metadata: adding sha256 integrity check support#116
Open
PThierry wants to merge 8 commits into
Open
Conversation
Use C++20 std::span and std::as_bytes to serialize reflactable metadata to std::vector<std::byte>, remove duplicate code for vector and ofstream output. Write to file is out of scope of serialization.
e29335a to
ee3c096
Compare
Contributor
Author
|
Modify the way the sha256 calculation is made in order to avoid sha256 field special case. sha256 should be made over metada upto (but not containing) the sha256 metadata integrity field. |
…a256 runtime calculation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Adding boot-time sha256 integrity check based on metadata_sha256 field of each task metadata.
This feature is based on two parts:
Note that this feature is a simple integrity check. metadata authenticity aim to be verified in a trusted boot model that validate cryptographic signature of both kernel and metadata before booting the kernel.
Tasks effective sha256 is not a part of this PR, meaning that the metadata field denoted "task_metadata" is kept to 0 by now. This part (checking effective integrity of user tasks against their sha256 hash at kernel boot time as a continuation of the trusted boot process) will be made in another, dedicated, pull request.
Closes #52
This PR has no impact on kernel ABI, metadata being a kernel internal manipulation through genmetadata tooling of this very same repository.