On Thu, Dec 08, 2022 at 08:42:56PM +0000, Luca Boccassi wrote:
On Thu, 8 Dec 2022 at 03:35, Eric Biggers ebiggers@kernel.org wrote:
From: Eric Biggers ebiggers@google.com
An issue that arises when migrating from builtin signatures to userspace signatures is that existing files that have builtin signatures cannot be opened unless either CONFIG_FS_VERITY_BUILTIN_SIGNATURES is disabled or the signing certificate is left in the .fs-verity keyring.
Since builtin signatures provide no security benefit when fs.verity.require_signatures=0 anyway, let's just skip the signature verification in this case.
Fixes: 432434c9f8e1 ("fs-verity: support builtin file signatures") Cc: stable@vger.kernel.org # v5.4+ Signed-off-by: Eric Biggers ebiggers@google.com
fs/verity/signature.c | 18 ++++++++++++++++-- 1 file changed, 16 insertions(+), 2 deletions(-)
Acked-by: Luca Boccassi bluca@debian.org
So if I can't apply https://lore.kernel.org/linux-fscrypt/20221208033548.122704-1-ebiggers@kerne... ("fsverity: mark builtin signatures as deprecated") due to IPE, wouldn't I not be able to apply this patch either? Surely IPE isn't depending on fs.verity.require_signatures=1, given that it enforces the policy itself?
- Eric