Re: authenticated file systems using HMAC(SHA256)

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On 09/04/2020 02:18, Chris Murphy wrote:
> On Wed, Apr 8, 2020 at 5:17 AM Johannes Thumshirn
> <Johannes.Thumshirn@xxxxxxx> wrote:
>>
>> On 07/04/2020 20:02, Chris Murphy wrote:
>>> Hi,
>>>
>>> What's the status of this work?
>>> https://lore.kernel.org/linux-btrfs/20191015121405.19066-1-jthumshirn@xxxxxxx/
>>
>> It's done but no-one was interested in it and as I haven't received any
>> answers from Dave if he's going to merge it, I did not bring it to
>> attention again. After all it was for a specific use-case SUSE has/had
>> and I left the company.
> 
> I'm thinking of a way to verify that a non-encrypted generic
> boot+startup data hasn't been tampered with. That is, a generic,
> possibly read-only boot, can be authenticated on the fly. Basically,
> it's fs-verity for Btrfs, correct?
> 

Correct, example deployments would be embedded devices, or container 
images. I've written a paper [1] for the 2019 SUSE Labs Conference 
describing some of the scenarios, if you're interested.

> Other use cases?
> 
> 
>> If there is still interest in this work I can re-base my branches [1][2]
>> and add blake2b as well, this /should/ be trivially done.
>>
>> [1]
>> https://git.kernel.org/pub/scm/linux/kernel/git/jth/linux.git/log/?h=btrfs-integrity
>> [2] https://github.com/morbidrsa/btrfs-progs/tree/mkfs-hmac
> 
> I think 'btrfs check' also needs to be fed the hmac in order to verify
> checksums and also rewrite out a new csum or extent tree and do
> repairs?

Check yes, I'm not so much with you with repairs. If a hmac of a block 
is corrupt, something altered the on-disk data, somehow. Either it's a 
bad block on disk or an attack. You can't be sure the data is still trusted.

> 
>> I just don't want to spend time on it again when it's not going to be
>> merged in the end (for what ever reason).
> 
> Sure. Seems reasonable.
> 

Let me see if I can carve out some time for this end of next week to 
re-base what I had.

Maybe having someone in the community being interested in this work can 
accelerate it's upstream acceptance.

[1] https://github.com/morbidrsa/btrfs-integrity-paper

Byte,
	Johannes




[Index of Archives]     [Linux Filesystem Development]     [Linux NFS]     [Linux NILFS]     [Linux USB Devel]     [Linux Audio Users]     [Yosemite News]     [Linux Kernel]     [Linux SCSI]

  Powered by Linux