Merge branch 'next-integrity.fsverity-v9' into next-integrity

				[fowner=] [fgroup=]]

			lsm:	[[subj_user=] [subj_role=] [subj_type=]

				 [obj_user=] [obj_role=] [obj_type=]]

			option:	[[appraise_type=]] [template=] [permit_directio]

				[appraise_flag=] [appraise_algos=] [keyrings=]

			option:	[digest_type=] [template=] [permit_directio]

				[appraise_type=] [appraise_flag=]

				[appraise_algos=] [keyrings=]

		  base:

			func:= [BPRM_CHECK][MMAP_CHECK][CREDS_CHECK][FILE_CHECK][MODULE_CHECK]

				[FIRMWARE_CHECK]

			fgroup:= decimal value

		  lsm:  are LSM specific

		  option:

			appraise_type:= [imasig] [imasig|modsig]

			appraise_type:= [imasig] | [imasig|modsig] | [sigv3]

			    where 'imasig' is the original or the signature

				format v2.

			    where 'modsig' is an appended signature,

			    where 'sigv3' is the signature format v3. (Currently

				limited to fsverity digest based signatures

				stored in security.ima xattr. Requires

				specifying "digest_type=verity" first.)

			appraise_flag:= [check_blacklist]

			Currently, blacklist check is only for files signed with appended

			signature.

			digest_type:= verity

			    Require fs-verity's file digest instead of the

			    regular IMA file hash.

			keyrings:= list of keyrings

			(eg, .builtin_trusted_keys|.ima). Only valid

			when action is "measure" and func is KEY_CHECK.

		security.ima xattr of a file:

			appraise func=SETXATTR_CHECK appraise_algos=sha256,sha384,sha512

		Example of a 'measure' rule requiring fs-verity's digests

		with indication of type of digest in the measurement list.

			measure func=FILE_CHECK digest_type=verity \

				template=ima-ngv2

		Example of 'measure' and 'appraise' rules requiring fs-verity

		signatures (format version 3) stored in security.ima xattr.

		The 'measure' rule specifies the 'ima-sigv3' template option,

		which includes the indication of type of digest and the file

		signature in the measurement list.

			measure func=BPRM_CHECK digest_type=verity \

				template=ima-sigv3

		The 'appraise' rule specifies the type and signature format

		version (sigv3) required.

			appraise func=BPRM_CHECK digest_type=verity \

				appraise_type=sigv3

		All of these policy rules could, for example, be constrained

		either based on a filesystem's UUID (fsuuid) or based on LSM

		labels.

	ima_template=	[IMA]

			Select one of defined IMA measurements template formats.

			Formats: { "ima" | "ima-ng" | "ima-sig" }

			Formats: { "ima" | "ima-ng" | "ima-ngv2" | "ima-sig" |

				   "ima-sigv2" }

			Default: "ima-ng"

	ima_template_fmt=

updated and potentially user-installed, so dm-verity cannot be used.

The base fs-verity feature is a hashing mechanism only; actually

authenticating the files is up to userspace.  However, to meet some

users' needs, fs-verity optionally supports a simple signature

verification mechanism where users can configure the kernel to require

that all fs-verity files be signed by a key loaded into a keyring; see

`Built-in signature verification`_.  Support for fs-verity file hashes

in IMA (Integrity Measurement Architecture) policies is also planned.

authenticating the files may be done by:

* Userspace-only

* Builtin signature verification + userspace policy

  fs-verity optionally supports a simple signature verification

  mechanism where users can configure the kernel to require that

  all fs-verity files be signed by a key loaded into a keyring;

  see `Built-in signature verification`_.

* Integrity Measurement Architecture (IMA)

  IMA supports including fs-verity file digests and signatures in the

  IMA measurement list and verifying fs-verity based file signatures

  stored as security.ima xattrs, based on policy.

User API

========

    hashed and what to do with those hashes, such as log them,

    authenticate them, or add them to a measurement list.

    IMA is planned to support the fs-verity hashing mechanism as an

    alternative to doing full file hashes, for people who want the

    performance and security benefits of the Merkle tree based hash.

    But it doesn't make sense to force all uses of fs-verity to be

    through IMA.  As a standalone filesystem feature, fs-verity

    already meets many users' needs, and it's testable like other

    IMA supports the fs-verity hashing mechanism as an alternative

    to full file hashes, for those who want the performance and

    security benefits of the Merkle tree based hash.  However, it

    doesn't make sense to force all uses of fs-verity to be through

    IMA.  fs-verity already meets many users' needs even as a

    standalone filesystem feature, and it's testable like other

    filesystem features e.g. with xfstests.

:Q: Isn't fs-verity useless because the attacker can just modify the

   calculated with the SHA1 or MD5 hash algorithm;

 - 'n': the name of the event (i.e. the file name), with size up to 255 bytes;

 - 'd-ng': the digest of the event, calculated with an arbitrary hash

   algorithm (field format: [<hash algo>:]digest, where the digest

   prefix is shown only if the hash algorithm is not SHA1 or MD5);

   algorithm (field format: <hash algo>:digest);

 - 'd-ngv2': same as d-ng, but prefixed with the "ima" or "verity" digest type

   (field format: <digest type>:<hash algo>:digest);

 - 'd-modsig': the digest of the event without the appended modsig;

 - 'n-ng': the name of the event, without size limitations;

 - 'sig': the file signature, or the EVM portable signature if the file

   signature is not found;

 - 'sig': the file signature, based on either the file's/fsverity's digest[1],

   or the EVM portable signature, if 'security.ima' contains a file hash.

 - 'modsig' the appended file signature;

 - 'buf': the buffer data that was used to generate the hash without size limitations;

 - 'evmsig': the EVM portable signature;

 - "ima": its format is ``d|n``;

 - "ima-ng" (default): its format is ``d-ng|n-ng``;

 - "ima-ngv2": its format is ``d-ngv2|n-ng``;

 - "ima-sig": its format is ``d-ng|n-ng|sig``;

 - "ima-sigv2": its format is ``d-ngv2|n-ng|sig``;

 - "ima-buf": its format is ``d-ng|n-ng|buf``;

 - "ima-modsig": its format is ``d-ng|n-ng|sig|d-modsig|modsig``;

 - "evm-sig": its format is ``d-ng|n-ng|evmsig|xattrnames|xattrlengths|xattrvalues|iuid|igid|imode``;

config FS_VERITY

	bool "FS Verity (read-only file-based authenticity protection)"

	select CRYPTO

	select CRYPTO_HASH_INFO

	# SHA-256 is implied as it's intended to be the default hash algorithm.

	# To avoid bloat, other wanted algorithms must be selected explicitly.

	# Note that CRYPTO_SHA256 denotes the generic C implementation, but