Add support for fsverity signatures

[jessorensen]

fsverity is a new integrity feature in the kernel, which in combination with fsverity-utils allows for validating integrity of binaries when data blocks are read from disk.

This request is to add native rpm support for fsverity signatures, similar to what is already available in RPM for IMA signatures.

[jessorensen]

I am currently working on splitting fsverity-utils into a shared library which will provide the needed functionality for computing digests and signing.

[pmatilai]

Care to explain to the uninitiated layman such as myself why would we want/need this in rpm, since there already is IMA?

Adding per-file data to headers is costly, and IMA already bloats headers significantly. Adding more of the same (as it kinda seems to me on the outset) needs to have some pretty convincing benefits.

[jessorensen]

Care to explain to the uninitiated layman such as myself why would we want/need this in rpm, since there already is IMA?

Certainly!

IMA and fs-verity operate very differently, in particular IMA is a lot more complex and and has substantially higher system overhead when reading signed files off the file system. It also requires one to use the full IMA system.

fs-verity works by using a Merkle tree to generate a checksum for every data block in the system, and reads will fail if a single data block read fails it's checksum. The signature of the the file is validated against a public key loaded into the kernel keyring.

The fs-verity signature is basically a signature of the root digest of the Merkle tree.

Happy to elaborate further

[mikhailnov]

Sounds like system consistency self test, that must be useful

[jessorensen]

Here is a more detailed update on the design of the fsverity support I have been working on for rpm.

I now have code which I believe works correctly, and I'd love some feedback on it. I am sure I got some things wrong. The code can be found in my cloned repo here[1]

fsverity itself provides block-level checksumming of files in the file system, which can be signed and authenticated by a public key loaded into the kernel's public keyring. This allows the kernel to validate individual data blocks as they are read from the disk instead of having to validate the entire file's digest before allowing it to be opened.

Instead of a regular digest, fsverity uses a Merkle tree, which is basically a tree of digests. For now only sha256 and sha512 are supported for calculating this tree. The fsverity signature authenticates the root of the Merkle tree, by signing an fsverity descriptor which contains the root digest. This API is defined by the kernel. The code to generate the fsverity descriptor, and the code to sign it, is provided by libfsverity from the fsverity-utils package[2][3].

There is no way to go from the regular digest to the Merkle tree, so the code parses the archive of the rpm to generate the signatures. As the file count of the archive doesn't have to match the metadata file count, ghost files etc, and the file order of the archive and the metadata do not necessarily match, the signatures are placed in an array based on their file index, and signatures for the missing items are generated from the metadata fi.

The code introduces four new tags:

• RPMTAG_VERITYSIGNATURELENGTH (uint32_t): The size of the fs verity signatures
• RPMTAG_VERITYSIGNATURES (char *): Array of fsverity signatures
• RPMTAG_VERITYSIGNATUREALGO (uint32_t): Algorithm used to generate signature
• RPMTAG_VERITYSIGNATUREBLKSZ (uint32_t): Block size used to calculate the Merkle tree

In addition the code provides a new plugin "fsverity" which will install the fsverity signature and enable fsverity on files as they are installed. Similar to IMA file signatures, it will skip installing signatures for config files, unless explicitly requested, and it only installs signatures for regular files as directories and symlinks are not currently supported by fsverity.

To enable fsverity in the build, one must specify --with-fsverity, and have the fsverity-utils header and library installed.

To generate signatures, one must specify three arguments:
--fskpath= specify siging key (argument is shared with IMA file signing)
--certpath= specify signing certificate
--signverity add fsverity signatures to the package

Jes

1: Code adding fsverity support to rpm: https://github.com/jessorensen/rpm/tree/rpm-fsverity
2: Original fsverity git repo: git://git.kernel.org/pub/scm/linux/kernel/git/ebiggers/fsverity-utils.git
3: fsverity refactoring providing libfsverity:

• https://www.spinics.net/lists/linux-fscrypt/msg03278.html
• git://git.kernel.org/pub/scm/linux/kernel/git/jes/fsverity-utils.git/

[pmatilai]

#1203 has been merged, I think we can close this one.

[mikhailnov]

Do I understand correctly that IMA will verify signatures of binaries before running them , but fsverity can verify any file when it is being accessed and block access if the signature is invalid?