• Fan Wu's avatar
    ipe: enable support for fs-verity as a trust provider · 31f8c868
    Fan Wu authored
    Enable IPE policy authors to indicate trust for a singular fsverity
    file, identified by the digest information, through "fsverity_digest"
    and all files using valid fsverity builtin signatures via
    "fsverity_signature".
    
    This enables file-level integrity claims to be expressed in IPE,
    allowing individual files to be authorized, giving some flexibility
    for policy authors. Such file-level claims are important to be expressed
    for enforcing the integrity of packages, as well as address some of the
    scalability issues in a sole dm-verity based solution (# of loop back
    devices, etc).
    
    This solution cannot be done in userspace as the minimum threat that
    IPE should mitigate is an attacker downloads malicious payload with
    all required dependencies. These dependencies can lack the userspace
    check, bypassing the protection entirely. A similar attack succeeds if
    the userspace component is replaced with a version that does not
    perform the check. As a result, this can only be done in the common
    entry point - the kernel.
    Signed-off-by: default avatarDeven Bowers <deven.desai@linux.microsoft.com>
    Signed-off-by: default avatarFan Wu <wufan@linux.microsoft.com>
    Signed-off-by: default avatarPaul Moore <paul@paul-moore.com>
    31f8c868
eval.c 10.3 KB