[PATCH v2 0/4] ubifs: support authentication without hmac
tglx at linutronix.de
Thu Jul 2 10:40:24 EDT 2020
Richard Weinberger <richard at nod.at> writes:
> The superblock is signed by the offline key. As soon you switch to the new key
> the super block is rewritten and can no longer verified this key.
> Instead of rewriting the idea was keeping a copy.
> Anyway, like said in the other mail, I think if we change the feature to
> "keep offline sign key and imply ro mount" things will be more smooth with less corner
I don't think so. The desired mode is to prevent RW mounts for a factory
signed image which implies the prevention of rewriting the superblock.
This is not a conveniance feature, it's a strict security feature. Once
the thing has been changed from the factory generated state it's invalid
no matter what.
If a developer shoots himself in the foot with that, no big deal. He got
what he asked for :)
More information about the linux-mtd