diff mbox series

[v3,1/3] dm: Add verity helpers for LoadPin

Message ID 20220504125404.v3.1.I3e928575a23481121e73286874c4c2bdb403355d@changeid (mailing list archive)
State New
Headers show
Series LoadPin: Enable loading from trusted dm-verity devices | expand

Commit Message

Matthias Kaehlcke May 4, 2022, 7:54 p.m. UTC
LoadPin limits loading of kernel modules, firmware and certain
other files to a 'pinned' file system (typically a read-only
rootfs). To provide more flexibility LoadPin is being extended
to also allow loading these files from trusted dm-verity
devices. For that purpose LoadPin can be provided with a list
of verity root digests that it should consider as trusted.

Add a bunch of helpers to allow LoadPin to check whether a DM
device is a trusted verity device. The new functions broadly
fall in two categories: those that need access to verity
internals (like the root digest), and the 'glue' between
LoadPin and verity. The new file dm-verity-loadpin.c contains
the glue functions.

Signed-off-by: Matthias Kaehlcke <mka@chromium.org>
---

Changes in v3:
- none

Changes in v2:
- none

 drivers/md/Makefile               |  6 +++
 drivers/md/dm-verity-loadpin.c    | 80 +++++++++++++++++++++++++++++++
 drivers/md/dm-verity-target.c     | 33 +++++++++++++
 drivers/md/dm-verity.h            |  4 ++
 include/linux/dm-verity-loadpin.h | 27 +++++++++++
 5 files changed, 150 insertions(+)
 create mode 100644 drivers/md/dm-verity-loadpin.c
 create mode 100644 include/linux/dm-verity-loadpin.h

Comments

Matthias Kaehlcke May 11, 2022, 8:54 p.m. UTC | #1
Alasdar/Mike, I'd be interested in your take on adding these functions
to verity/DM, to get an idea whether this series has a path forward to
landing upstream.

Thanks

Matthias

On Wed, May 04, 2022 at 12:54:17PM -0700, Matthias Kaehlcke wrote:
> LoadPin limits loading of kernel modules, firmware and certain
> other files to a 'pinned' file system (typically a read-only
> rootfs). To provide more flexibility LoadPin is being extended
> to also allow loading these files from trusted dm-verity
> devices. For that purpose LoadPin can be provided with a list
> of verity root digests that it should consider as trusted.
> 
> Add a bunch of helpers to allow LoadPin to check whether a DM
> device is a trusted verity device. The new functions broadly
> fall in two categories: those that need access to verity
> internals (like the root digest), and the 'glue' between
> LoadPin and verity. The new file dm-verity-loadpin.c contains
> the glue functions.
> 
> Signed-off-by: Matthias Kaehlcke <mka@chromium.org>
> ---
> 
> Changes in v3:
> - none
> 
> Changes in v2:
> - none
> 
>  drivers/md/Makefile               |  6 +++
>  drivers/md/dm-verity-loadpin.c    | 80 +++++++++++++++++++++++++++++++
>  drivers/md/dm-verity-target.c     | 33 +++++++++++++
>  drivers/md/dm-verity.h            |  4 ++
>  include/linux/dm-verity-loadpin.h | 27 +++++++++++
>  5 files changed, 150 insertions(+)
>  create mode 100644 drivers/md/dm-verity-loadpin.c
>  create mode 100644 include/linux/dm-verity-loadpin.h
> 
> diff --git a/drivers/md/Makefile b/drivers/md/Makefile
> index 0454b0885b01..e12cd004d375 100644
> --- a/drivers/md/Makefile
> +++ b/drivers/md/Makefile
> @@ -100,6 +100,12 @@ ifeq ($(CONFIG_IMA),y)
>  dm-mod-objs			+= dm-ima.o
>  endif
>  
> +ifeq ($(CONFIG_DM_VERITY),y)
> +ifeq ($(CONFIG_SECURITY_LOADPIN),y)
> +dm-mod-objs			+= dm-verity-loadpin.o
> +endif
> +endif
> +
>  ifeq ($(CONFIG_DM_VERITY_FEC),y)
>  dm-verity-objs			+= dm-verity-fec.o
>  endif
> diff --git a/drivers/md/dm-verity-loadpin.c b/drivers/md/dm-verity-loadpin.c
> new file mode 100644
> index 000000000000..972ca93a2231
> --- /dev/null
> +++ b/drivers/md/dm-verity-loadpin.c
> @@ -0,0 +1,80 @@
> +// SPDX-License-Identifier: GPL-2.0-only
> +
> +#include <linux/list.h>
> +#include <linux/kernel.h>
> +#include <linux/dm-verity-loadpin.h>
> +
> +#include "dm.h"
> +#include "dm-verity.h"
> +
> +static struct list_head *trusted_root_digests;
> +
> +/*
> + * Sets the root digests of verity devices which LoadPin considers as trusted.
> + *
> + * This function must only be called once.
> + */
> +void dm_verity_loadpin_set_trusted_root_digests(struct list_head *digests)
> +{
> +	if (!trusted_root_digests)
> +		trusted_root_digests = digests;
> +	else
> +		pr_warn("verity root digests trusted by LoadPin are already set!!!\n");
> +}
> +
> +static bool is_trusted_verity_target(struct dm_target *ti)
> +{
> +	u8 *root_digest;
> +	unsigned int digest_size;
> +	struct trusted_root_digest *trd;
> +	bool trusted = false;
> +
> +	if (!dm_is_verity_target(ti))
> +		return false;
> +
> +	if (dm_verity_get_root_digest(ti, &root_digest, &digest_size))
> +		return false;
> +
> +	list_for_each_entry(trd, trusted_root_digests, node) {
> +		if ((trd->len == digest_size) &&
> +		    !memcmp(trd->data, root_digest, digest_size)) {
> +			trusted = true;
> +			break;
> +		}
> +	}
> +
> +	kfree(root_digest);
> +
> +	return trusted;
> +}
> +
> +/*
> + * Determines whether a mapped device is a verity device that is trusted
> + * by LoadPin.
> + */
> +bool dm_verity_loadpin_is_md_trusted(struct mapped_device *md)
> +{
> +	int srcu_idx;
> +	struct dm_table *table;
> +	unsigned int num_targets;
> +	bool trusted = false;
> +	int i;
> +
> +	if (!trusted_root_digests || list_empty(trusted_root_digests))
> +		return false;
> +
> +	table = dm_get_live_table(md, &srcu_idx);
> +	num_targets = dm_table_get_num_targets(table);
> +	for (i = 0; i < num_targets; i++) {
> +		struct dm_target *ti = dm_table_get_target(table, i);
> +
> +		if (is_trusted_verity_target(ti)) {
> +			trusted = true;
> +			break;
> +		}
> +	}
> +
> +	dm_put_live_table(md, srcu_idx);
> +
> +	return trusted;
> +}
> diff --git a/drivers/md/dm-verity-target.c b/drivers/md/dm-verity-target.c
> index 80133aae0db3..6f07b849fcb2 100644
> --- a/drivers/md/dm-verity-target.c
> +++ b/drivers/md/dm-verity-target.c
> @@ -19,6 +19,7 @@
>  #include <linux/module.h>
>  #include <linux/reboot.h>
>  #include <linux/scatterlist.h>
> +#include <linux/string.h>
>  
>  #define DM_MSG_PREFIX			"verity"
>  
> @@ -1310,6 +1311,38 @@ static int verity_ctr(struct dm_target *ti, unsigned argc, char **argv)
>  	return r;
>  }
>  
> +/*
> + * Check whether a DM target is a verity target.
> + */
> +bool dm_is_verity_target(struct dm_target *ti)
> +{
> +	return ti->type->module == THIS_MODULE;
> +}
> +EXPORT_SYMBOL_GPL(dm_is_verity_target);
> +
> +/*
> + * Get the root digest of a verity target.
> + *
> + * Returns a copy of the root digest, the caller is responsible for
> + * freeing the memory of the digest.
> + */
> +int dm_verity_get_root_digest(struct dm_target *ti, u8 **root_digest, unsigned int *digest_size)
> +{
> +	struct dm_verity *v = ti->private;
> +
> +	if (!dm_is_verity_target(ti))
> +		return -EINVAL;
> +
> +	*root_digest = kmemdup(v->root_digest, v->digest_size, GFP_KERNEL);
> +	if (*root_digest == NULL)
> +		return -ENOMEM;
> +
> +	*digest_size = v->digest_size;
> +
> +	return 0;
> +}
> +EXPORT_SYMBOL_GPL(dm_verity_get_root_digest);
> +
>  static struct target_type verity_target = {
>  	.name		= "verity",
>  	.version	= {1, 8, 0},
> diff --git a/drivers/md/dm-verity.h b/drivers/md/dm-verity.h
> index 4e769d13473a..c832cc3e3d24 100644
> --- a/drivers/md/dm-verity.h
> +++ b/drivers/md/dm-verity.h
> @@ -129,4 +129,8 @@ extern int verity_hash(struct dm_verity *v, struct ahash_request *req,
>  extern int verity_hash_for_block(struct dm_verity *v, struct dm_verity_io *io,
>  				 sector_t block, u8 *digest, bool *is_zero);
>  
> +extern bool dm_is_verity_target(struct dm_target *ti);
> +extern int dm_verity_get_root_digest(struct dm_target *ti, u8 **root_digest,
> +				     unsigned int *digest_size);
> +
>  #endif /* DM_VERITY_H */
> diff --git a/include/linux/dm-verity-loadpin.h b/include/linux/dm-verity-loadpin.h
> new file mode 100644
> index 000000000000..12a86911d05a
> --- /dev/null
> +++ b/include/linux/dm-verity-loadpin.h
> @@ -0,0 +1,27 @@
> +/* SPDX-License-Identifier: GPL-2.0 */
> +
> +#ifndef __LINUX_DM_VERITY_LOADPIN_H
> +#define __LINUX_DM_VERITY_LOADPIN_H
> +
> +#include <linux/list.h>
> +
> +struct mapped_device;
> +
> +struct trusted_root_digest {
> +	u8 *data;
> +	unsigned int len;
> +	struct list_head node;
> +};
> +
> +#if IS_ENABLED(CONFIG_SECURITY_LOADPIN) && IS_BUILTIN(CONFIG_DM_VERITY)
> +void dm_verity_loadpin_set_trusted_root_digests(struct list_head *digests);
> +bool dm_verity_loadpin_is_md_trusted(struct mapped_device *md);
> +#else
> +static inline void dm_verity_loadpin_set_trusted_root_digests(struct list_head *digests) {}
> +static inline bool dm_verity_loadpin_is_md_trusted(struct mapped_device *md)
> +{
> +	return false;
> +}
> +#endif
> +
> +#endif /* __LINUX_DM_LOADPIN_H */
> -- 
> 2.36.0.464.gb9c8b46e94-goog
>
Mike Snitzer May 12, 2022, 5:19 p.m. UTC | #2
On Wed, May 11 2022 at  4:54P -0400,
Matthias Kaehlcke <mka@chromium.org> wrote:

> Alasdar/Mike, I'd be interested in your take on adding these functions
> to verity/DM, to get an idea whether this series has a path forward to
> landing upstream.

I'll be reviewing your patchset now. Comments inlined below.

> On Wed, May 04, 2022 at 12:54:17PM -0700, Matthias Kaehlcke wrote:
> > LoadPin limits loading of kernel modules, firmware and certain
> > other files to a 'pinned' file system (typically a read-only
> > rootfs). To provide more flexibility LoadPin is being extended
> > to also allow loading these files from trusted dm-verity
> > devices. For that purpose LoadPin can be provided with a list
> > of verity root digests that it should consider as trusted.
> > 
> > Add a bunch of helpers to allow LoadPin to check whether a DM
> > device is a trusted verity device. The new functions broadly
> > fall in two categories: those that need access to verity
> > internals (like the root digest), and the 'glue' between
> > LoadPin and verity. The new file dm-verity-loadpin.c contains
> > the glue functions.
> > 
> > Signed-off-by: Matthias Kaehlcke <mka@chromium.org>
> > ---
> > 
> > Changes in v3:
> > - none
> > 
> > Changes in v2:
> > - none
> > 
> >  drivers/md/Makefile               |  6 +++
> >  drivers/md/dm-verity-loadpin.c    | 80 +++++++++++++++++++++++++++++++
> >  drivers/md/dm-verity-target.c     | 33 +++++++++++++
> >  drivers/md/dm-verity.h            |  4 ++
> >  include/linux/dm-verity-loadpin.h | 27 +++++++++++
> >  5 files changed, 150 insertions(+)
> >  create mode 100644 drivers/md/dm-verity-loadpin.c
> >  create mode 100644 include/linux/dm-verity-loadpin.h
> > 
> > diff --git a/drivers/md/Makefile b/drivers/md/Makefile
> > index 0454b0885b01..e12cd004d375 100644
> > --- a/drivers/md/Makefile
> > +++ b/drivers/md/Makefile
> > @@ -100,6 +100,12 @@ ifeq ($(CONFIG_IMA),y)
> >  dm-mod-objs			+= dm-ima.o
> >  endif
> >  
> > +ifeq ($(CONFIG_DM_VERITY),y)
> > +ifeq ($(CONFIG_SECURITY_LOADPIN),y)
> > +dm-mod-objs			+= dm-verity-loadpin.o
> > +endif
> > +endif
> > +

Why are you extending dm-mod-objs?  Why not dm-verity-objs?

> >  ifeq ($(CONFIG_DM_VERITY_FEC),y)
> >  dm-verity-objs			+= dm-verity-fec.o
> >  endif
> > diff --git a/drivers/md/dm-verity-loadpin.c b/drivers/md/dm-verity-loadpin.c
> > new file mode 100644
> > index 000000000000..972ca93a2231
> > --- /dev/null
> > +++ b/drivers/md/dm-verity-loadpin.c
> > @@ -0,0 +1,80 @@
> > +// SPDX-License-Identifier: GPL-2.0-only
> > +
> > +#include <linux/list.h>
> > +#include <linux/kernel.h>
> > +#include <linux/dm-verity-loadpin.h>
> > +
> > +#include "dm.h"
> > +#include "dm-verity.h"
> > +
> > +static struct list_head *trusted_root_digests;
> > +
> > +/*
> > + * Sets the root digests of verity devices which LoadPin considers as trusted.
> > + *
> > + * This function must only be called once.
> > + */
> > +void dm_verity_loadpin_set_trusted_root_digests(struct list_head *digests)
> > +{
> > +	if (!trusted_root_digests)
> > +		trusted_root_digests = digests;
> > +	else
> > +		pr_warn("verity root digests trusted by LoadPin are already set!!!\n");
> > +}

Would prefer you set a DM_MSG_PREFIX and use DMWARN() instead.

You never explicitly initialize trusted_root_digests to NULL.

Also, I'll have to look at the caller(s), but without locking this
branching is racey.

> > +
> > +static bool is_trusted_verity_target(struct dm_target *ti)
> > +{
> > +	u8 *root_digest;
> > +	unsigned int digest_size;
> > +	struct trusted_root_digest *trd;
> > +	bool trusted = false;
> > +
> > +	if (!dm_is_verity_target(ti))
> > +		return false;
> > +
> > +	if (dm_verity_get_root_digest(ti, &root_digest, &digest_size))
> > +		return false;
> > +
> > +	list_for_each_entry(trd, trusted_root_digests, node) {
> > +		if ((trd->len == digest_size) &&
> > +		    !memcmp(trd->data, root_digest, digest_size)) {
> > +			trusted = true;
> > +			break;
> > +		}
> > +	}
> > +
> > +	kfree(root_digest);
> > +
> > +	return trusted;
> > +}
> > +
> > +/*
> > + * Determines whether a mapped device is a verity device that is trusted
> > + * by LoadPin.
> > + */
> > +bool dm_verity_loadpin_is_md_trusted(struct mapped_device *md)
> > +{
> > +	int srcu_idx;
> > +	struct dm_table *table;
> > +	unsigned int num_targets;
> > +	bool trusted = false;
> > +	int i;
> > +
> > +	if (!trusted_root_digests || list_empty(trusted_root_digests))
> > +		return false;

Again, where is the locking to protect trusted_root_digests?

> > +	table = dm_get_live_table(md, &srcu_idx);
> > +	num_targets = dm_table_get_num_targets(table);
> > +	for (i = 0; i < num_targets; i++) {
> > +		struct dm_target *ti = dm_table_get_target(table, i);
> > +
> > +		if (is_trusted_verity_target(ti)) {
> > +			trusted = true;
> > +			break;
> > +		}
> > +	}
> > +
> > +	dm_put_live_table(md, srcu_idx);
> > +
> > +	return trusted;
> > +}
> > diff --git a/drivers/md/dm-verity-target.c b/drivers/md/dm-verity-target.c
> > index 80133aae0db3..6f07b849fcb2 100644
> > --- a/drivers/md/dm-verity-target.c
> > +++ b/drivers/md/dm-verity-target.c
> > @@ -19,6 +19,7 @@
> >  #include <linux/module.h>
> >  #include <linux/reboot.h>
> >  #include <linux/scatterlist.h>
> > +#include <linux/string.h>
> >  
> >  #define DM_MSG_PREFIX			"verity"
> >  
> > @@ -1310,6 +1311,38 @@ static int verity_ctr(struct dm_target *ti, unsigned argc, char **argv)
> >  	return r;
> >  }
> >  
> > +/*
> > + * Check whether a DM target is a verity target.
> > + */
> > +bool dm_is_verity_target(struct dm_target *ti)
> > +{
> > +	return ti->type->module == THIS_MODULE;
> > +}
> > +EXPORT_SYMBOL_GPL(dm_is_verity_target);
> > +
> > +/*
> > + * Get the root digest of a verity target.
> > + *
> > + * Returns a copy of the root digest, the caller is responsible for
> > + * freeing the memory of the digest.
> > + */
> > +int dm_verity_get_root_digest(struct dm_target *ti, u8 **root_digest, unsigned int *digest_size)
> > +{
> > +	struct dm_verity *v = ti->private;
> > +
> > +	if (!dm_is_verity_target(ti))
> > +		return -EINVAL;
> > +
> > +	*root_digest = kmemdup(v->root_digest, v->digest_size, GFP_KERNEL);
> > +	if (*root_digest == NULL)
> > +		return -ENOMEM;
> > +
> > +	*digest_size = v->digest_size;
> > +
> > +	return 0;
> > +}
> > +EXPORT_SYMBOL_GPL(dm_verity_get_root_digest);
> > +
> >  static struct target_type verity_target = {
> >  	.name		= "verity",
> >  	.version	= {1, 8, 0},
> > diff --git a/drivers/md/dm-verity.h b/drivers/md/dm-verity.h
> > index 4e769d13473a..c832cc3e3d24 100644
> > --- a/drivers/md/dm-verity.h
> > +++ b/drivers/md/dm-verity.h
> > @@ -129,4 +129,8 @@ extern int verity_hash(struct dm_verity *v, struct ahash_request *req,
> >  extern int verity_hash_for_block(struct dm_verity *v, struct dm_verity_io *io,
> >  				 sector_t block, u8 *digest, bool *is_zero);
> >  
> > +extern bool dm_is_verity_target(struct dm_target *ti);
> > +extern int dm_verity_get_root_digest(struct dm_target *ti, u8 **root_digest,
> > +				     unsigned int *digest_size);
> > +
> >  #endif /* DM_VERITY_H */
> > diff --git a/include/linux/dm-verity-loadpin.h b/include/linux/dm-verity-loadpin.h
> > new file mode 100644
> > index 000000000000..12a86911d05a
> > --- /dev/null
> > +++ b/include/linux/dm-verity-loadpin.h
> > @@ -0,0 +1,27 @@
> > +/* SPDX-License-Identifier: GPL-2.0 */
> > +
> > +#ifndef __LINUX_DM_VERITY_LOADPIN_H
> > +#define __LINUX_DM_VERITY_LOADPIN_H
> > +
> > +#include <linux/list.h>
> > +
> > +struct mapped_device;
> > +
> > +struct trusted_root_digest {
> > +	u8 *data;
> > +	unsigned int len;
> > +	struct list_head node;
> > +};
> > +
> > +#if IS_ENABLED(CONFIG_SECURITY_LOADPIN) && IS_BUILTIN(CONFIG_DM_VERITY)
> > +void dm_verity_loadpin_set_trusted_root_digests(struct list_head *digests);
> > +bool dm_verity_loadpin_is_md_trusted(struct mapped_device *md);
> > +#else
> > +static inline void dm_verity_loadpin_set_trusted_root_digests(struct list_head *digests) {}
> > +static inline bool dm_verity_loadpin_is_md_trusted(struct mapped_device *md)
> > +{
> > +	return false;
> > +}
> > +#endif
> > +
> > +#endif /* __LINUX_DM_LOADPIN_H */
> > -- 
> > 2.36.0.464.gb9c8b46e94-goog
> > 
>
Matthias Kaehlcke May 12, 2022, 6:14 p.m. UTC | #3
Hi Mike,

On Thu, May 12, 2022 at 01:19:12PM -0400, Mike Snitzer wrote:
> On Wed, May 11 2022 at  4:54P -0400,
> Matthias Kaehlcke <mka@chromium.org> wrote:
> 
> > Alasdar/Mike, I'd be interested in your take on adding these functions
> > to verity/DM, to get an idea whether this series has a path forward to
> > landing upstream.
> 
> I'll be reviewing your patchset now. Comments inlined below.

Thanks for the review!

> > On Wed, May 04, 2022 at 12:54:17PM -0700, Matthias Kaehlcke wrote:
> > > LoadPin limits loading of kernel modules, firmware and certain
> > > other files to a 'pinned' file system (typically a read-only
> > > rootfs). To provide more flexibility LoadPin is being extended
> > > to also allow loading these files from trusted dm-verity
> > > devices. For that purpose LoadPin can be provided with a list
> > > of verity root digests that it should consider as trusted.
> > > 
> > > Add a bunch of helpers to allow LoadPin to check whether a DM
> > > device is a trusted verity device. The new functions broadly
> > > fall in two categories: those that need access to verity
> > > internals (like the root digest), and the 'glue' between
> > > LoadPin and verity. The new file dm-verity-loadpin.c contains
> > > the glue functions.
> > > 
> > > Signed-off-by: Matthias Kaehlcke <mka@chromium.org>
> > > ---
> > > 
> > > Changes in v3:
> > > - none
> > > 
> > > Changes in v2:
> > > - none
> > > 
> > >  drivers/md/Makefile               |  6 +++
> > >  drivers/md/dm-verity-loadpin.c    | 80 +++++++++++++++++++++++++++++++
> > >  drivers/md/dm-verity-target.c     | 33 +++++++++++++
> > >  drivers/md/dm-verity.h            |  4 ++
> > >  include/linux/dm-verity-loadpin.h | 27 +++++++++++
> > >  5 files changed, 150 insertions(+)
> > >  create mode 100644 drivers/md/dm-verity-loadpin.c
> > >  create mode 100644 include/linux/dm-verity-loadpin.h
> > > 
> > > diff --git a/drivers/md/Makefile b/drivers/md/Makefile
> > > index 0454b0885b01..e12cd004d375 100644
> > > --- a/drivers/md/Makefile
> > > +++ b/drivers/md/Makefile
> > > @@ -100,6 +100,12 @@ ifeq ($(CONFIG_IMA),y)
> > >  dm-mod-objs			+= dm-ima.o
> > >  endif
> > >  
> > > +ifeq ($(CONFIG_DM_VERITY),y)
> > > +ifeq ($(CONFIG_SECURITY_LOADPIN),y)
> > > +dm-mod-objs			+= dm-verity-loadpin.o
> > > +endif
> > > +endif
> > > +
> 
> Why are you extending dm-mod-objs?  Why not dm-verity-objs?
> 
> > >  ifeq ($(CONFIG_DM_VERITY_FEC),y)
> > >  dm-verity-objs			+= dm-verity-fec.o
> > >  endif
> > > diff --git a/drivers/md/dm-verity-loadpin.c b/drivers/md/dm-verity-loadpin.c
> > > new file mode 100644
> > > index 000000000000..972ca93a2231
> > > --- /dev/null
> > > +++ b/drivers/md/dm-verity-loadpin.c
> > > @@ -0,0 +1,80 @@
> > > +// SPDX-License-Identifier: GPL-2.0-only
> > > +
> > > +#include <linux/list.h>
> > > +#include <linux/kernel.h>
> > > +#include <linux/dm-verity-loadpin.h>
> > > +
> > > +#include "dm.h"
> > > +#include "dm-verity.h"
> > > +
> > > +static struct list_head *trusted_root_digests;
> > > +
> > > +/*
> > > + * Sets the root digests of verity devices which LoadPin considers as trusted.
> > > + *
> > > + * This function must only be called once.
> > > + */
> > > +void dm_verity_loadpin_set_trusted_root_digests(struct list_head *digests)
> > > +{
> > > +	if (!trusted_root_digests)
> > > +		trusted_root_digests = digests;
> > > +	else
> > > +		pr_warn("verity root digests trusted by LoadPin are already set!!!\n");
> > > +}
> 
> Would prefer you set a DM_MSG_PREFIX and use DMWARN() instead.

Sure, I'll change it to DMWARN().

> You never explicitly initialize trusted_root_digests to NULL.

That's what I had initially, however checkpatch didn't like it:

ERROR: do not initialise statics to NULL
#70: FILE: drivers/md/dm-verity-loadpin.c:10:
+static struct list_head *trusted_root_digests = NULL;

So I removed it.

> Also, I'll have to look at the caller(s), but without locking this
> branching is racey.

The list of trusted root digests can only be set once and is never
cleared. So if it is not set there is nothing to do, and if it is
set the list is immutable. We are trusting the caller to adhere to
that 'contract' and partially enforce it in dm_verity_loadpin_set_trusted_root_digests()
With that do you still think locking is needed?

> > > +
> > > +static bool is_trusted_verity_target(struct dm_target *ti)
> > > +{
> > > +	u8 *root_digest;
> > > +	unsigned int digest_size;
> > > +	struct trusted_root_digest *trd;
> > > +	bool trusted = false;
> > > +
> > > +	if (!dm_is_verity_target(ti))
> > > +		return false;
> > > +
> > > +	if (dm_verity_get_root_digest(ti, &root_digest, &digest_size))
> > > +		return false;
> > > +
> > > +	list_for_each_entry(trd, trusted_root_digests, node) {
> > > +		if ((trd->len == digest_size) &&
> > > +		    !memcmp(trd->data, root_digest, digest_size)) {
> > > +			trusted = true;
> > > +			break;
> > > +		}
> > > +	}
> > > +
> > > +	kfree(root_digest);
> > > +
> > > +	return trusted;
> > > +}
> > > +
> > > +/*
> > > + * Determines whether a mapped device is a verity device that is trusted
> > > + * by LoadPin.
> > > + */
> > > +bool dm_verity_loadpin_is_md_trusted(struct mapped_device *md)
> > > +{
> > > +	int srcu_idx;
> > > +	struct dm_table *table;
> > > +	unsigned int num_targets;
> > > +	bool trusted = false;
> > > +	int i;
> > > +
> > > +	if (!trusted_root_digests || list_empty(trusted_root_digests))
> > > +		return false;
> 
> Again, where is the locking to protect trusted_root_digests?

See above
Matthias Kaehlcke May 12, 2022, 8:44 p.m. UTC | #4
On Thu, May 12, 2022 at 01:19:12PM -0400, Mike Snitzer wrote:
> On Wed, May 11 2022 at  4:54P -0400,
> Matthias Kaehlcke <mka@chromium.org> wrote:
> 
> > Alasdar/Mike, I'd be interested in your take on adding these functions
> > to verity/DM, to get an idea whether this series has a path forward to
> > landing upstream.
> 
> I'll be reviewing your patchset now. Comments inlined below.
> 
> > On Wed, May 04, 2022 at 12:54:17PM -0700, Matthias Kaehlcke wrote:
> > > LoadPin limits loading of kernel modules, firmware and certain
> > > other files to a 'pinned' file system (typically a read-only
> > > rootfs). To provide more flexibility LoadPin is being extended
> > > to also allow loading these files from trusted dm-verity
> > > devices. For that purpose LoadPin can be provided with a list
> > > of verity root digests that it should consider as trusted.
> > > 
> > > Add a bunch of helpers to allow LoadPin to check whether a DM
> > > device is a trusted verity device. The new functions broadly
> > > fall in two categories: those that need access to verity
> > > internals (like the root digest), and the 'glue' between
> > > LoadPin and verity. The new file dm-verity-loadpin.c contains
> > > the glue functions.
> > > 
> > > Signed-off-by: Matthias Kaehlcke <mka@chromium.org>
> > > ---
> > > 
> > > Changes in v3:
> > > - none
> > > 
> > > Changes in v2:
> > > - none
> > > 
> > >  drivers/md/Makefile               |  6 +++
> > >  drivers/md/dm-verity-loadpin.c    | 80 +++++++++++++++++++++++++++++++
> > >  drivers/md/dm-verity-target.c     | 33 +++++++++++++
> > >  drivers/md/dm-verity.h            |  4 ++
> > >  include/linux/dm-verity-loadpin.h | 27 +++++++++++
> > >  5 files changed, 150 insertions(+)
> > >  create mode 100644 drivers/md/dm-verity-loadpin.c
> > >  create mode 100644 include/linux/dm-verity-loadpin.h
> > > 
> > > diff --git a/drivers/md/Makefile b/drivers/md/Makefile
> > > index 0454b0885b01..e12cd004d375 100644
> > > --- a/drivers/md/Makefile
> > > +++ b/drivers/md/Makefile
> > > @@ -100,6 +100,12 @@ ifeq ($(CONFIG_IMA),y)
> > >  dm-mod-objs			+= dm-ima.o
> > >  endif
> > >  
> > > +ifeq ($(CONFIG_DM_VERITY),y)
> > > +ifeq ($(CONFIG_SECURITY_LOADPIN),y)
> > > +dm-mod-objs			+= dm-verity-loadpin.o
> > > +endif
> > > +endif
> > > +
> 
> Why are you extending dm-mod-objs?  Why not dm-verity-objs?

Sorry, I missed to address this comment in my earlier reply.

I don't recall why I chose dm-mod-objs initially, agreed that
dm-verity-objs seems a better fit.
Mike Snitzer May 13, 2022, 4:29 p.m. UTC | #5
On Thu, May 12 2022 at  4:44P -0400,
Matthias Kaehlcke <mka@chromium.org> wrote:

> On Thu, May 12, 2022 at 01:19:12PM -0400, Mike Snitzer wrote:
> > On Wed, May 11 2022 at  4:54P -0400,
> > Matthias Kaehlcke <mka@chromium.org> wrote:
> > 
> > > Alasdar/Mike, I'd be interested in your take on adding these functions
> > > to verity/DM, to get an idea whether this series has a path forward to
> > > landing upstream.
> > 
> > I'll be reviewing your patchset now. Comments inlined below.
> > 
> > > On Wed, May 04, 2022 at 12:54:17PM -0700, Matthias Kaehlcke wrote:
> > > > LoadPin limits loading of kernel modules, firmware and certain
> > > > other files to a 'pinned' file system (typically a read-only
> > > > rootfs). To provide more flexibility LoadPin is being extended
> > > > to also allow loading these files from trusted dm-verity
> > > > devices. For that purpose LoadPin can be provided with a list
> > > > of verity root digests that it should consider as trusted.
> > > > 
> > > > Add a bunch of helpers to allow LoadPin to check whether a DM
> > > > device is a trusted verity device. The new functions broadly
> > > > fall in two categories: those that need access to verity
> > > > internals (like the root digest), and the 'glue' between
> > > > LoadPin and verity. The new file dm-verity-loadpin.c contains
> > > > the glue functions.
> > > > 
> > > > Signed-off-by: Matthias Kaehlcke <mka@chromium.org>
> > > > ---
> > > > 
> > > > Changes in v3:
> > > > - none
> > > > 
> > > > Changes in v2:
> > > > - none
> > > > 
> > > >  drivers/md/Makefile               |  6 +++
> > > >  drivers/md/dm-verity-loadpin.c    | 80 +++++++++++++++++++++++++++++++
> > > >  drivers/md/dm-verity-target.c     | 33 +++++++++++++
> > > >  drivers/md/dm-verity.h            |  4 ++
> > > >  include/linux/dm-verity-loadpin.h | 27 +++++++++++
> > > >  5 files changed, 150 insertions(+)
> > > >  create mode 100644 drivers/md/dm-verity-loadpin.c
> > > >  create mode 100644 include/linux/dm-verity-loadpin.h
> > > > 
> > > > diff --git a/drivers/md/Makefile b/drivers/md/Makefile
> > > > index 0454b0885b01..e12cd004d375 100644
> > > > --- a/drivers/md/Makefile
> > > > +++ b/drivers/md/Makefile
> > > > @@ -100,6 +100,12 @@ ifeq ($(CONFIG_IMA),y)
> > > >  dm-mod-objs			+= dm-ima.o
> > > >  endif
> > > >  
> > > > +ifeq ($(CONFIG_DM_VERITY),y)
> > > > +ifeq ($(CONFIG_SECURITY_LOADPIN),y)
> > > > +dm-mod-objs			+= dm-verity-loadpin.o
> > > > +endif
> > > > +endif
> > > > +
> > 
> > Why are you extending dm-mod-objs?  Why not dm-verity-objs?
> 
> Sorry, I missed to address this comment in my earlier reply.
> 
> I don't recall why I chose dm-mod-objs initially, agreed that
> dm-verity-objs seems a better fit.

Yes, should be fixed even though the 3rd patch removes this change.

BTW, looking at the 2nd patch's loadpin_is_fs_trusted().  Seems to me
you'd do well to pass a 'struct block_device *' to a DM helper rather
than force security/loadpin/loadpin.c to mess around with DM device
refcounting, etc.
Matthias Kaehlcke May 13, 2022, 4:53 p.m. UTC | #6
On Fri, May 13, 2022 at 12:29:29PM -0400, Mike Snitzer wrote:
> On Thu, May 12 2022 at  4:44P -0400,
> Matthias Kaehlcke <mka@chromium.org> wrote:
> 
> > On Thu, May 12, 2022 at 01:19:12PM -0400, Mike Snitzer wrote:
> > > On Wed, May 11 2022 at  4:54P -0400,
> > > Matthias Kaehlcke <mka@chromium.org> wrote:
> > > 
> > > > Alasdar/Mike, I'd be interested in your take on adding these functions
> > > > to verity/DM, to get an idea whether this series has a path forward to
> > > > landing upstream.
> > > 
> > > I'll be reviewing your patchset now. Comments inlined below.
> > > 
> > > > On Wed, May 04, 2022 at 12:54:17PM -0700, Matthias Kaehlcke wrote:
> > > > > LoadPin limits loading of kernel modules, firmware and certain
> > > > > other files to a 'pinned' file system (typically a read-only
> > > > > rootfs). To provide more flexibility LoadPin is being extended
> > > > > to also allow loading these files from trusted dm-verity
> > > > > devices. For that purpose LoadPin can be provided with a list
> > > > > of verity root digests that it should consider as trusted.
> > > > > 
> > > > > Add a bunch of helpers to allow LoadPin to check whether a DM
> > > > > device is a trusted verity device. The new functions broadly
> > > > > fall in two categories: those that need access to verity
> > > > > internals (like the root digest), and the 'glue' between
> > > > > LoadPin and verity. The new file dm-verity-loadpin.c contains
> > > > > the glue functions.
> > > > > 
> > > > > Signed-off-by: Matthias Kaehlcke <mka@chromium.org>
> > > > > ---
> > > > > 
> > > > > Changes in v3:
> > > > > - none
> > > > > 
> > > > > Changes in v2:
> > > > > - none
> > > > > 
> > > > >  drivers/md/Makefile               |  6 +++
> > > > >  drivers/md/dm-verity-loadpin.c    | 80 +++++++++++++++++++++++++++++++
> > > > >  drivers/md/dm-verity-target.c     | 33 +++++++++++++
> > > > >  drivers/md/dm-verity.h            |  4 ++
> > > > >  include/linux/dm-verity-loadpin.h | 27 +++++++++++
> > > > >  5 files changed, 150 insertions(+)
> > > > >  create mode 100644 drivers/md/dm-verity-loadpin.c
> > > > >  create mode 100644 include/linux/dm-verity-loadpin.h
> > > > > 
> > > > > diff --git a/drivers/md/Makefile b/drivers/md/Makefile
> > > > > index 0454b0885b01..e12cd004d375 100644
> > > > > --- a/drivers/md/Makefile
> > > > > +++ b/drivers/md/Makefile
> > > > > @@ -100,6 +100,12 @@ ifeq ($(CONFIG_IMA),y)
> > > > >  dm-mod-objs			+= dm-ima.o
> > > > >  endif
> > > > >  
> > > > > +ifeq ($(CONFIG_DM_VERITY),y)
> > > > > +ifeq ($(CONFIG_SECURITY_LOADPIN),y)
> > > > > +dm-mod-objs			+= dm-verity-loadpin.o
> > > > > +endif
> > > > > +endif
> > > > > +
> > > 
> > > Why are you extending dm-mod-objs?  Why not dm-verity-objs?
> > 
> > Sorry, I missed to address this comment in my earlier reply.
> > 
> > I don't recall why I chose dm-mod-objs initially, agreed that
> > dm-verity-objs seems a better fit.
> 
> Yes, should be fixed even though the 3rd patch removes this change.

Sure

> BTW, looking at the 2nd patch's loadpin_is_fs_trusted().  Seems to me
> you'd do well to pass a 'struct block_device *' to a DM helper rather
> than force security/loadpin/loadpin.c to mess around with DM device
> refcounting, etc.

Sounds good to me. Thanks for the suggestion!
Kees Cook May 13, 2022, 10:15 p.m. UTC | #7
On May 4, 2022 12:54:17 PM PDT, Matthias Kaehlcke <mka@chromium.org> wrote:
>LoadPin limits loading of kernel modules, firmware and certain
>other files to a 'pinned' file system (typically a read-only
>rootfs). To provide more flexibility LoadPin is being extended
>to also allow loading these files from trusted dm-verity
>devices. For that purpose LoadPin can be provided with a list
>of verity root digests that it should consider as trusted.
>
>Add a bunch of helpers to allow LoadPin to check whether a DM
>device is a trusted verity device. The new functions broadly
>fall in two categories: those that need access to verity
>internals (like the root digest), and the 'glue' between
>LoadPin and verity. The new file dm-verity-loadpin.c contains
>the glue functions.
>
>Signed-off-by: Matthias Kaehlcke <mka@chromium.org>
> [...]
>diff --git a/drivers/md/dm-verity-loadpin.c b/drivers/md/dm-verity-loadpin.c
>new file mode 100644
>index 000000000000..972ca93a2231
>--- /dev/null
>+++ b/drivers/md/dm-verity-loadpin.c
>@@ -0,0 +1,80 @@
>+// SPDX-License-Identifier: GPL-2.0-only
>+
>+#include <linux/list.h>
>+#include <linux/kernel.h>
>+#include <linux/dm-verity-loadpin.h>
>+
>+#include "dm.h"
>+#include "dm-verity.h"
>+
>+static struct list_head *trusted_root_digests;

Does this need to exist in two places? (i.e. why can't dm and loadpin share this instead of needing dm_verity_loadpin_set_trusted_digests()?)

>+
>+/*
>+ * Sets the root digests of verity devices which LoadPin considers as trusted.
>+ *
>+ * This function must only be called once.
>+ */
>+void dm_verity_loadpin_set_trusted_root_digests(struct list_head *digests)
>+{
>+	if (!trusted_root_digests)
>+		trusted_root_digests = digests;
>+	else
>+		pr_warn("verity root digests trusted by LoadPin are already set!!!\n");
>+}
>+
>+static bool is_trusted_verity_target(struct dm_target *ti)
>+{
>+	u8 *root_digest;
>+	unsigned int digest_size;
>+	struct trusted_root_digest *trd;
>+	bool trusted = false;
>+
>+	if (!dm_is_verity_target(ti))
>+		return false;
>+
>+	if (dm_verity_get_root_digest(ti, &root_digest, &digest_size))
>+		return false;
>+
>+	list_for_each_entry(trd, trusted_root_digests, node) {
>+		if ((trd->len == digest_size) &&
>+		    !memcmp(trd->data, root_digest, digest_size)) {
>+			trusted = true;
>+			break;
>+		}
>+	}
>+
>+	kfree(root_digest);
>+
>+	return trusted;
>+}
>+
>+/*
>+ * Determines whether a mapped device is a verity device that is trusted
>+ * by LoadPin.
>+ */
>+bool dm_verity_loadpin_is_md_trusted(struct mapped_device *md)
>+{
>+	int srcu_idx;
>+	struct dm_table *table;
>+	unsigned int num_targets;
>+	bool trusted = false;
>+	int i;
>+
>+	if (!trusted_root_digests || list_empty(trusted_root_digests))
>+		return false;
>+
>+	table = dm_get_live_table(md, &srcu_idx);
>+	num_targets = dm_table_get_num_targets(table);
>+	for (i = 0; i < num_targets; i++) {
>+		struct dm_target *ti = dm_table_get_target(table, i);
>+
>+		if (is_trusted_verity_target(ti)) {
>+			trusted = true;
>+			break;
>+		}
>+	}

Pardon my lack of dm vocabulary, but what is "target" vs "table" here? I was only thinking of "whole device", so I must not understand what this is examining.

> [...]
>diff --git a/include/linux/dm-verity-loadpin.h b/include/linux/dm-verity-loadpin.h
>new file mode 100644
>index 000000000000..12a86911d05a
>--- /dev/null
>+++ b/include/linux/dm-verity-loadpin.h
>@@ -0,0 +1,27 @@
>+/* SPDX-License-Identifier: GPL-2.0 */
>+
>+#ifndef __LINUX_DM_VERITY_LOADPIN_H
>+#define __LINUX_DM_VERITY_LOADPIN_H
>+
>+#include <linux/list.h>
>+
>+struct mapped_device;
>+
>+struct trusted_root_digest {
>+	u8 *data;
>+	unsigned int len;
>+	struct list_head node;
>+};

To avoid the double-alloc in patch 2 (and save 1 pointer size of memory), this could just be:

struct trusted_root_digest {
	struct list_head node;
	unsigned int len;
	u8 data[];
};

Otherwise, looks good to me!
Matthias Kaehlcke May 16, 2022, 6:51 p.m. UTC | #8
On Fri, May 13, 2022 at 03:15:53PM -0700, Kees Cook wrote:
> 
> 
> On May 4, 2022 12:54:17 PM PDT, Matthias Kaehlcke <mka@chromium.org> wrote:
> >LoadPin limits loading of kernel modules, firmware and certain
> >other files to a 'pinned' file system (typically a read-only
> >rootfs). To provide more flexibility LoadPin is being extended
> >to also allow loading these files from trusted dm-verity
> >devices. For that purpose LoadPin can be provided with a list
> >of verity root digests that it should consider as trusted.
> >
> >Add a bunch of helpers to allow LoadPin to check whether a DM
> >device is a trusted verity device. The new functions broadly
> >fall in two categories: those that need access to verity
> >internals (like the root digest), and the 'glue' between
> >LoadPin and verity. The new file dm-verity-loadpin.c contains
> >the glue functions.
> >
> >Signed-off-by: Matthias Kaehlcke <mka@chromium.org>
> > [...]
> >diff --git a/drivers/md/dm-verity-loadpin.c b/drivers/md/dm-verity-loadpin.c
> >new file mode 100644
> >index 000000000000..972ca93a2231
> >--- /dev/null
> >+++ b/drivers/md/dm-verity-loadpin.c
> >@@ -0,0 +1,80 @@
> >+// SPDX-License-Identifier: GPL-2.0-only
> >+
> >+#include <linux/list.h>
> >+#include <linux/kernel.h>
> >+#include <linux/dm-verity-loadpin.h>
> >+
> >+#include "dm.h"
> >+#include "dm-verity.h"
> >+
> >+static struct list_head *trusted_root_digests;
> 
> Does this need to exist in two places? (i.e. why can't dm and loadpin share
> this instead of needing dm_verity_loadpin_set_trusted_digests()?)

We could share it. Probably it should then be defined here, since this is
the first patch of the series, we could add an extern declaration to
dm-verity-loadpin.h.

> >+
> >+/*
> >+ * Sets the root digests of verity devices which LoadPin considers as trusted.
> >+ *
> >+ * This function must only be called once.
> >+ */
> >+void dm_verity_loadpin_set_trusted_root_digests(struct list_head *digests)
> >+{
> >+	if (!trusted_root_digests)
> >+		trusted_root_digests = digests;
> >+	else
> >+		pr_warn("verity root digests trusted by LoadPin are already set!!!\n");
> >+}
> >+
> >+static bool is_trusted_verity_target(struct dm_target *ti)
> >+{
> >+	u8 *root_digest;
> >+	unsigned int digest_size;
> >+	struct trusted_root_digest *trd;
> >+	bool trusted = false;
> >+
> >+	if (!dm_is_verity_target(ti))
> >+		return false;
> >+
> >+	if (dm_verity_get_root_digest(ti, &root_digest, &digest_size))
> >+		return false;
> >+
> >+	list_for_each_entry(trd, trusted_root_digests, node) {
> >+		if ((trd->len == digest_size) &&
> >+		    !memcmp(trd->data, root_digest, digest_size)) {
> >+			trusted = true;
> >+			break;
> >+		}
> >+	}
> >+
> >+	kfree(root_digest);
> >+
> >+	return trusted;
> >+}
> >+
> >+/*
> >+ * Determines whether a mapped device is a verity device that is trusted
> >+ * by LoadPin.
> >+ */
> >+bool dm_verity_loadpin_is_md_trusted(struct mapped_device *md)
> >+{
> >+	int srcu_idx;
> >+	struct dm_table *table;
> >+	unsigned int num_targets;
> >+	bool trusted = false;
> >+	int i;
> >+
> >+	if (!trusted_root_digests || list_empty(trusted_root_digests))
> >+		return false;
> >+
> >+	table = dm_get_live_table(md, &srcu_idx);
> >+	num_targets = dm_table_get_num_targets(table);
> >+	for (i = 0; i < num_targets; i++) {
> >+		struct dm_target *ti = dm_table_get_target(table, i);
> >+
> >+		if (is_trusted_verity_target(ti)) {
> >+			trusted = true;
> >+			break;
> >+		}
> >+	}
> 
> Pardon my lack of dm vocabulary, but what is "target" vs "table" here?
> I was only thinking of "whole device", so I must not understand what this is
> examining.

'targets' are different types of DM mappings like 'linear' or 'verity'. A
device mapper table contains has one or more targets that define the mapping
of the blocks of the mapped device.

Having spelled that out I realize that the above check is wrong. It would
consider a device like this trusted:

0 10000000 linear 8:1
10000000 10001000 verity <params>

In the above case only a small part of the DM device would be backed by verity.

I think we want a table with a single entry that is a verity target.

> > [...]
> >diff --git a/include/linux/dm-verity-loadpin.h b/include/linux/dm-verity-loadpin.h
> >new file mode 100644
> >index 000000000000..12a86911d05a
> >--- /dev/null
> >+++ b/include/linux/dm-verity-loadpin.h
> >@@ -0,0 +1,27 @@
> >+/* SPDX-License-Identifier: GPL-2.0 */
> >+
> >+#ifndef __LINUX_DM_VERITY_LOADPIN_H
> >+#define __LINUX_DM_VERITY_LOADPIN_H
> >+
> >+#include <linux/list.h>
> >+
> >+struct mapped_device;
> >+
> >+struct trusted_root_digest {
> >+	u8 *data;
> >+	unsigned int len;
> >+	struct list_head node;
> >+};
> 
> To avoid the double-alloc in patch 2 (and save 1 pointer size of memory), this could just be:
> 
> struct trusted_root_digest {
> 	struct list_head node;
> 	unsigned int len;
> 	u8 data[];
> };

Looks good to me, will change

> Otherwise, looks good to me!

Excellent, thanks for the review!
Kees Cook May 17, 2022, 3:38 a.m. UTC | #9
On Mon, May 16, 2022 at 11:51:54AM -0700, Matthias Kaehlcke wrote:
> 'targets' are different types of DM mappings like 'linear' or 'verity'. A
> device mapper table contains has one or more targets that define the mapping
> of the blocks of the mapped device.
> 
> Having spelled that out I realize that the above check is wrong. It would
> consider a device like this trusted:
> 
> 0 10000000 linear 8:1
> 10000000 10001000 verity <params>
> 
> In the above case only a small part of the DM device would be backed by verity.
> 
> I think we want a table with a single entry that is a verity target.

Ah-ha! Okay, that's what I was worried about. Yes, a device made up
of only trusted verity targets should be the only trusted device. (So,
technically it could be more than 1 verity target, but each would need
to be trusted. Supporting that arrangement, though, may be overkill --
I would expect a 1:1 mapping as you suggest.
diff mbox series

Patch

diff --git a/drivers/md/Makefile b/drivers/md/Makefile
index 0454b0885b01..e12cd004d375 100644
--- a/drivers/md/Makefile
+++ b/drivers/md/Makefile
@@ -100,6 +100,12 @@  ifeq ($(CONFIG_IMA),y)
 dm-mod-objs			+= dm-ima.o
 endif
 
+ifeq ($(CONFIG_DM_VERITY),y)
+ifeq ($(CONFIG_SECURITY_LOADPIN),y)
+dm-mod-objs			+= dm-verity-loadpin.o
+endif
+endif
+
 ifeq ($(CONFIG_DM_VERITY_FEC),y)
 dm-verity-objs			+= dm-verity-fec.o
 endif
diff --git a/drivers/md/dm-verity-loadpin.c b/drivers/md/dm-verity-loadpin.c
new file mode 100644
index 000000000000..972ca93a2231
--- /dev/null
+++ b/drivers/md/dm-verity-loadpin.c
@@ -0,0 +1,80 @@ 
+// SPDX-License-Identifier: GPL-2.0-only
+
+#include <linux/list.h>
+#include <linux/kernel.h>
+#include <linux/dm-verity-loadpin.h>
+
+#include "dm.h"
+#include "dm-verity.h"
+
+static struct list_head *trusted_root_digests;
+
+/*
+ * Sets the root digests of verity devices which LoadPin considers as trusted.
+ *
+ * This function must only be called once.
+ */
+void dm_verity_loadpin_set_trusted_root_digests(struct list_head *digests)
+{
+	if (!trusted_root_digests)
+		trusted_root_digests = digests;
+	else
+		pr_warn("verity root digests trusted by LoadPin are already set!!!\n");
+}
+
+static bool is_trusted_verity_target(struct dm_target *ti)
+{
+	u8 *root_digest;
+	unsigned int digest_size;
+	struct trusted_root_digest *trd;
+	bool trusted = false;
+
+	if (!dm_is_verity_target(ti))
+		return false;
+
+	if (dm_verity_get_root_digest(ti, &root_digest, &digest_size))
+		return false;
+
+	list_for_each_entry(trd, trusted_root_digests, node) {
+		if ((trd->len == digest_size) &&
+		    !memcmp(trd->data, root_digest, digest_size)) {
+			trusted = true;
+			break;
+		}
+	}
+
+	kfree(root_digest);
+
+	return trusted;
+}
+
+/*
+ * Determines whether a mapped device is a verity device that is trusted
+ * by LoadPin.
+ */
+bool dm_verity_loadpin_is_md_trusted(struct mapped_device *md)
+{
+	int srcu_idx;
+	struct dm_table *table;
+	unsigned int num_targets;
+	bool trusted = false;
+	int i;
+
+	if (!trusted_root_digests || list_empty(trusted_root_digests))
+		return false;
+
+	table = dm_get_live_table(md, &srcu_idx);
+	num_targets = dm_table_get_num_targets(table);
+	for (i = 0; i < num_targets; i++) {
+		struct dm_target *ti = dm_table_get_target(table, i);
+
+		if (is_trusted_verity_target(ti)) {
+			trusted = true;
+			break;
+		}
+	}
+
+	dm_put_live_table(md, srcu_idx);
+
+	return trusted;
+}
diff --git a/drivers/md/dm-verity-target.c b/drivers/md/dm-verity-target.c
index 80133aae0db3..6f07b849fcb2 100644
--- a/drivers/md/dm-verity-target.c
+++ b/drivers/md/dm-verity-target.c
@@ -19,6 +19,7 @@ 
 #include <linux/module.h>
 #include <linux/reboot.h>
 #include <linux/scatterlist.h>
+#include <linux/string.h>
 
 #define DM_MSG_PREFIX			"verity"
 
@@ -1310,6 +1311,38 @@  static int verity_ctr(struct dm_target *ti, unsigned argc, char **argv)
 	return r;
 }
 
+/*
+ * Check whether a DM target is a verity target.
+ */
+bool dm_is_verity_target(struct dm_target *ti)
+{
+	return ti->type->module == THIS_MODULE;
+}
+EXPORT_SYMBOL_GPL(dm_is_verity_target);
+
+/*
+ * Get the root digest of a verity target.
+ *
+ * Returns a copy of the root digest, the caller is responsible for
+ * freeing the memory of the digest.
+ */
+int dm_verity_get_root_digest(struct dm_target *ti, u8 **root_digest, unsigned int *digest_size)
+{
+	struct dm_verity *v = ti->private;
+
+	if (!dm_is_verity_target(ti))
+		return -EINVAL;
+
+	*root_digest = kmemdup(v->root_digest, v->digest_size, GFP_KERNEL);
+	if (*root_digest == NULL)
+		return -ENOMEM;
+
+	*digest_size = v->digest_size;
+
+	return 0;
+}
+EXPORT_SYMBOL_GPL(dm_verity_get_root_digest);
+
 static struct target_type verity_target = {
 	.name		= "verity",
 	.version	= {1, 8, 0},
diff --git a/drivers/md/dm-verity.h b/drivers/md/dm-verity.h
index 4e769d13473a..c832cc3e3d24 100644
--- a/drivers/md/dm-verity.h
+++ b/drivers/md/dm-verity.h
@@ -129,4 +129,8 @@  extern int verity_hash(struct dm_verity *v, struct ahash_request *req,
 extern int verity_hash_for_block(struct dm_verity *v, struct dm_verity_io *io,
 				 sector_t block, u8 *digest, bool *is_zero);
 
+extern bool dm_is_verity_target(struct dm_target *ti);
+extern int dm_verity_get_root_digest(struct dm_target *ti, u8 **root_digest,
+				     unsigned int *digest_size);
+
 #endif /* DM_VERITY_H */
diff --git a/include/linux/dm-verity-loadpin.h b/include/linux/dm-verity-loadpin.h
new file mode 100644
index 000000000000..12a86911d05a
--- /dev/null
+++ b/include/linux/dm-verity-loadpin.h
@@ -0,0 +1,27 @@ 
+/* SPDX-License-Identifier: GPL-2.0 */
+
+#ifndef __LINUX_DM_VERITY_LOADPIN_H
+#define __LINUX_DM_VERITY_LOADPIN_H
+
+#include <linux/list.h>
+
+struct mapped_device;
+
+struct trusted_root_digest {
+	u8 *data;
+	unsigned int len;
+	struct list_head node;
+};
+
+#if IS_ENABLED(CONFIG_SECURITY_LOADPIN) && IS_BUILTIN(CONFIG_DM_VERITY)
+void dm_verity_loadpin_set_trusted_root_digests(struct list_head *digests);
+bool dm_verity_loadpin_is_md_trusted(struct mapped_device *md);
+#else
+static inline void dm_verity_loadpin_set_trusted_root_digests(struct list_head *digests) {}
+static inline bool dm_verity_loadpin_is_md_trusted(struct mapped_device *md)
+{
+	return false;
+}
+#endif
+
+#endif /* __LINUX_DM_LOADPIN_H */