On Mon, Nov 29, 2021 at 12:00:55PM -0500, Mimi Zohar wrote: > To differentiate between a regular file hash and an fs-verity file digest > based signature stored as security.ima xattr, define a new signature type > named IMA_VERITY_DIGSIG. > > Signed-off-by: Mimi Zohar <zohar@xxxxxxxxxxxxx> For this new signature type, what bytes are actually signed? It looks like it's just the raw digest, which isn't sufficient since it is ambiguous. It needs to include information that makes it clear what the signer is actually signing, such as "this is an fs-verity SHA-256 file digest". See 'struct fsverity_formatted_digest' for an example of this (but it isn't necessary to use that exact structure). I think the existing IMA signatures have the same problem (but it is hard for me to understand the code). However, a new signature type doesn't have backwards-compatibility concerns, so it could be done right. - Eric