• Sascha Hauer's avatar
    ubifs: support offline signed images · 817aa094
    Sascha Hauer authored
    HMACs can only be generated on the system the UBIFS image is running on.
    To support offline signed images we add a PKCS#7 signature to the UBIFS
    image which can be created by mkfs.ubifs.
    
    Both the master node and the superblock need to be authenticated, during
    normal runtime both are protected with HMACs. For offline signature
    support however only a single signature is desired. We add a signature
    covering the superblock node directly behind it. To protect the master
    node a hash of the master node is added to the superblock which is used
    when the master node doesn't contain a HMAC.
    
    Transition to a read/write filesystem is also supported. During
    transition first the master node is rewritten with a HMAC (implicitly,
    it is written anyway as the FS is marked dirty). Afterwards the
    superblock is rewritten with a HMAC. Once after the image has been
    mounted read/write it is HMAC only, the signature is no longer required
    or even present on the filesystem.
    
    In an offline signed image the master node is authenticated by the
    superblock. In a transition to r/w we have to make sure that the master
    node is rewritten before the superblock node. In this case the master
    node gets a HMAC and its authenticity no longer depends on the
    superblock node. There are some cases in which the current code first
    writes the superblock node though, so with this patch writing of the
    superblock node is delayed until the master node is written.
    Signed-off-by: default avatarSascha Hauer <s.hauer@pengutronix.de>
    Signed-off-by: default avatarRichard Weinberger <richard@nod.at>
    817aa094
master.c 12.4 KB