On 3/6/24 15:34, Fan Wu wrote:
> +if SECURITY_IPE
> +menu "IPE Trust Providers"
> +
> +config IPE_PROP_DM_VERITY
> + bool "Enable support for dm-verity volumes"
> + depends on DM_VERITY && DM_VERITY_VERIFY_ROOTHASH_SIG
> + help
> + This option enables the properties 'dmverity_signature' and
> + 'dmverity_roothash' in IPE policy. These properties evaluates
evaluate
> + to TRUE when a file is evaluated against a dm-verity volume
> + that was mounted with a signed root-hash or the volume's
> + root hash matches the supplied value in the policy.
--
#Randy
- [RFC PATCH v14 07/19] security: add new securityfs delete ... Fan Wu
- [RFC PATCH v14 06/19] ipe: introduce 'boot_verified' as a ... Fan Wu
- [RFC PATCH v14 12/19] dm: add finalize hook to target_type Fan Wu
- [RFC PATCH v14 08/19] ipe: add userspace interface Fan Wu
- [RFC PATCH v14 10/19] ipe: add permissive toggle Fan Wu
- [RFC PATCH v14 11/19] block|security: add LSM blob to bloc... Fan Wu
- [RFC PATCH v14 09/19] uapi|audit|ipe: add ipe auditing sup... Fan Wu
- [RFC PATCH v14 18/19] ipe: kunit test for parser Fan Wu
- [RFC PATCH v14 13/19] dm verity: consume root hash digest ... Fan Wu
- [RFC PATCH v14 14/19] ipe: add support for dm-verity as a ... Fan Wu
- Re: [RFC PATCH v14 14/19] ipe: add support for dm-ver... Randy Dunlap
- [RFC PATCH v14 15/19] fsverity: consume builtin signature ... Fan Wu
- Re: [RFC PATCH v14 15/19] fsverity: consume builtin s... Eric Biggers
- Re: [RFC PATCH v14 15/19] fsverity: consume built... Eric Biggers
- Re: [RFC PATCH v14 15/19] fsverity: consume b... Paul Moore
- Re: [RFC PATCH v14 15/19] fsverity: consume b... Fan Wu
- Re: [RFC PATCH v14 15/19] fsverity: consu... Casey Schaufler
- Re: [RFC PATCH v14 15/19] fsverity: ... Fan Wu
- Re: [RFC PATCH v14 15/19] fsveri... Paul Moore
- Re: [RFC PATCH v14 15/19] fsverity: consume built... Fan Wu
- [RFC PATCH v14 16/19] ipe: enable support for fs-verity as... Fan Wu
