mirrors/linux-stable
1
0
Fork 0
mirror of https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git synced 2024-09-21 01:51:18 +00:00
Code Issues Releases Wiki Activity
linux-stable/Documentation
History
Eric Biggers 672d6ef4c7 fsverity: improve documentation for builtin signature support 
fsverity builtin signatures (CONFIG_FS_VERITY_BUILTIN_SIGNATURES) aren't
the only way to do signatures with fsverity, and they have some major
limitations.  Yet, more users have tried to use them, e.g. recently by
https://github.com/ostreedev/ostree/pull/2640.  In most cases this seems
to be because users aren't sufficiently familiar with the limitations of
this feature and what the alternatives are.

Therefore, make some updates to the documentation to try to clarify the
properties of this feature and nudge users in the right direction.

Note that the Integrity Policy Enforcement (IPE) LSM, which is not yet
upstream, is planned to use the builtin signatures.  (This differs from
IMA, which uses its own signature mechanism.)  For that reason, my
earlier patch "fsverity: mark builtin signatures as deprecated"
(https://lore.kernel.org/r/20221208033548.122704-1-ebiggers@kernel.org),
which marked builtin signatures as "deprecated", was controversial.

This patch therefore stops short of marking the feature as deprecated.
I've also revised the language to focus on better explaining the feature
and what its alternatives are.

Link: https://lore.kernel.org/r/20230620041937.5809-1-ebiggers@kernel.org
Reviewed-by: Colin Walters <walters@verbum.org>
Reviewed-by: Luca Boccassi <bluca@debian.org>
Signed-off-by: Eric Biggers <ebiggers@google.com>
2023-06-20 22:47:55 -07:00
..
ABI dmaengine updates for v6.4 2023-05-03 11:11:56 -07:00
accel
accounting Scheduler changes for v6.4: 2023-04-28 14:53:30 -07:00
admin-guide for-6.4/block-2023-05-06 2023-05-06 08:28:58 -07:00
arch A handful of late-arriving documentation fixes, plus one Spanish 2023-05-05 13:16:42 -07:00
arm ARM: SoC devicetree changes for 6.4 2023-04-25 12:11:54 -07:00
arm64
block Documentation/block: drop the request.rst file 2023-05-12 11:04:58 -06:00
bpf lsm/stable-6.4 PR 20230428 2023-04-29 10:17:05 -07:00
cdrom
core-api - Nick Piggin's "shoot lazy tlbs" series, to improve the peformance of 2023-04-27 19:42:02 -07:00
cpu-freq
crypto
dev-tools Mainly singleton patches all over the place. Series of note are: 2023-04-27 19:57:00 -07:00
devicetree dt-bindings: PCI: fsl,imx6q: fix assigned-clocks warning 2023-05-09 08:01:49 +02:00
doc-guide
driver-api pwm: Changes for v6.4-rc1 2023-05-03 11:25:01 -07:00
fault-injection
fb
features
filesystems fsverity: improve documentation for builtin signature support 2023-06-20 22:47:55 -07:00
firmware-guide
firmware_class
fpga
gpu
hid
hwmon hwmon: (aquacomputer_d5next) Add support for Aquacomputer Aquastream XT 2023-04-21 07:27:23 -07:00
i2c
iio
images
infiniband
input
isdn
kbuild parisc: update kbuild doc. aliases for parisc64 2023-05-03 17:43:10 +02:00
kernel-hacking
leds - New Drivers 2023-05-02 10:36:02 -07:00
litmus-tests LKMM scripting updates for v6.4 2023-04-24 12:02:25 -07:00
livepatch Objtool changes for v6.4: 2023-04-28 14:02:54 -07:00
locking
loongarch
maintainer
mhi
mips
misc-devices
mm - Nick Piggin's "shoot lazy tlbs" series, to improve the peformance of 2023-04-27 19:42:02 -07:00
netlabel
netlink net/handshake: Add a kernel API for requesting a TLSv1.3 handshake 2023-04-19 18:48:48 -07:00
networking docs: networking: fix x25-iface.rst heading & index order 2023-05-10 10:31:46 +01:00
nvdimm
nvme
PCI
pcmcia
peci
power regulator: consumer.rst: fix 'regulator_enable' typo. 2023-04-27 21:55:38 +01:00
powerpc
process Mainly singleton patches all over the place. Series of note are: 2023-04-27 19:57:00 -07:00
RCU
riscv RISC-V Patches for the 6.4 Merge Window, Part 1 2023-04-28 16:55:39 -07:00
rust
s390
scheduler sh updates for v6.4 2023-04-27 17:41:23 -07:00
scsi
security lsm: move hook comments docs to security/security.c 2023-04-28 11:58:34 -04:00
sound ALSA: docs: Fix code block indentation in ALSA driver example 2023-05-03 08:08:25 +02:00
sphinx
sphinx-static
spi
staging
target
timers Documentation: timers: hrtimers: Make hybrid union historical 2023-05-02 10:49:58 -06:00
tools rtla/timerlat: Add auto-analysis only option 2023-04-25 19:26:17 -04:00
trace Minor tracing updates: 2023-05-05 13:11:02 -07:00
translations A handful of late-arriving documentation fixes, plus one Spanish 2023-05-05 13:16:42 -07:00
usb
userspace-api Char/Misc drivers for 6.4-rc1 2023-04-27 12:07:50 -07:00
virt VFIO updates for v6.4-rc1 2023-05-02 11:56:43 -07:00
w1
watchdog
.gitignore
atomic_bitops.txt
atomic_t.txt
Changes
CodingStyle
conf.py docs: turn off "smart quotes" in the HTML build 2023-04-20 17:53:18 -06:00
docutils.conf
dontdiff
index.rst
Kconfig
Makefile
memory-barriers.txt
SubmittingPatches
subsystem-apis.rst