Re: [RFC PATCH v15 18/21] ipe: enable support for fs-verity as a trust provider

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Fri, Mar 15, 2024 at 08:35:48PM -0700, Fan Wu wrote:
> +config IPE_PROP_FS_VERITY
> +	bool "Enable property for fs-verity files"
> +	depends on FS_VERITY && FS_VERITY_BUILTIN_SIGNATURES
> +	help
> +	  This option enables the usage of properties "fsverity_signature"
> +	  and "fsverity_digest". These properties evaluate to TRUE when
> +	  a file is fsverity enabled and with a signed digest

Again: why would anyone care if there is a signature, if that signature is not
checked.

I think you meant to write something like: "when a file is fsverity enabled and
has a valid builtin signature whose signing cert is in the .fs-verity keyring".

- Eric




[Index of Archives]     [Linux RAID]     [Linux SCSI]     [Linux ATA RAID]     [IDE]     [Linux Wireless]     [Linux Kernel]     [ATH6KL]     [Linux Bluetooth]     [Linux Netdev]     [Kernel Newbies]     [Security]     [Git]     [Netfilter]     [Bugtraq]     [Yosemite News]     [MIPS Linux]     [ARM Linux]     [Linux Security]     [Device Mapper]

  Powered by Linux