redonkable
/
alistair23-linux
1
0
Fork 0
Code Releases Activity
alistair23-linux/Documentation
History
Jaskaran Khurana 88cd3e6cfa dm verity: add root hash pkcs#7 signature verification 
The verification is to support cases where the root hash is not secured
by Trusted Boot, UEFI Secureboot or similar technologies.

One of the use cases for this is for dm-verity volumes mounted after
boot, the root hash provided during the creation of the dm-verity volume
has to be secure and thus in-kernel validation implemented here will be
used before we trust the root hash and allow the block device to be
created.

The signature being provided for verification must verify the root hash
and must be trusted by the builtin keyring for verification to succeed.

The hash is added as a key of type "user" and the description is passed
to the kernel so it can look it up and use it for verification.

Adds CONFIG_DM_VERITY_VERIFY_ROOTHASH_SIG which can be turned on if root
hash verification is needed.

Kernel commandline dm_verity module parameter 'require_signatures' will
indicate whether to force root hash signature verification (for all dm
verity volumes).

Signed-off-by: Jaskaran Khurana <jaskarankhurana@linux.microsoft.com>
Tested-and-Reviewed-by: Milan Broz <gmazyland@gmail.com>
Signed-off-by: Mike Snitzer <snitzer@redhat.com>
 		2019-08-23 10:13:14 -04:00
..
ABI platform/x86: asus: Rename "fan mode" to "fan boost mode" 2019-07-17 19:07:58 +03:00
EDID docs: driver-api: add a series of orphaned documents 2019-07-15 11:03:02 -03:00
PCI docs: powerpc: convert docs to ReST and rename to *.rst 2019-07-17 06:57:51 -03:00
RCU docs: fix broken doc references due to renames 2019-07-17 06:57:51 -03:00
accounting docs: add some documentation dirs to the driver-api book 2019-07-15 11:03:02 -03:00
acpi/dsd docs: fix broken documentation links 2019-06-08 13:42:13 -06:00
admin-guide dm verity: add root hash pkcs#7 signature verification 2019-08-23 10:13:14 -04:00
arm docs: arm: fix a breakage with pdf output 2019-07-15 11:03:04 -03:00
arm64 docs: add arch doc directories to the index 2019-07-15 11:03:01 -03:00
auxdisplay docs: admin-guide: add a series of orphaned documents 2019-07-15 11:03:02 -03:00
block docs conversion for v5.3-rc1 2019-07-16 12:21:41 -07:00
bpf Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net-next 2019-07-11 10:55:49 -07:00
cdrom docs: add some directories to the main documentation index 2019-07-15 11:03:03 -03:00
core-api docs: remove extra conf.py files 2019-07-17 06:57:52 -03:00
cpu-freq docs: power: convert docs to ReST and rename to *.rst 2019-06-14 16:08:36 -05:00
crypto docs: remove extra conf.py files 2019-07-17 06:57:52 -03:00
dev-tools Merge branch 'pdf_fixes_v1' of https://git.linuxtv.org/mchehab/experimental into mauro 2019-07-22 13:51:20 -06:00
devicetree RISC-V updates for v5.3-rc4 2019-08-10 16:31:47 -07:00
doc-guide docs: remove extra conf.py files 2019-07-17 06:57:52 -03:00
driver-api docs: phy: Drop duplicate 'be made' 2019-07-26 08:15:26 -06:00
fault-injection docs: add some directories to the main documentation index 2019-07-15 11:03:03 -03:00
fb docs conversion for v5.3-rc1 2019-07-16 12:21:41 -07:00
features Documentation/stackprotector: powerpc supports stack protector 2019-06-14 14:44:43 -06:00
filesystems smb3: update TODO list of missing features 2019-08-05 22:50:38 -05:00
firmware-guide docs: gpio: add sysfs interface to the admin-guide 2019-07-15 11:03:03 -03:00
firmware_class
fpga docs: add some directories to the main documentation index 2019-07-15 11:03:03 -03:00
gpu docs: remove extra conf.py files 2019-07-17 06:57:52 -03:00
hid docs: add some documentation dirs to the driver-api book 2019-07-15 11:03:02 -03:00
hwmon hwmon: (k8temp) documentation: update URL of datasheet 2019-07-21 19:18:45 -07:00
i2c Merge branch 'i2c/for-5.3' of git://git.kernel.org/pub/scm/linux/kernel/git/wsa/linux 2019-07-15 21:10:39 -07:00
ia64 docs: add SPDX tags to new index files 2019-07-15 11:03:03 -03:00
ide docs: add some directories to the main documentation index 2019-07-15 11:03:03 -03:00
iio docs: add some documentation dirs to the driver-api book 2019-07-15 11:03:02 -03:00
infiniband docs: infiniband: add it to the driver-api bookset 2019-07-08 14:22:56 -03:00
input docs: remove extra conf.py files 2019-07-17 06:57:52 -03:00
ioctl docs: ioctl: add it to the uAPI guide 2019-07-15 09:20:28 -03:00
isdn isdn: remove isdn4linux 2019-05-31 11:13:10 +02:00
kbuild Kbuild updates for v5.3 (2nd) 2019-07-20 09:34:55 -07:00
kernel-hacking docs: remove extra conf.py files 2019-07-17 06:57:52 -03:00
leds docs: leds: add it to the driver-api book 2019-07-15 09:20:28 -03:00
livepatch docs: add some directories to the main documentation index 2019-07-15 11:03:03 -03:00
locking docs: fix broken doc references due to renames 2019-07-17 06:57:51 -03:00
m68k docs: add arch doc directories to the index 2019-07-15 11:03:01 -03:00
maintainer docs: remove extra conf.py files 2019-07-17 06:57:52 -03:00
media docs: remove extra conf.py files 2019-07-17 06:57:52 -03:00
mic docs: driver-api: add remaining converted dirs to it 2019-07-15 11:03:03 -03:00
mips
misc-devices docs: misc-devices: convert files without extension to ReST 2019-07-03 21:09:41 +02:00
netlabel docs: add some directories to the main documentation index 2019-07-15 11:03:03 -03:00
networking Merge git://git.kernel.org/pub/scm/linux/kernel/git/netdev/net 2019-08-06 17:11:59 -07:00
nios2
openrisc
parisc
pcmcia docs: add some directories to the main documentation index 2019-07-15 11:03:03 -03:00
power Merge branch 'pdf_fixes_v1' of https://git.linuxtv.org/mchehab/experimental into mauro 2019-07-22 13:51:20 -06:00
powerpc docs: powerpc: convert docs to ReST and rename to *.rst 2019-07-17 06:57:51 -03:00
process Wimplicit-fallthrough patches for 5.3-rc2 2019-07-27 11:04:18 -07:00
riscv RISC-V updates for v5.3 2019-07-18 12:26:59 -07:00
s390 Fixes in vfio-ccw for older and newer issues. 2019-07-23 10:44:28 +02:00
scheduler docs conversion for v5.3-rc1 2019-07-16 12:21:41 -07:00
scsi scsi: ufs: Documentation: Announce ufs-tool v1.0 2019-06-26 22:47:51 -04:00
security docs: security: move some books to it and update 2019-07-15 11:03:01 -03:00
sh docs: remove extra conf.py files 2019-07-17 06:57:52 -03:00
sound docs: remove extra conf.py files 2019-07-17 06:57:52 -03:00
sparc docs: add arch doc directories to the index 2019-07-15 11:03:01 -03:00
sphinx docs: load_config.py: ensure subdirs end with "/" 2019-07-19 08:49:27 -03:00
sphinx-static
spi
target docs: add some directories to the main documentation index 2019-07-15 11:03:03 -03:00
thermal docs: thermal: convert to ReST 2019-06-27 21:22:15 +08:00
timers docs: add some directories to the main documentation index 2019-07-15 11:03:03 -03:00
trace The main changes in this release include: 2019-07-18 11:51:00 -07:00
translations doc:it_IT: translations in process/ 2019-07-22 14:47:02 -06:00
usb docs: usb: rename files to .rst and add them to drivers-api 2019-06-20 14:28:36 +02:00
userspace-api docs: remove extra conf.py files 2019-07-17 06:57:52 -03:00
virt This is mostly a set of follow-on fixes from Mauro fixing various fallout 2019-07-26 11:29:24 -07:00
vm HMM patches for 5.3-rc 2019-07-30 12:54:44 -07:00
w1 docs: driver-api: add a series of orphaned documents 2019-07-15 11:03:02 -03:00
watchdog Merge branch 'pdf_fixes_v1' of https://git.linuxtv.org/mchehab/experimental into mauro 2019-07-22 13:51:20 -06:00
wimax
x86 docs: remove extra conf.py files 2019-07-17 06:57:52 -03:00
xtensa docs: add arch doc directories to the index 2019-07-15 11:03:01 -03:00
.gitignore
COPYING-logo docs: logo.txt: rename it to COPYING-logo 2019-07-15 09:20:27 -03:00
Changes
CodingStyle
DMA-API-HOWTO.txt docs: DMA-API-HOWTO.txt: fix an unmarked code block 2019-07-15 09:20:24 -03:00
DMA-API.txt Documentation: DMA-API: fix a function name of max_mapping_size 2019-06-07 11:10:33 -06:00
DMA-ISA-LPC.txt
DMA-attributes.txt
IPMI.txt
IRQ-affinity.txt
IRQ-domain.txt
IRQ.txt
Kconfig docs: Kbuild/Makefile: allow check for missing docs at build time 2019-06-07 11:33:16 -06:00
Makefile docs: Kbuild/Makefile: allow check for missing docs at build time 2019-06-07 11:33:16 -06:00
SubmittingPatches
atomic_bitops.txt
atomic_t.txt Merge branch 'locking-core-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip 2019-07-08 16:12:03 -07:00
bus-virt-phys-mapping.txt
conf.py docs: conf.py: only use CJK if the font is available 2019-07-17 06:57:51 -03:00
crc32.txt
debugging-modules.txt
debugging-via-ohci1394.txt
digsig.txt
docutils.conf doc-rst: Add missing newline at end of file 2019-06-20 14:16:56 -06:00
dontdiff kbuild: create *.mod with full directory path and remove MODVERDIR 2019-07-18 02:19:31 +09:00
futex-requeue-pi.txt
hwspinlock.txt hwspinlock: add the 'in_atomic' API 2019-06-29 21:08:14 -07:00
index.rst docs: virtual: add it to the documentation body 2019-07-17 06:57:52 -03:00
io-mapping.txt
io_ordering.txt
irqflags-tracing.txt
kobject.txt
kprobes.txt
kref.txt
logo.gif
lzo.txt
mailbox.txt
memory-barriers.txt docs: fix broken doc references due to renames 2019-07-17 06:57:51 -03:00
nommu-mmap.txt
packing.txt
padata.txt
percpu-rw-semaphore.txt
pi-futex.txt docs: locking: convert docs to ReST and rename to *.rst 2019-07-15 08:53:27 -03:00
preempt-locking.txt
rbtree.txt docs: rbtree.txt: fix Sphinx build warnings 2019-07-15 09:20:24 -03:00
remoteproc.txt remoteproc: add vendor resources handling 2019-06-29 12:02:17 -07:00
robust-futex-ABI.txt
robust-futexes.txt
rpmsg.txt
speculation.txt
static-keys.txt
tee.txt Documentation: tee: Grammar s/the its/its/ 2019-06-07 11:23:38 -06:00
this_cpu_ops.txt
unaligned-memory-access.txt
xz.txt