[PATCH v2 0/4] ubifs: support authentication without hmac
Thomas Gleixner
tglx at linutronix.de
Fri Jul 3 05:12:13 EDT 2020
Richard Weinberger <richard at nod.at> writes:
>> And that's what Torben implemented unless I'm missing something.
>
> Torben implemented it the other way around, he allows mounting without
> the HMAC if UBIFS mount is read-only.
> This covers also the proposed use-case but as I stated it has issues with
> remounting and makes the implementation more complicated than it should be.
>
> That's why I proposed adding a new mount option like "keep_offline_signature" or
> what name fits better. That gives us the following pros:
>
> 1. Makes the implementation super simple.
> If keep_offline_signature is set and rw mount requested, reject.
> RW remount can rejected very easily, store keep_offline_signature in the ubifs context.
>
> 2. If the super block got already re-written, reject.
> You can check sub->hmac[] for being non-zero.
> That way we can give the user a decent error message in case they do stupid things.
>
> 3. Userspace can verify whether the UBIFS fs is pristine by checking
> for the keep_offline_signature mount flag in /proc/self/mountinfo.
Works for me.
More information about the linux-mtd
mailing list