[PATCH v2 0/4] ubifs: support authentication without hmac

Thomas Gleixner tglx at linutronix.de
Thu Jul 2 10:40:24 EDT 2020


Richard Weinberger <richard at nod.at> writes:
> The superblock is signed by the offline key. As soon you switch to the new key
> the super block is rewritten and can no longer verified this key.
> Instead of rewriting the idea was keeping a copy.
>
> Anyway, like said in the other mail, I think if we change the feature to
> "keep offline sign key and imply ro mount" things will be more smooth with less corner
> cases.

I don't think so. The desired mode is to prevent RW mounts for a factory
signed image which implies the prevention of rewriting the superblock.

This is not a conveniance feature, it's a strict security feature. Once
the thing has been changed from the factory generated state it's invalid
no matter what.

If a developer shoots himself in the foot with that, no big deal. He got
what he asked for :)

Thanks,

        tglx



More information about the linux-mtd mailing list