On Thu, Dec 08, 2022 at 08:42:56PM +0000, Luca Boccassi wrote:
> On Thu, 8 Dec 2022 at 03:35, Eric Biggers <ebiggers@xxxxxxxxxx> wrote:
> >
> > From: Eric Biggers <ebiggers@xxxxxxxxxx>
> >
> > An issue that arises when migrating from builtin signatures to userspace
> > signatures is that existing files that have builtin signatures cannot be
> > opened unless either CONFIG_FS_VERITY_BUILTIN_SIGNATURES is disabled or
> > the signing certificate is left in the .fs-verity keyring.
> >
> > Since builtin signatures provide no security benefit when
> > fs.verity.require_signatures=0 anyway, let's just skip the signature
> > verification in this case.
> >
> > Fixes: 432434c9f8e1 ("fs-verity: support builtin file signatures")
> > Cc: <stable@xxxxxxxxxxxxxxx> # v5.4+
> > Signed-off-by: Eric Biggers <ebiggers@xxxxxxxxxx>
> > ---
> > fs/verity/signature.c | 18 ++++++++++++++++--
> > 1 file changed, 16 insertions(+), 2 deletions(-)
>
> Acked-by: Luca Boccassi <bluca@xxxxxxxxxx>
So if I can't apply
https://lore.kernel.org/linux-fscrypt/20221208033548.122704-1-ebiggers@xxxxxxxxxx
("fsverity: mark builtin signatures as deprecated") due to IPE, wouldn't I not
be able to apply this patch either? Surely IPE isn't depending on
fs.verity.require_signatures=1, given that it enforces the policy itself?
- Eric
