From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from atuin.qyliss.net (localhost [IPv6:::1]) by atuin.qyliss.net (Postfix) with ESMTP id D5D7AD5D7; Fri, 03 Jul 2026 14:06:34 +0000 (UTC) Received: by atuin.qyliss.net (Postfix, from userid 993) id CE303D5C5; Fri, 03 Jul 2026 14:06:32 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 4.0.1 (2024-03-26) on atuin.qyliss.net X-Spam-Level: X-Spam-Status: No, score=-0.8 required=3.0 tests=DKIM_SIGNED,DKIM_VALID, DKIM_VALID_AU,DMARC_MISSING,RCVD_IN_DNSWL_LOW,SPF_HELO_PASS autolearn=unavailable autolearn_force=no version=4.0.1 Received: from fout-b6-smtp.messagingengine.com (fout-b6-smtp.messagingengine.com [202.12.124.149]) by atuin.qyliss.net (Postfix) with ESMTPS id 1BC43D5C4 for ; Fri, 03 Jul 2026 14:06:32 +0000 (UTC) Received: from phl-compute-11.internal (phl-compute-11.internal [10.202.2.51]) by mailfout.stl.internal (Postfix) with ESMTP id BE7231D00085; Fri, 3 Jul 2026 10:06:30 -0400 (EDT) Received: from phl-frontend-04 ([10.202.2.163]) by phl-compute-11.internal (MEProxy); Fri, 03 Jul 2026 10:06:30 -0400 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=alyssa.is; h=cc :cc:content-type:content-type:date:date:from:from:in-reply-to :in-reply-to:message-id:mime-version:references:reply-to:subject :subject:to:to; s=fm1; t=1783087590; x=1783173990; bh=rpW/DfJeuk MfEnmHiG+9J1bxTO77s6qPNJ3dnDmqgEM=; b=VYPvYxo1T90jF64rgYIPr9Of7Q 7+I095Eq9xXRrG1Hvzs9rD8RHamuKSRJOwqiSb0jPW4nFuM+dQy7sOZ3HO1tQVf6 SKXbK9QmJCEApsUYbsOUV86nzipYnrFQp8rVnDMU2B8aEROXfhNSFoQ0nGhyn4Dv LD4QQNz65vGO++UmVKjydrzbZdhT5ioq0aPtwd8xVzHBOlNXfxlf8Wwzs4Hi0a+B 5pDhfFSlQjbKIfyPzsaUoMZBpHog1HDv3L+21J4BfFPdRXjo5+l8QoVQ+uXtKk4s sP121b6CEOxfrVOObxJ08/+jfgYME8BGCJUO1L2eUKDqNohhmgE6tXqTqLLA== DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d= messagingengine.com; h=cc:cc:content-type:content-type:date:date :feedback-id:feedback-id:from:from:in-reply-to:in-reply-to :message-id:mime-version:references:reply-to:subject:subject:to :to:x-me-proxy:x-me-sender:x-me-sender:x-sasl-enc; s=fm2; t= 1783087590; x=1783173990; bh=rpW/DfJeukMfEnmHiG+9J1bxTO77s6qPNJ3 dnDmqgEM=; b=Gy2cjq839r//6U/sY3v6AAUNVLSV0QhE4mP+klTJ4z2BDo3JoLW hx+iIHCNy1Ol2aibWK25wZfGlPSlrYIJpDBFQ8yM9a55oooad/NDbkC5HxIL7DjU 7XYjTejZvooHW6wnWilEBfyILQnO1aOx9QDJyDNaCG6xRZse7TJYK1+qMlr7zG6+ CIli9w2XBD1fFZRzg9McXUZ9uxt8KG5C50qLEqGFZwzr90VTFzIFP54quQ2Bkljy sumi5ovmK4hjymBlnH5FzlQiZXa4wu1Xx1TG+z/HVZafGHOT7Djm4chCW1t0277r h9bsw6671li9B78CgzXV7/gBaTJuszVBSQQ== X-ME-Sender: X-ME-Received: X-ME-Proxy-Cause: dmFkZTE5ZVeEvXNOKOYCYIArBg80ij8prSGzB3mknB/DlaXwqeYQnP8uMVXPyDlXCtwpsW 6y9q4LOdy0JqOm8qReiX7m1tC+Mf7L5jqz0pBr7PFm/Sd2xxk7Evzy+mIJrYrfpdCWCVDn ZI4B4KVlR+yunQCoi2RPeGUytWk7D17/m2gmssYAJk/ZDhOujxA9wutzGpHF3EvXPeEFc9 HfVsrvCovROx15fDG8cEYQNtPQDfS//tx5ihC6B0SWYyzQ0GCfAtJWmVOlcxpnVgzYp/f2 UpTpXJUmOTuN8A2cYV4CXHIMLltIHK4R2okJvVeA2uV2F1cGdkgbUdW/0HpRTO/732JEgq CsIsX2QjcCTko9PgSQliQy5Ektf0bWL2ihzOk9j9TvlPjmv88mowPzTLMs31zWgOeHAI2T SH8WpUoHCOat3FKdk2TVX17yG1uT6JSGBHEriz8ZVNG4LeBMfDw7th67SKhQknC43T4nLI xKkDWffe41e5GTXLJI++vElI4trFhVrfFq5eaKemuc4ZeF491SJpp2TmjjTjm+jw4gD0Ly PpAWLkMMO1JCDzIeEe6fglC8W/dxbXI+DRW7Tk0kaueKtEVDEKaz4OuU/gOUeN6Hxn7LoL 32hvPxM78PCSAMlBHl8vzK2xdO2pb7l4Ce+kfrjlDlAGIq1eOTvETJfMfvuw X-ME-Proxy: Feedback-ID: i12284293:Fastmail Received: by mail.messagingengine.com (Postfix) with ESMTPA; Fri, 3 Jul 2026 10:06:30 -0400 (EDT) Received: by mbp.qyliss.net (Postfix, from userid 1000) id 713BF8463326; Fri, 03 Jul 2026 16:06:28 +0200 (CEST) From: Alyssa Ross To: colby@colbyt.com Subject: Re: [PATCH 0/5] vm: boot sub-VMs from dm-verity roots and enable IPE In-Reply-To: References: <20260625202013.1417254-1-colby@colbyt.com> <87cxxdz633.fsf@alyssa.is> <878q7twlps.fsf@alyssa.is> Date: Fri, 03 Jul 2026 16:06:17 +0200 Message-ID: <87v7awkw12.fsf@alyssa.is> MIME-Version: 1.0 Content-Type: multipart/signed; boundary="=-=-="; micalg=pgp-sha512; protocol="application/pgp-signature" Message-ID-Hash: SOF277535XYUTOGUJWV2HTV5QUM3QDXL X-Message-ID-Hash: SOF277535XYUTOGUJWV2HTV5QUM3QDXL X-MailFrom: hi@alyssa.is X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; loop; banned-address; header-match-devel.spectrum-os.org-0; header-match-devel.spectrum-os.org-1; header-match-devel.spectrum-os.org-2; header-match-devel.spectrum-os.org-3; header-match-devel.spectrum-os.org-4; emergency; member-moderation; nonmember-moderation; administrivia; implicit-dest; max-recipients; max-size; news-moderation; no-subject; digests; suspicious-header CC: devel@spectrum-os.org X-Mailman-Version: 3.3.10 Precedence: list List-Id: Patches and low-level development discussion Archived-At: List-Archive: List-Help: List-Owner: List-Post: List-Subscribe: List-Unsubscribe: --=-=-= Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable colby@colbyt.com writes: > So instinctively the path I took there was to do IPE on apple end to > end from host to VM in an accountability chain, but not sure of the > validity of my taste there -- I just like treating internal > assumptions as hostile instead of trusted -- I was hoping to achieve > an inter-vm attestation system which would use things like this, but > tbh did not think deeply. > I would love to see something like that. Just needs some more design thought. As it stands I don't think this is giving any more assurance to VMs than they had before, but we definitely could =E2=80=94 e.g. we could prove to them that they're running on an unmodified (and therefore presumably trustworthy) Spectrum host. > > On Thursday, July 2nd, 2026 at 7:22 AM, Alyssa Ross wrote: > >> colby@colbyt.com writes: >>=20 >> > Yes this is me laying the groundwork for/ trying to solve=20 >> > >> > "Look into Integrity Policy Enhancement LSM >> > Apparently this enforces that executables must be authenticated by dm-= verity. Could we use this?" >> > >> > I may have forgotten to push all the files but I got it implemented an= d working --- only I did not want to push actual IPE policies in a patch, a= s that has a substantial possibility to break things. >>=20 >> Ah, yes. I meant IPE on the host when I wrote that. I'll update the >> text to make that clearer. I don't immediately see any value in IPE in >> VMs. >>=20 >> > On Friday, June 26th, 2026 at 8:15 AM, Alyssa Ross wrot= e: >> > >> >> colbyt writes: >> >>=20 >> >> > This series changes the app VM and net VM root images to boot throu= gh >> >> > dm-verity, then enables IPE kernel support for the sub-VMs and the >> >> > Spectrum host rootfs. >> >> > >> >> > Each sub-VM disk now has a verity metadata partition and an EROFS r= oot >> >> > partition. The build installs the root hash next to the disk image= , and >> >> > the VM boot paths pass that hash to a shared initramfs. The initra= mfs >> >> > uses the hash to find both partitions, opens /dev/mapper/root-verit= y, and >> >> > switches into it read-only. >> >> > >> >> > The last two patches only enable kernel support for IPE. They do n= ot >> >> > install an IPE policy. With the existing generated kernel config, >> >> > enabling SECURITY_IPE also enables the dm-verity root-hash provider= , so >> >> > later policy work can match files from verified roots. >> >>=20 >> >> Would you mind explaining your motivation / the direction you envisage >> >> here in a bit more detail? Given that the VM gets its root file syst= em >> >> and the corresponding verity hash from the same place (the host file >> >> system), there's no immediate security benefit from using dm-verity, >> >> right? Is the idea rather to enable some sort of cool IPE thing for >> >> which dm-verity is a requirement, but that's not implemented yet as p= art >> >> of this series? >> >>=20 >> >> (I really appreciate the quality of your patches BTW =E2=80=94 you've= obviously >> >> gone to some effort to identify and follow all the tiny little >> >> conventions we have in the codebase. Thank you!) >> >>=20 >>=20 --=-=-= Content-Type: application/pgp-signature; name="signature.asc" -----BEGIN PGP SIGNATURE----- iHUEARYKAB0WIQRV/neXydHjZma5XLJbRZGEIw/wogUCakfB2QAKCRBbRZGEIw/w okLNAP9C2m93NztnHh2LSsL+HYfn9/BiLsW7b/6aT86IY+dq2gEA6k0CQlK6hzQz jTlvn/ZYR4EguB3WHwvOuGsH+lJmZwc= =in4e -----END PGP SIGNATURE----- --=-=-=--