data corruption is detected, > > > > like returning an error, restarting the system or triggering a > > > > panic. > > > > > > > > > > > > [...] > > > > > > Applied to for-next/hardening, thanks! > > > > > > [1/1] dm: verity-loadpin: Only trust verity targets with enforcement > > > https://git.kernel.org/kees/c/2e1875c05267 > > > > Does this mean you're intending to send this upstream? I prefer to > > take all DM changes unless there is an external dependency. > > Oh! Yeah, I added it to my tree since you'd asked me to take the > original verity-loadpin series and this was a fix. I'm happy either > way. Shall I drop this change from my tree? Let's leave it in your tree if you'll be sending this as a fix for 6.0-rc? But moving forward, I'll take new development that is localized to DM. Sound good? Thanks, Mike -- dm-devel mailing list dm-devel@xxxxxxxxxx https://listman.redhat.com/mailman/listinfo/dm-devel
