Re: [PATCH] dm verity: fallback to platform keyring also if key in trusted keyring is rejected

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Wed Sep 25, 2024 at 7:53 PM EEST, Eric Biggers wrote:
> On Wed, Sep 25, 2024 at 12:05:59PM +0300, Jarkko Sakkinen wrote:
> > On Wed Sep 25, 2024 at 11:03 AM EEST, Milan Broz wrote:
> > > >> Doesn't dm-verity have a maintainer?
> > >
> > > (This reminds me of a nice comment from Neil about "little walled
> > > gardens" between MD & DM.  Apparently it applies to other subsystems
> > > as well. Sorry, I couldn't resist to mention it :-)
> > 
> > Np, it's just that last and only time I've ever read anything about
> > dm-verity was 2011 article :-)
> > 
> > I will rephrase question: does dm-verity have a user? ;-)
> > 
> > BR, Jarkko
>
> Sorry if I was unclear.  dm-verity is widely used, including by all Android and
> Chrome OS devices.  But this patch is about dm-verity's in-kernel signature
> verification which is an optional sub-feature that is not widely used.  That
> sub-feature is apparently difficult to test and not clearly specified, which is
> why people seem to be struggling a bit with this patch.

NP, I learned a new thing ;-)

Before Linux I worked with Symbian (ugh) so this whole scheme for doing
FW updates is familiar to me from the dark ages...

And I acked the change too!

> - Eric

BR, Jarkko





[Index of Archives]     [DM Crypt]     [Fedora Desktop]     [ATA RAID]     [Fedora Marketing]     [Fedora Packaging]     [Fedora SELinux]     [Yosemite Discussion]     [KDE Users]     [Fedora Docs]

  Powered by Linux