diff options
author | Matthias Kaehlcke <mka@chromium.org> | 2022-09-07 23:30:58 +0300 |
---|---|---|
committer | Kees Cook <keescook@chromium.org> | 2022-09-08 02:37:27 +0300 |
commit | 916ef6232cc4b84db7082b4c3d3cf1753d9462ba (patch) | |
tree | bce625a93d60639ce4c7d9e4fa7842af1a20d197 /drivers/md/dm-verity.h | |
parent | aafc203bbad4bf6cf394a34ea698c2b0b8affae0 (diff) | |
download | linux-916ef6232cc4b84db7082b4c3d3cf1753d9462ba.tar.xz |
dm: verity-loadpin: Only trust verity targets with enforcement
Verity targets can be configured to ignore corrupted data blocks.
LoadPin must only trust verity targets that are configured to
perform some kind of enforcement when data corruption is detected,
like returning an error, restarting the system or triggering a
panic.
Fixes: b6c1c5745ccc ("dm: Add verity helpers for LoadPin")
Reported-by: Sarthak Kukreti <sarthakkukreti@chromium.org>
Signed-off-by: Matthias Kaehlcke <mka@chromium.org>
Reviewed-by: Sarthak Kukreti <sarthakkukreti@chromium.org>
Cc: stable@vger.kernel.org
Signed-off-by: Kees Cook <keescook@chromium.org>
Link: https://lore.kernel.org/r/20220907133055.1.Ic8a1dafe960dc0f8302e189642bc88ebb785d274@changeid
Diffstat (limited to 'drivers/md/dm-verity.h')
-rw-r--r-- | drivers/md/dm-verity.h | 1 |
1 files changed, 1 insertions, 0 deletions
diff --git a/drivers/md/dm-verity.h b/drivers/md/dm-verity.h index 45455de1b4bc..98f306ec6a33 100644 --- a/drivers/md/dm-verity.h +++ b/drivers/md/dm-verity.h @@ -134,6 +134,7 @@ extern int verity_hash_for_block(struct dm_verity *v, struct dm_verity_io *io, sector_t block, u8 *digest, bool *is_zero); extern bool dm_is_verity_target(struct dm_target *ti); +extern int dm_verity_get_mode(struct dm_target *ti); extern int dm_verity_get_root_digest(struct dm_target *ti, u8 **root_digest, unsigned int *digest_size); |