dm: verity-loadpin: Only trust verity targets with enforcement - starfive-tech/linux.git - StarFive Tech Linux Kernel for VisionFive (JH7110) boards (mirror)

diff options

author	Matthias Kaehlcke <mka@chromium.org>	2022-09-07 23:30:58 +0300
committer	Kees Cook <keescook@chromium.org>	2022-09-08 02:37:27 +0300
commit	916ef6232cc4b84db7082b4c3d3cf1753d9462ba (patch)
tree	bce625a93d60639ce4c7d9e4fa7842af1a20d197 /security/loadpin/Kconfig
parent	aafc203bbad4bf6cf394a34ea698c2b0b8affae0 (diff)
download	linux-916ef6232cc4b84db7082b4c3d3cf1753d9462ba.tar.xz

dm: verity-loadpin: Only trust verity targets with enforcement

Verity targets can be configured to ignore corrupted data blocks. LoadPin must only trust verity targets that are configured to perform some kind of enforcement when data corruption is detected, like returning an error, restarting the system or triggering a panic. Fixes: b6c1c5745ccc ("dm: Add verity helpers for LoadPin") Reported-by: Sarthak Kukreti <sarthakkukreti@chromium.org> Signed-off-by: Matthias Kaehlcke <mka@chromium.org> Reviewed-by: Sarthak Kukreti <sarthakkukreti@chromium.org> Cc: stable@vger.kernel.org Signed-off-by: Kees Cook <keescook@chromium.org> Link: https://lore.kernel.org/r/20220907133055.1.Ic8a1dafe960dc0f8302e189642bc88ebb785d274@changeid

Diffstat (limited to 'security/loadpin/Kconfig')

0 files changed, 0 insertions, 0 deletions


context:
space:
mode: