Re: [RFC PATCH v3 1/1] Add dm verity root hash pkcs7 sig validation

From: Jaskaran Singh Khurana
Date: Mon Jun 10 2019 - 19:31:55 EST

Next message: Vasily Khoruzhick: "Re: [PATCH v3 1/3] thermal: sun8i: add thermal driver for h6"
Previous message: Stephen Boyd: "Re: [PATCH] arm64: dts: sdm845: Add iommus property to qup1"
In reply to: Jaskaran Singh Khurana: "Re: [RFC PATCH v3 1/1] Add dm verity root hash pkcs7 sig validation"
Next in thread: James Morris: "Re: [RFC PATCH v3 1/1] Add dm verity root hash pkcs7 sig validation"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Sat, 8 Jun 2019, Milan Broz wrote:

On 08/06/2019 00:31, Jaskaran Khurana wrote:

The verification is to support cases where the roothash is not secured by

+ key = request_key(&key_type_user,
+ key_desc, NULL);
+ if (IS_ERR(key))
+ return PTR_ERR(key);

You will need dependence on keyring here (kernel can be configured without it),
try to compile it without CONFIG_KEYS selected.

I think it is ok that DM_VERITY_VERIFY_ROOTHASH_SIG can directly require CONFIG_KEYS.
(Add depends on CONFIG_KEYS in KConfig)

DM_VERITY_VERIFY_ROOTHASH_SIG selects SYSTEM_DATA_VERIFICATION and SYSTEM_DATA_VERIFICATION selects KEYS so we should be OK here.

Thanks,
Milan

Thanks,
Jaskaran.

Next message: Vasily Khoruzhick: "Re: [PATCH v3 1/3] thermal: sun8i: add thermal driver for h6"
Previous message: Stephen Boyd: "Re: [PATCH] arm64: dts: sdm845: Add iommus property to qup1"
In reply to: Jaskaran Singh Khurana: "Re: [RFC PATCH v3 1/1] Add dm verity root hash pkcs7 sig validation"
Next in thread: James Morris: "Re: [RFC PATCH v3 1/1] Add dm verity root hash pkcs7 sig validation"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]