Re: [PATCH 2/4] ima: define a new signature type named IMA_VERITY_DIGSIG

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Mon, Nov 29, 2021 at 12:00:55PM -0500, Mimi Zohar wrote:
> To differentiate between a regular file hash and an fs-verity file digest
> based signature stored as security.ima xattr, define a new signature type
> named IMA_VERITY_DIGSIG.
> 
> Signed-off-by: Mimi Zohar <zohar@xxxxxxxxxxxxx>

For this new signature type, what bytes are actually signed?  It looks like it's
just the raw digest, which isn't sufficient since it is ambiguous.  It needs to
include information that makes it clear what the signer is actually signing,
such as "this is an fs-verity SHA-256 file digest".  See
'struct fsverity_formatted_digest' for an example of this (but it isn't
necessary to use that exact structure).

I think the existing IMA signatures have the same problem (but it is hard for me
to understand the code).  However, a new signature type doesn't have
backwards-compatibility concerns, so it could be done right.

- Eric



[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Index of Archives]     [Linux Kernel]     [Linux Kernel Hardening]     [Linux NFS]     [Linux NILFS]     [Linux USB Devel]     [Video for Linux]     [Linux Audio Users]     [Yosemite News]     [Linux SCSI]

  Powered by Linux