Project Description
Implement a checksum algorithm for BTRFS that uses and authenticated (keyed) hash. There are 2 cryptographically secure hashes supported by btrfs, sha256 and blake2b.
Status: prototypes exist for most of the goals below, need polishing and testing
Goals for Hackweek 22
This has been ongoing, there's prototype for the kernel side but is not complete and does not cover the whole use case. One drawback for the key requirement is that there's no way to verify the data/metadata validity without it. To address that, combine authenticated hash and a regular checksum into (e.g. split the 256 bits to 224 bits for sha256 and 32 bits for crc32c). To allow a use case with authenticated hash but without the private key stored on the host explore the public key signature for checksum.
- implement the basic authenticated hashes
- implement the combined authenticated and secondary hash
- finalize the interfaces (command line options, mount options), support for all commands
- bonus goal 1: implement checksum based on public key signature (DSA)
- bonus goal 2: prototype using blake3 and xxh3 as another types of cryptographic and checksum algorithms
Progress
- refactoring old branches, refreshing on to newer base (auth, auth+sum)
- implementing auth+sum in progs
- public key signature (example): implementing ->sign for ecdsa with p-256 curve
- XXH3 in kernel does not seem to be better than xxh64 (https://github.com/Cyan4973/xxHash/issues/793), the user space implementation heavily relies on SSE2 which is not easily available in kernel (FPU context switch overhead)
Goals for Hackweek 23
- put together user space library for ECC and ECDSA, using kernel code for parity and to verify the functionality
- start again with the authenticated hashes, do all combinations of {sha256, blake2} x {none, crc32c, xxhash}, based on user feedback hardcoding the secondary hash to xxhash is not great, this is 6 new checksum algorithms
Progress
- refreshed code for kernel and btrfs-progs, closer to sending an RFC, some parts still missing (namely dealing with corner cases of secondary checksums in various contexts)
- new prototypes written and scrapped, ECC research continues
Looking for hackers with the skills:
This project is part of:
Hack Week 22 Hack Week 23
Activity
Comments
Be the first to comment!
Similar Projects
early stage kdump support by mbrugger
Project Description
When we experience a early boot crash, we are not able to analyze the kernel dump, as user-space wasn't able to load the crash system. The idea is to make the crash system compiled into the host kernel (think of initramfs) so that we can create a kernel dump really early in the boot process.
Goal for the Hackweeks
- Investigate if this is possible and the implications it would have (done in HW21)
- Hack up a PoC (done in HW22 and HW23)
- Prepare RFC series (giving it's only one week, we are entering wishful thinking territory here).
update HW23
- I was able to include the crash kernel into the kernel Image.
- I'll need to find a way to load that from
init/main.c:start_kernel()
probably afterkcsan_init()
- I workaround for a smoke test was to hack
kexec_file_load()
systemcall which has two problems:- My initramfs in the porduction kernel does not have a new enough kexec version, that's not a blocker but where the week ended
- As the crash kernel is part of init.data it will be already stale once I can call
kexec_file_load()
from user-space.
The solution is probably to rewrite the POC so that the invocation can be done from init.text (that's my theory) but I'm not sure if I can reuse the kexec infrastructure in the kernel from there, which I rely on heavily.
update HW24
- Day1
- rebased on v6.12 with no problems others then me breaking the config
- setting up a new compilation and qemu/virtme env
- getting desperate as nothing works that used to work
- Day 2
- getting to call the invocation of loading the early kernel from
__init
afterkcsan_init()
- getting to call the invocation of loading the early kernel from
Day 3
- fix problem of memdup not being able to alloc so much memory... use 64K page sizes for now
- code refactoring
- I'm now able to load the crash kernel
- When using virtme I can boot into the crash kernel, also it doesn't boot completely (major milestone!), crash in
elfcorehdr_read_notes()
Day 4
- crash systems crashes (no pun intended) in
copy_old_mempage()
link; will need to understand elfcorehdr... - call path
vmcore_init() -> parse_crash_elf_headers() -> elfcorehdr_read() -> read_from_oldmem() -> copy_oldmem_page() -> copy_to_iter()
- crash systems crashes (no pun intended) in
Day 5
- hacking
arch/arm64/kernel/crash_dump.c:copy_old_mempage()
to see if crash system really starts. It does. - fun fact: retested with more reserved memory and with UEFI FW, host kernel crashes in init but directly starts the crash kernel, so it works (somehow) \o/
- hacking
TODOs
- fix elfcorehdr so that we actually can make use of all this...
- test where in the boot
__init()
chain we can/should callkexec_early_dump()