On Tue, Jan 31, 2023 at 12:53:59AM -0800, Christoph Hellwig wrote: > On Mon, Jan 30, 2023 at 02:57:24PM -0800, Fan Wu wrote: > > From: Deven Bowers <deven.desai@xxxxxxxxxxxxxxxxxxx> > > > > block_device structures can have valuable security properties, > > based on how they are created, and what subsystem manages them. > > That's a lot of cloudy talk but no real explanation. Sorry for being too general here. Currently the only use target of this hook is dm-verity. We use the newly added security hook to save the dm-verity roothash and signature to the new bdev security blob during the bdev creation time, so LSMs can leverage this information to protect the system. I will add this example in the next version. -Fan
