Hello,
I'm working on a project where I use the dm-verity data mapper on top of a regular emmc device block. The intent is that once the verity device mapper is verified successfully (top level hash verification) on top of the emmc block device and mounted to a filesystem (ext4) that the filesystem is trusted in some way and store that bit of information somewhere in kernel space. My original thought was to think that the new dm-verity block device would of had it's own backing_dev_info structure on which I would of added a new capability called BDI_CAP_TRUSTED which then could of been used for additional checks to see if files come from a trusted file system. I instrumented the kernel exec command to verify if the backing_dev_info was different depending on if a file same from a dm-verity mounted filesystem compared to another filesystem which is not dm-verity (both are on the same emmc block device). After executing I realized after that inspecting the backing_dev_info of each file coming from these 2 different locations point to the same 'block' backing_dev_info structure so this obviously wouldn't work out of the box as easily.
Can one replace the backing_dev_info structure of a dm-verity block device with a custom one so I could add a 'trusted' flag to its capabilities? Then any file coming from that block device would allow me to verify the capabilities (in the kernel exec command for example).
If that can't be done, is there any other avenue in the kernel where this sort of flag could be added and verified on a file?
Hacking aorund in the kernel is all pretty new to me so I'm not aware of all the data structures invloved and how they relate to each other all over the kernel and its block/fs functionality.
If you know of any level of documentation that explains how it works, that would also be great to help me digest all of this.
Thanks
David
_______________________________________________ Kernelnewbies mailing list Kernelnewbies@xxxxxxxxxxxxxxxxx http://lists.kernelnewbies.org/mailman/listinfo/kernelnewbies
