NothingOSS/android_kernel_msm-6.1_nothing_sm7635
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
android_kernel_msm-6.1_noth.../include/uapi/linux
History
Matthias Kaehlcke 3f805f8cc2 LoadPin: Enable loading from trusted dm-verity devices 
Extend LoadPin to allow loading of kernel files from trusted dm-verity [1]
devices.

This change adds the concept of trusted verity devices to LoadPin. LoadPin
maintains a list of root digests of verity devices it considers trusted.
Userspace can populate this list through an ioctl on the new LoadPin
securityfs entry 'dm-verity'. The ioctl receives a file descriptor of
a file with verity digests as parameter. Verity reads the digests from
this file after confirming that the file is located on the pinned root.
The digest file must contain one digest per line. The list of trusted
digests can only be set up once, which is typically done at boot time.

When a kernel file is read LoadPin first checks (as usual) whether the file
is located on the pinned root, if so the file can be loaded. Otherwise, if
the verity extension is enabled, LoadPin determines whether the file is
located on a verity backed device and whether the root digest of that
device is in the list of trusted digests. The file can be loaded if the
verity device has a trusted root digest.

Background:

As of now LoadPin restricts loading of kernel files to a single pinned
filesystem, typically the rootfs. This works for many systems, however it
can result in a bloated rootfs (and OTA updates) on platforms where
multiple boards with different hardware configurations use the same rootfs
image. Especially when 'optional' files are large it may be preferable to
download/install them only when they are actually needed by a given board.
Chrome OS uses Downloadable Content (DLC) [2] to deploy certain 'packages'
at runtime. As an example a DLC package could contain firmware for a
peripheral that is not present on all boards. DLCs use dm-verity to verify
the integrity of the DLC content.

[1] https://www.kernel.org/doc/html/latest/admin-guide/device-mapper/verity.html
[2] https://chromium.googlesource.com/chromiumos/platform2/+/HEAD/dlcservice/docs/developer.md

Signed-off-by: Matthias Kaehlcke <mka@chromium.org>
Acked-by: Mike Snitzer <snitzer@kernel.org>
Link: https://lore.kernel.org/lkml/20220627083512.v7.2.I01c67af41d2f6525c6d023101671d7339a9bc8b5@changeid
Signed-off-by: Kees Cook <keescook@chromium.org>
2022-07-08 10:46:53 -07:00
..
android Char / Misc / Other smaller driver subsystem updates for 5.19-rc1 2022-06-03 11:36:34 -07:00
byteorder
caif
can can: isotp: add support for transmission without flow control 2022-05-16 22:03:45 +02:00
cifs
dvb
genwqe
hdlc
hsi
iio iio: introduce mag_referenced 2022-02-21 19:33:05 +00:00
isdn
misc
mmc
netfilter Merge git://git.kernel.org/pub/scm/linux/kernel/git/netdev/net 2022-02-10 17:29:56 -08:00
netfilter_arp
netfilter_bridge
netfilter_ipv4
netfilter_ipv6
nfsd
raid
sched
spi spi: add SPI_RX_CPHA_FLIP mode bit 2022-04-19 13:13:47 +01:00
sunrpc
surface_aggregator
tc_act net: sched: support hash selecting tx queue 2022-04-19 12:20:45 +02:00
tc_ematch
usb
a.out.h
acct.h taskstats: version 12 with thread group and exe info 2022-04-29 14:38:03 -07:00
acrn.h
adb.h
adfs_fs.h
affs_hardblocks.h
agpgart.h agpgart.h: do not include <stdlib.h> from exported header 2022-05-13 10:56:10 +02:00
aio_abi.h
am437x-vpfe.h
amt.h
apm_bios.h
arcfb.h
arm_sdei.h
aspeed-lpc-ctrl.h
aspeed-p2a-ctrl.h
atalk.h
atm.h
atm_eni.h
atm_he.h
atm_idt77105.h
atm_nicstar.h
atm_tcp.h
atmapi.h
atmarp.h
atmbr2684.h
atmclip.h
atmdev.h
atmioc.h
atmlec.h
atmmpc.h
atmppp.h
atmsap.h
atmsvc.h
audit.h LoongArch: Add ELF-related definitions 2022-06-03 20:09:27 +08:00
auto_dev-ioctl.h
auto_fs.h
auto_fs4.h
auxvec.h
ax25.h
batadv_packet.h
batman_adv.h
baycom.h
bcm933xx_hcs.h
bfs_fs.h
binfmts.h
blkpg.h
blktrace_api.h
blkzoned.h
bpf.h bpf: Add dynptr data slices 2022-05-23 14:31:28 -07:00
bpf_common.h
bpf_perf_event.h
bpfilter.h
bpqether.h
bsg.h
bt-bmc.h
btf.h bpf: Correct the comment for BTF kind bitfield 2022-04-03 17:06:52 -07:00
btrfs.h btrfs: add definitions and documentation for encoded I/O ioctls 2022-03-14 13:13:51 +01:00
btrfs_tree.h btrfs: move definition of btrfs_raid_types to volumes.h 2022-05-16 17:03:16 +02:00
cachefiles.h cachefiles: implement on-demand read 2022-05-18 00:11:18 +08:00
can.h
capability.h
capi.h
cciss_defs.h
cciss_ioctl.h
ccs.h
cdrom.h cdrom: mark CDROMGETSPINDOWN/CDROMSETSPINDOWN obsolete 2022-05-15 18:31:28 -06:00
cec-funcs.h
cec.h media: cec.h: add cec_msg_recv_is_rx/tx_result helpers 2022-04-24 07:40:13 +01:00
cfm_bridge.h
cgroupstats.h
chio.h
close_range.h
cm4000_cs.h
cn_proc.h
coda.h
coff.h
comedi.h
connector.h
const.h
coresight-stm.h
counter.h counter: add new COUNTER_EVENT_CHANGE_OF_STATE 2022-03-18 14:04:30 +01:00
cramfs_fs.h
cryptouser.h
cuda.h
cxl_mem.h cxl/mbox: Use type __u32 for mailbox payload sizes 2022-04-22 16:12:04 -07:00
cyclades.h tty: Partially revert the removal of the Cyclades public API 2022-01-26 14:49:46 +01:00
cycx_cfm.h
dcbnl.h
dccp.h
devlink.h Revert "Merge branch 'mlxsw-line-card-model'" 2022-05-05 15:47:23 -07:00
dlm.h
dlm_device.h
dlm_netlink.h
dlm_plock.h
dlmconstants.h
dm-ioctl.h dm: add dm_submit_bio_remap interface 2022-02-21 15:36:33 -05:00
dm-log-userspace.h
dma-buf.h dma-buf: fix use of DMA_BUF_SET_NAME_{A,B} in userspace 2022-05-17 13:05:19 +02:00
dma-heap.h
dn.h
dns_resolver.h
dqblk_xfs.h
edd.h
efs_fs_sb.h
elf-em.h LoongArch: Add ELF-related definitions 2022-06-03 20:09:27 +08:00
elf-fdpic.h
elf.h LoongArch: Add ELF-related definitions 2022-06-03 20:09:27 +08:00
errno.h
errqueue.h
erspan.h
ethtool.h ethtool: Add 10base-T1L link mode entry 2022-05-01 17:45:35 +01:00
ethtool_netlink.h net: ethtool: extend ringparam set/get APIs for tx_push 2022-04-15 11:41:35 -07:00
eventpoll.h
f2fs.h
fadvise.h
falloc.h
fanotify.h fanotify: implement "evictable" inode marks 2022-04-25 14:43:03 +02:00
fb.h linux/fb.h: Spelling s/palette/palette/ 2022-04-04 08:55:23 +02:00
fcntl.h
fd.h
fdreg.h
fib_rules.h
fiemap.h
filter.h
firewire-cdev.h
firewire-constants.h
fou.h
fpga-dfl.h
fs.h
fscrypt.h
fsi.h fsi: sbefifo: Implement FSI_SBEFIFO_READ_TIMEOUT_SECONDS ioctl 2022-02-21 19:38:17 +10:30
fsl_hypervisor.h
fsl_mc.h
fsmap.h fsmap.h: add linux/fsmap.h to UAPI compile-test coverage 2022-02-17 09:09:37 +01:00
fsverity.h
fuse.h
futex.h
gameport.h
gen_stats.h
genetlink.h
gfs2_ondisk.h
gpio.h gpiolib: cdev: Add hardware timestamp clock type 2022-05-04 11:06:13 +02:00
gsmmux.h
gtp.h gtp: Implement GTP echo request 2022-03-11 08:28:05 -08:00
hash_info.h
hdlc.h
hdlcdrv.h
hdreg.h
hid.h
hiddev.h
hidraw.h
hpet.h
hsr_netlink.h
hw_breakpoint.h
hyperv.h hv_utils: Add comment about max VMbus packet size in VSS driver 2022-02-18 13:08:18 +00:00
i2c-dev.h
i2c.h
i2o-dev.h
i8k.h
icmp.h
icmpv6.h
idxd.h dmaengine: idxd: update IAA definitions for user header 2022-04-11 19:36:54 +05:30
if.h
if_addr.h net: Add new protocol attribute to IP addresses 2022-02-18 21:20:06 -08:00
if_addrlabel.h
if_alg.h
if_arcnet.h
if_arp.h
if_bonding.h
if_bridge.h net: bridge: mst: Support setting and reporting MST port states 2022-03-17 16:49:57 -07:00
if_cablemodem.h
if_eql.h
if_ether.h if_ether.h: add EtherCAT Ethertype 2022-03-01 18:29:27 -08:00
if_fc.h
if_fddi.h
if_hippi.h
if_infiniband.h
if_link.h net: add IFLA_TSO_{MAX_SIZE|SEGS} attributes 2022-05-16 10:18:55 +01:00
if_ltalk.h
if_macsec.h
if_packet.h
if_phonet.h
if_plip.h
if_ppp.h
if_pppol2tp.h
if_pppox.h
if_slip.h
if_team.h
if_tun.h
if_tunnel.h net/sched: Allow flower to match on GTP options 2022-03-11 08:28:27 -08:00
if_vlan.h
if_x25.h
if_xdp.h
ife.h
igmp.h
ila.h
in.h
in6.h
in_route.h
inet_diag.h
inotify.h
input-event-codes.h Input: add Marine Navigation Keycodes 2022-04-17 13:13:53 -07:00
input.h HID: amd_sfh: Move bus declaration outside of amd-sfh 2022-05-11 14:16:26 +02:00
io_uring.h io_uring: remove IORING_CLOSE_FD_AND_FILE_SLOT 2022-06-14 10:57:40 -06:00
ioam6.h
ioam6_genl.h
ioam6_iptunnel.h uapi: ioam: Insertion frequency 2022-02-04 20:24:45 -08:00
ioctl.h
iommu.h iommu: Remove guest pasid related interfaces and definitions 2022-02-28 13:25:48 +01:00
ioprio.h
ip.h
ip6_tunnel.h
ip_vs.h
ipc.h
ipmi.h
ipmi_bmc.h
ipmi_msgdefs.h
ipsec.h
ipv6.h net/ipv6: Expand and rename accept_unsolicited_na to accept_untracked_na 2022-05-31 11:36:57 +02:00
ipv6_route.h
irqnr.h
iso_fs.h
isst_if.h
ivtv.h
ivtvfb.h
jffs2.h
joystick.h
kcm.h
kcmp.h
kcov.h
kd.h
kdev_t.h
kernel-page-flags.h
kernel.h
kernelcapi.h
kexec.h LoongArch: Add ELF-related definitions 2022-06-03 20:09:27 +08:00
keyboard.h
keyctl.h
kfd_ioctl.h drm/amdkfd: CRIU export dmabuf handles for GTT BOs 2022-03-15 14:25:17 -04:00
kfd_sysfs.h drm/amdkfd: make SPDX License expression more sound 2022-01-11 15:44:27 -05:00
kvm.h KVM/arm64 updates for 5.19 2022-05-25 05:09:23 -04:00
kvm_para.h
l2tp.h
landlock.h landlock: Add support for file reparenting with LANDLOCK_ACCESS_FS_REFER 2022-05-23 13:27:59 +02:00
libc-compat.h
limits.h
lirc.h media: lirc: revert removal of unused feature flags 2022-05-25 09:51:36 -07:00
llc.h
loadpin.h LoadPin: Enable loading from trusted dm-verity devices 2022-07-08 10:46:53 -07:00
loop.h loop: remove most the top-of-file boilerplate comment from the UAPI header 2022-05-10 06:30:05 -06:00
lp.h
lwtunnel.h
magic.h fuse: move FUSE_SUPER_MAGIC definition to magic.h 2022-02-21 14:57:26 +01:00
major.h
map_to_7segment.h
map_to_14segment.h
matroxfb.h
max2175.h
mctp.h mctp: Add SIOCMCTP{ALLOC,DROP}TAG ioctls for tag control 2022-02-09 12:00:11 +00:00
mdio.h net: phy: Add 10BASE-T1L support in phy-c45 2022-05-01 17:45:35 +01:00
media-bus-format.h
media.h media: media.h: remove unneeded <stdint.h> inclusion 2022-04-24 08:27:37 +01:00
mei.h
membarrier.h
memfd.h
mempolicy.h
meye.h
mii.h
minix_fs.h
mman.h
mmtimer.h
module.h module: add in-kernel support for decompressing 2022-01-11 18:45:02 -08:00
mount.h
mpls.h
mpls_iptunnel.h
mptcp.h mptcp: netlink: allow userspace-driven subflow establishment 2022-05-04 10:49:32 +01:00
mqueue.h
mroute.h
mroute6.h net: ip6mr: add support for passing full packet on wrong mif 2022-02-19 16:05:54 +00:00
mrp_bridge.h
msdos_fs.h
msg.h
mtio.h
nbd-netlink.h
nbd.h
ncsi.h
ndctl.h nvdimm/region: Delete nd_blk_region infrastructure 2022-03-11 15:53:13 -08:00
neighbour.h net: rtnetlink: add ndm flags and state mask attributes 2022-04-13 12:46:26 +01:00
net.h
net_dropmon.h net: drop_monitor: support drop reason 2022-02-09 17:25:57 -08:00
net_namespace.h
net_tstamp.h
netconf.h
netdevice.h
netfilter.h
netfilter_arp.h
netfilter_bridge.h
netfilter_decnet.h
netfilter_ipv4.h
netfilter_ipv6.h
netlink.h net: netlink: add NLM_F_BULK delete request modifier 2022-04-13 12:46:26 +01:00
netlink_diag.h
netrom.h
nexthop.h
nfc.h
nfs.h
nfs2.h
nfs3.h
nfs4.h NFSv4.1 support for NFS4_RESULT_PRESERVER_UNLINKED 2022-02-25 18:50:12 -05:00
nfs4_mount.h
nfs_fs.h NFS: Remove remaining dfprintks related to fscache and remove NFSDBG_FSCACHE 2022-03-13 12:59:35 -04:00
nfs_idmap.h
nfs_mount.h
nfsacl.h
nilfs2_api.h
nilfs2_ondisk.h
nitro_enclaves.h
nl80211-vnd-intel.h
nl80211.h cfg80211: support disabling EHT mode 2022-05-04 22:50:01 +02:00
nsfs.h
nubus.h
nvme_ioctl.h nvme: enable uring-passthrough for admin commands 2022-05-20 06:17:33 -06:00
nvram.h
omap3isp.h media: omap3isp: Use struct_group() for memcpy() region 2022-02-27 10:58:04 -08:00
omapfb.h
oom.h
openat2.h
openvswitch.h net: openvswitch: fix uAPI incompatibility with existing user space 2022-03-10 20:14:52 -08:00
packet_diag.h
param.h
parport.h
patchkey.h
pci.h
pci_regs.h PCI: Add PCI_EXP_SLTCTL_ASPL_DISABLE macro 2022-04-25 10:53:38 +01:00
pcitest.h
perf_event.h Changes for this cycle were: 2022-03-22 13:06:49 -07:00
personality.h
pfkeyv2.h
pfrut.h
pg.h
phantom.h
phonet.h
pidfd.h
pkt_cls.h net/sched: flower: Add number of vlan tags filter 2022-04-20 11:09:13 +01:00
pkt_sched.h
pktcdvd.h
pmu.h
poll.h
posix_acl.h
posix_acl_xattr.h
posix_types.h
ppdev.h
ppp-comp.h
ppp-ioctl.h
ppp_defs.h
pps.h
pr.h
prctl.h arm64/sme: Implement vector length configuration prctl()s 2022-04-22 18:50:54 +01:00
psample.h
psci.h KVM: arm64: Expose PSCI SYSTEM_RESET2 call to the guest 2022-02-21 16:02:55 +00:00
psp-sev.h
ptp_clock.h
ptrace.h ptrace: Move setting/clearing ptrace_message into ptrace_stop 2022-03-18 09:44:19 -05:00
qemu_fw_cfg.h
qnx4_fs.h
qnxtypes.h
qrtr.h
quota.h
radeonfb.h
random.h
rds.h
reboot.h
reiserfs_fs.h
reiserfs_xattr.h reiserfs_xattr.h: add linux/reiserfs_xattr.h to UAPI compile-test coverage 2022-02-17 09:09:38 +01:00
remoteproc_cdev.h
resource.h
rfkill.h rfkill: uapi: fix RFKILL_IOCTL_MAX_SIZE ioctl request definition 2022-05-09 14:00:07 +02:00
rio_cm_cdev.h
rio_mport_cdev.h
rkisp1-config.h
romfs_fs.h
rose.h
route.h
rpl.h
rpl_iptunnel.h
rpmsg.h rpmsg: ctrl: Introduce new RPMSG_CREATE/RELEASE_DEV_IOCTL controls 2022-03-13 11:49:53 -05:00
rpmsg_types.h
rseq.h rseq: Remove broken uapi field layout on 32-bit little endian 2022-02-02 13:11:34 +01:00
rtc.h rtc: add new RTC_FEATURE_ALARM_WAKEUP_ONLY feature 2022-03-23 19:58:40 +01:00
rtnetlink.h net: bridge: mst: Support setting and reporting MST port states 2022-03-17 16:49:57 -07:00
rxrpc.h
scc.h
sched.h
scif_ioctl.h
screen_info.h
sctp.h
seccomp.h seccomp: Add wait_killable semantic to seccomp user notifier 2022-05-03 14:11:58 -07:00
securebits.h
sed-opal.h
seg6.h
seg6_genl.h
seg6_hmac.h
seg6_iptunnel.h
seg6_local.h
selinux_netlink.h
sem.h
serial.h
serial_core.h serial: sunplus-uart: Add Sunplus SoC UART Driver 2022-02-26 10:03:21 +01:00
serial_reg.h
serio.h
sev-guest.h virt: sevguest: Add support to get extended report 2022-04-07 16:47:12 +02:00
shm.h
signal.h
signalfd.h
smc.h net/smc: Add global configure for handshake limitation by netlink 2022-02-11 11:14:58 +00:00
smc_diag.h Partially revert "net/smc: Add netlink net namespace support" 2022-02-02 07:42:41 -08:00
smiapp.h
snmp.h
sock_diag.h
socket.h socket: Don't use u8 type in uapi socket.h 2022-06-01 16:48:05 -07:00
sockios.h
sonet.h
sonypi.h
sound.h
soundcard.h kbuild: move headers_check.pl to usr/include/ 2022-01-08 17:41:00 +09:00
stat.h
stddef.h uapi/linux/stddef.h: Add include guards 2022-03-31 13:04:44 -07:00
stm.h
string.h
suspend_ioctls.h
swab.h
switchtec_ioctl.h
sync_file.h
synclink.h
sysctl.h
sysinfo.h
target_core_user.h
taskstats.h delayacct: track delays from write-protect copy 2022-06-01 15:55:25 -07:00
tcp.h
tcp_metrics.h
tee.h tee: remove flags TEE_IOCTL_SHM_MAPPED and TEE_IOCTL_SHM_DMA_BUF 2022-04-26 10:17:03 +02:00
termios.h
thermal.h thermal: netlink: Add a new event to notify CPU capabilities change 2022-02-03 19:50:49 +01:00
time.h
time_types.h
timerfd.h
times.h
timex.h
tiocl.h
tipc.h
tipc_config.h net, uapi: remove inclusion of arpa/inet.h 2022-04-06 13:48:02 +01:00
tipc_netlink.h
tipc_sockets_diag.h
tls.h tls: Rename TLS_INFO_ZC_SENDFILE to TLS_INFO_ZC_TX 2022-06-09 21:51:57 -07:00
toshiba.h
tty.h tty: Reserve ldisc 29 for development purposes 2022-02-26 10:03:21 +01:00
tty_flags.h
types.h linux/types.h: reinstate "__bitwise__" macro for user space use 2022-05-25 10:08:59 -07:00
udf_fs_i.h
udmabuf.h
udp.h
uhid.h
uinput.h
uio.h
uleds.h
ultrasound.h
um_timetravel.h
un.h
unistd.h
unix_diag.h
usbdevice_fs.h
usbip.h
userfaultfd.h mm/uffd: enable write protection for shmem & hugetlbfs 2022-05-13 07:20:11 -07:00
userio.h
utime.h
utsname.h
uuid.h uuid: remove licence boilerplate text from the header 2022-01-20 08:52:54 +02:00
uvcvideo.h
v4l2-common.h
v4l2-controls.h media: v4l2-ctrls: Add intra-refresh type control 2022-04-24 08:35:01 +01:00
v4l2-dv-timings.h
v4l2-mediabus.h
v4l2-subdev.h
vbox_err.h
vbox_vmmdev_types.h
vboxguest.h
vdpa.h vdpa: Add support for querying vendor statistics 2022-05-31 12:44:20 -04:00
vduse.h
veth.h
vfio.h include/uapi/linux/vfio.h: Fix trivial typo - _IORW should be _IOWR instead 2022-05-16 12:39:43 -06:00
vfio_ccw.h
vfio_zdev.h
vhost.h vhost-vdpa: introduce uAPI to set group ASID 2022-05-31 12:44:31 -04:00
vhost_types.h vhost: support ASID in IOTLB API 2022-05-31 12:44:29 -04:00
videodev2.h media: uapi: Add IPU3 packed Y10 format 2022-05-17 09:36:03 +02:00
virtio_9p.h
virtio_balloon.h
virtio_blk.h
virtio_bt.h
virtio_config.h Add definition of VIRTIO_F_IN_ORDER feature bit 2022-03-28 16:52:58 -04:00
virtio_console.h
virtio_crypto.h virtio-crypto: introduce akcipher service 2022-03-28 16:52:58 -04:00
virtio_fs.h
virtio_gpio.h
virtio_gpu.h
virtio_i2c.h
virtio_ids.h virtio: fix virtio transitional ids 2022-05-10 07:22:28 -04:00
virtio_input.h
virtio_iommu.h
virtio_mem.h
virtio_mmio.h
virtio_net.h
virtio_pci.h
virtio_pcidev.h
virtio_pmem.h
virtio_ring.h
virtio_rng.h
virtio_scmi.h
virtio_scsi.h
virtio_snd.h
virtio_types.h
virtio_vsock.h
vm_sockets.h
vm_sockets_diag.h
vmcore.h
vsockmon.h
vt.h
vtpm_proxy.h
wait.h
watch_queue.h
watchdog.h
wireguard.h
wireless.h
wmi.h
wwan.h
x25.h
xattr.h
xdp_diag.h
xfrm.h xfrm: enforce validity of offload input flags 2022-02-09 09:00:40 +01:00
xilinx-v4l2-controls.h
zorro.h
zorro_ids.h