[PATCH v2 0/4] ubifs: support authentication without hmac
Richard Weinberger
richard at nod.at
Fri Jun 26 10:36:26 EDT 2020
----- Ursprüngliche Mail -----
> I didn't dig deep into the code so far, I'm still checking the concept.
>
> Your approach works only on pristine offline signed images from mkfs.ubifs.
> So, if somebody does this, it won't work:
>
> $ keyctl padd logon ubifs:authfs @s < secret.key
> $ mount -t ubifs /dev/ubi0_0 /mnt/ -o
> auth_hash_name=sha256,auth_key=ubifs:authfs
>
> ... change the fs ...
>
> $ umount /mnt
> $ mount -t ubifs /dev/ubi0_0 /mnt/ -o auth_hash_name=sha256,ro
>
> The ro mount will fail because UBIFS is no longer able to verify the super block
> using the system key ring. It was overwritten by they ubifs:authfs key.
>
> A possible solution is keeping a copy of the offline sign key forever in the fs.
> But I'm not sure whether this is wise.
Or we change the feature from "ro mount without hmac" to "keep offline sign key and imply ro mount".
IOW adding a new mount option such as "auth_keep_offlinekey". If mounted with this option
UBIFS will not look for a hmac and enforce read-only mode.
Hmm?
Thanks,
//richard
More information about the linux-mtd
mailing list