Skip to content

Commit

Permalink
fsverity: update the documentation
Browse files Browse the repository at this point in the history
Update the fsverity documentation related to IMA signature support.

Acked-by: Stefan Berger <[email protected]>
Acked-by: Eric Biggers <[email protected]>
Signed-off-by: Mimi Zohar <[email protected]>
  • Loading branch information
mimizohar committed May 12, 2022
1 parent 398c42e commit 02ee231
Showing 1 changed file with 23 additions and 12 deletions.
35 changes: 23 additions & 12 deletions Documentation/filesystems/fsverity.rst
Original file line number Diff line number Diff line change
Expand Up @@ -70,12 +70,23 @@ must live on a read-write filesystem because they are independently
updated and potentially user-installed, so dm-verity cannot be used.

The base fs-verity feature is a hashing mechanism only; actually
authenticating the files is up to userspace. However, to meet some
users' needs, fs-verity optionally supports a simple signature
verification mechanism where users can configure the kernel to require
that all fs-verity files be signed by a key loaded into a keyring; see
`Built-in signature verification`_. Support for fs-verity file hashes
in IMA (Integrity Measurement Architecture) policies is also planned.
authenticating the files may be done by:

* Userspace-only

* Builtin signature verification + userspace policy

fs-verity optionally supports a simple signature verification
mechanism where users can configure the kernel to require that
all fs-verity files be signed by a key loaded into a keyring;
see `Built-in signature verification`_.

* Integrity Measurement Architecture (IMA)

IMA supports including fs-verity file digests and signatures in the
IMA measurement list and verifying fs-verity based file signatures
stored as security.ima xattrs, based on policy.


User API
========
Expand Down Expand Up @@ -653,12 +664,12 @@ weren't already directly answered in other parts of this document.
hashed and what to do with those hashes, such as log them,
authenticate them, or add them to a measurement list.

IMA is planned to support the fs-verity hashing mechanism as an
alternative to doing full file hashes, for people who want the
performance and security benefits of the Merkle tree based hash.
But it doesn't make sense to force all uses of fs-verity to be
through IMA. As a standalone filesystem feature, fs-verity
already meets many users' needs, and it's testable like other
IMA supports the fs-verity hashing mechanism as an alternative
to full file hashes, for those who want the performance and
security benefits of the Merkle tree based hash. However, it
doesn't make sense to force all uses of fs-verity to be through
IMA. fs-verity already meets many users' needs even as a
standalone filesystem feature, and it's testable like other
filesystem features e.g. with xfstests.

:Q: Isn't fs-verity useless because the attacker can just modify the
Expand Down

0 comments on commit 02ee231

Please sign in to comment.