[PATCH v2 0/4] ubifs: support authentication without hmac
Torben Hohn
torben.hohn at linutronix.de
Mon Jun 29 05:13:31 EDT 2020
On Fri, Jun 26, 2020 at 04:36:26PM +0200, Richard Weinberger wrote:
> ----- Ursprüngliche Mail -----
> > I didn't dig deep into the code so far, I'm still checking the concept.
> >
> > Your approach works only on pristine offline signed images from mkfs.ubifs.
> > So, if somebody does this, it won't work:
> >
> > $ keyctl padd logon ubifs:authfs @s < secret.key
> > $ mount -t ubifs /dev/ubi0_0 /mnt/ -o
> > auth_hash_name=sha256,auth_key=ubifs:authfs
> >
> > ... change the fs ...
> >
> > $ umount /mnt
> > $ mount -t ubifs /dev/ubi0_0 /mnt/ -o auth_hash_name=sha256,ro
> >
> > The ro mount will fail because UBIFS is no longer able to verify the super block
> > using the system key ring. It was overwritten by they ubifs:authfs key.
> >
> > A possible solution is keeping a copy of the offline sign key forever in the fs.
> > But I'm not sure whether this is wise.
>
> Or we change the feature from "ro mount without hmac" to "keep offline sign key and imply ro mount".
> IOW adding a new mount option such as "auth_keep_offlinekey". If mounted with this option
> UBIFS will not look for a hmac and enforce read-only mode.
Thats just another name for the same feature.
But it indeed seems to make the implications clearer.
And it porbably also makes the code easier to read.
>
> Hmm?
>
> Thanks,
> //richard
--
Torben Hohn
Linutronix GmbH | Bahnhofstrasse 3 | D-88690 Uhldingen-Mühlhofen
Phone: +49 7556 25 999 18; Fax.: +49 7556 25 999 99
Hinweise zum Datenschutz finden Sie hier (Informations on data privacy
can be found here): https://linutronix.de/kontakt/Datenschutz.php
Linutronix GmbH | Firmensitz (Registered Office): Uhldingen-Mühlhofen |
Registergericht (Registration Court): Amtsgericht Freiburg i.Br., HRB700
806 | Geschäftsführer (Managing Directors): Heinz Egger, Thomas Gleixner
More information about the linux-mtd
mailing list