On 19/01/2022 00:03, Eric Biggers wrote:
On Tue, Jan 18, 2022 at 09:50:21PM +0100, Antony Vennard wrote:
Hi All,
It's worth noting that if fs-verity built-in signatures are used, a trusted
userspace program is still required to determine and enforce the policy of which
files are required to be signed. The kernel only handles the actual signature
verification. This was basically a proof-of-concept which reused the kernel's
module signature verification code (which happens to use PKCS#7).
I'd encourage new users to either go all-in on a userspace solution, using a
trusted userspace program to verify signatures of fs-verity file digests;
*or* go all-in on an in-kernel solution, using the IMA support for fs-verity
which Mimi Zohar is working on. A userspace solution could use a simple
signature format, using a modern algorithm such as Ed25519. IMA uses a simple
signature format too, though it uses a complex format (X.509) for public keys.
FWIW I checked some of the options for hardware key storage. Thales HSMs
support Ed25519, at least according to their marketing materials.
Similarly Javacard 3.1 supports (will support) X/Ed 25519/448, so when
tokens supporting this emerge (if they haven't already) hardware support
for modern algorithms should exist too.
I therefore agree. Use Ed25519.
Antony