On Sun, 2024-03-17 at 22:17 -0700, Eric Biggers wrote: > On Fri, Mar 15, 2024 at 08:35:48PM -0700, Fan Wu wrote: > > +config IPE_PROP_FS_VERITY > > + bool "Enable property for fs-verity files" > > + depends on FS_VERITY && FS_VERITY_BUILTIN_SIGNATURES > > + help > > + This option enables the usage of properties "fsverity_signature" > > + and "fsverity_digest". These properties evaluate to TRUE when > > + a file is fsverity enabled and with a signed digest > > Again: why would anyone care if there is a signature, if that signature is not > checked. > > I think you meant to write something like: "when a file is fsverity enabled and > has a valid builtin signature whose signing cert is in the .fs-verity keyring". I was also thinking the same. I didn't follow the recent development closely, but unless IPE locks somehow the .fs-verity keyring, the property you suggested would not be immutable. Meaning that someone can add/remove a key in that keyring, making the property true or false. Roberto
