On Mon, May 16, 2022 at 08:44:37PM -0700, Kees Cook wrote:
> On Mon, May 16, 2022 at 11:17:44AM -0700, Matthias Kaehlcke wrote:
> > On Fri, May 13, 2022 at 03:36:26PM -0700, Kees Cook wrote:
> > >
> > >
> > > On May 4, 2022 12:54:18 PM PDT, Matthias Kaehlcke
> > > wrote:
> > > >Extend LoadPin t
On Mon, May 16, 2022 at 11:17:44AM -0700, Matthias Kaehlcke wrote:
> On Fri, May 13, 2022 at 03:36:26PM -0700, Kees Cook wrote:
> >
> >
> > On May 4, 2022 12:54:18 PM PDT, Matthias Kaehlcke wrote:
> > >Extend LoadPin to allow loading of kernel files from trusted dm-verity [1]
> > >devices.
> > >
Hi Kees,
thanks for the review!
On Fri, May 13, 2022 at 03:36:26PM -0700, Kees Cook wrote:
>
>
> On May 4, 2022 12:54:18 PM PDT, Matthias Kaehlcke wrote:
> >Extend LoadPin to allow loading of kernel files from trusted dm-verity [1]
> >devices.
> >
> >This change adds the concept of trusted ver
On May 4, 2022 12:54:18 PM PDT, Matthias Kaehlcke wrote:
>Extend LoadPin to allow loading of kernel files from trusted dm-verity [1]
>devices.
>
>This change adds the concept of trusted verity devices to LoadPin. LoadPin
>maintains a list of root digests of verity devices it considers trusted.
On May 13, 2022 9:32:12 AM PDT, Mike Snitzer wrote:
>On Wed, May 04 2022 at 3:54P -0400,
>Matthias Kaehlcke wrote:
>
>> Extend LoadPin to allow loading of kernel files from trusted dm-verity [1]
>> devices.
>>
>> This change adds the concept of trusted verity devices to LoadPin. LoadPin
>> m
On Fri, May 13, 2022 at 12:32:12PM -0400, Mike Snitzer wrote:
> On Wed, May 04 2022 at 3:54P -0400,
> Matthias Kaehlcke wrote:
>
> > Extend LoadPin to allow loading of kernel files from trusted dm-verity [1]
> > devices.
> >
> > This change adds the concept of trusted verity devices to LoadPin.
On Wed, May 04 2022 at 3:54P -0400,
Matthias Kaehlcke wrote:
> Extend LoadPin to allow loading of kernel files from trusted dm-verity [1]
> devices.
>
> This change adds the concept of trusted verity devices to LoadPin. LoadPin
> maintains a list of root digests of verity devices it considers t
Hi Matthias,
Thank you for the patch! Perhaps something to improve:
[auto build test WARNING on device-mapper-dm/for-next]
[also build test WARNING on song-md/md-next kees/for-next/pstore linus/master
v5.18-rc5 next-20220504]
[If your patch is applied to the wrong git tree, kindly drop us a note
Extend LoadPin to allow loading of kernel files from trusted dm-verity [1]
devices.
This change adds the concept of trusted verity devices to LoadPin. LoadPin
maintains a list of root digests of verity devices it considers trusted.
Userspace can populate this list through an ioctl on the new LoadP