Re: [RFC PATCH v5 1/1] Add dm verity root hash pkcs7 sig validation.

On 28/06/2019 05:00, Eric Biggers wrote: >> Hello Eric, >> >> This started with a config (see V4). We didnot want scripts that pass this >> parameter to suddenly stop working if for some reason the verification is >> turned off so the optional parameter was just parsed and no validation >> happened

Re: [RFC PATCH v5 0/1] Add dm verity root hash pkcs7 sig validation.

On Wed, Jun 19, 2019 at 12:10:47PM -0700, Jaskaran Khurana wrote: > This patch set adds in-kernel pkcs7 signature checking for the roothash of > the dm-verity hash tree. > The verification is to support cases where the roothash is not secured by > Trusted Boot, UEFI Secureboot or similar technologi

Re: [RFC PATCH v5 1/1] Add dm verity root hash pkcs7 sig validation.

Hi Jaskaran, On Thu, Jun 27, 2019 at 06:49:58PM -0700, Jaskaran Singh Khurana wrote: > > > On Thu, 27 Jun 2019, Eric Biggers wrote: > > > Hi Jaskaran, one comment (I haven't reviewed this in detail): > > > > On Wed, Jun 19, 2019 at 12:10:48PM -0700, Jaskaran Khurana wrote: > > > diff --git a/d

[PATCH v2 10/27] md: use kzalloc instead of kmalloc and memset

Replace kmalloc followed by a memset with kzalloc Signed-off-by: Fuqian Huang --- drivers/md/dm-integrity.c | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/drivers/md/dm-integrity.c b/drivers/md/dm-integrity.c index 44e76cda087a..f5db89b28757 100644 --- a/drivers/md/dm-inte

Re: [RFC PATCH v5 1/1] Add dm verity root hash pkcs7 sig validation.

On Thu, 27 Jun 2019, Eric Biggers wrote: Hi Jaskaran, one comment (I haven't reviewed this in detail): On Wed, Jun 19, 2019 at 12:10:48PM -0700, Jaskaran Khurana wrote: diff --git a/drivers/md/Kconfig b/drivers/md/Kconfig index db269a348b20..2d658a3512cb 100644 --- a/drivers/md/Kconfig +++

Re: [git pull] device mapper fixes for 5.2 final

The pull request you sent on Thu, 27 Jun 2019 14:19:06 -0400: > git://git.kernel.org/pub/scm/linux/kernel/git/device-mapper/linux-dm.git > tags/for-5.2/dm-fixes-2 has been merged into torvalds/linux.git: https://git.kernel.org/torvalds/c/65ee21eb633c644501185502d51831c4dee22c7b Thank you! --

Re: [dm-devel] [RFC PATCH v5 1/1] Add dm verity root hash pkcs7 sig validation.

Hi Jaskaran, one comment (I haven't reviewed this in detail): On Wed, Jun 19, 2019 at 12:10:48PM -0700, Jaskaran Khurana wrote: > diff --git a/drivers/md/Kconfig b/drivers/md/Kconfig > index db269a348b20..2d658a3512cb 100644 > --- a/drivers/md/Kconfig > +++ b/drivers/md/Kconfig > @@ -475,6 +475,7

[git pull] device mapper fixes for 5.2 final

Hi Linus, The following changes since commit 9e0babf2c06c73cda2c0cd37a1653d823adb40ec: Linux 5.2-rc5 (2019-06-16 08:49:45 -1000) are available in the Git repository at: git://git.kernel.org/pub/scm/linux/kernel/git/device-mapper/linux-dm.git tags/for-5.2/dm-fixes-2 for you to fetch change

[PATCH 29/87] md: dm-integrity: replace kmalloc and memset with kzalloc

kmalloc + memset(0) -> kzalloc Signed-off-by: Fuqian Huang --- drivers/md/dm-integrity.c | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/drivers/md/dm-integrity.c b/drivers/md/dm-integrity.c index 44e76cda087a..f5db89b28757 100644 --- a/drivers/md/dm-integrity.c +++ b/drive

Re: [PATCH v5 7/7] crypto: arm64/aes - implement accelerated ESSIV/CBC mode

On Wed, Jun 26, 2019 at 10:40:47PM +0200, Ard Biesheuvel wrote: > Add an accelerated version of the 'essiv(cbc(aes),aes,sha256' > skcipher, which is used by fscrypt, and in some cases, by dm-crypt. > This avoids a separate call into the AES cipher for every invocation. This technically should say

Re: [PATCH v5 2/7] fs: crypto: invoke crypto API for ESSIV handling

On Wed, Jun 26, 2019 at 10:40:42PM +0200, Ard Biesheuvel wrote: > diff --git a/fs/crypto/keyinfo.c b/fs/crypto/keyinfo.c > index dcd91a3fbe49..82c7eb86ca00 100644 > --- a/fs/crypto/keyinfo.c > +++ b/fs/crypto/keyinfo.c > @@ -19,8 +19,6 @@ > #include > #include "fscrypt_private.h" Can you remove

Re: [PATCH v5 5/7] crypto: essiv - add test vector for essiv(cbc(aes),aes,sha256)

On Wed, Jun 26, 2019 at 10:40:45PM +0200, Ard Biesheuvel wrote: > Add a test vector for the ESSIV mode that is the most widely used, > i.e., using cbc(aes) and sha256. > > Signed-off-by: Ard Biesheuvel > --- > crypto/tcrypt.c | 9 + > crypto/testmgr.c | 6 + > crypto/testmgr.h | 213 +++

Re: [RFC PATCH v5 1/1] Add dm verity root hash pkcs7 sig validation.

Hi, I tried to test test the patch, two comments below. On 19/06/2019 21:10, Jaskaran Khurana wrote: > The verification is to support cases where the roothash is not secured by > Trusted Boot, UEFI Secureboot or similar technologies. > One of the use cases for this is for dm-verity volumes mounte

Re: [PATCH v5 1/7] crypto: essiv - create wrapper template for ESSIV generation

On Wed, 26 Jun 2019 at 22:40, Ard Biesheuvel wrote: > > Implement a template that wraps a (skcipher,cipher,shash) or > (aead,cipher,shash) tuple so that we can consolidate the ESSIV handling > in fscrypt and dm-crypt and move it into the crypto API. This will result > in better test coverage, and