file system signatures and trust model, was Re: Ubuntu Core: how the file-system works
George Gross
gmgross at shoreham.net
Fri Jan 20 17:10:30 UTC 2017
thank you for the "how to" pointer to make custom Ubuntu Core images,
I'll stay tuned for replies on the other Qs...
george
On Fri, 2017-01-20 at 16:01 +0100, Oliver Grawert wrote:
> hi,
> Am Freitag, den 20.01.2017, 09:43 -0500 schrieb George Gross:
> > Hi,
> >
> > at the risk of wading into the weeds, you mentioned below that:
> >
> > "...it also has the advantage that the core and kernel snaps are
> > signed
> > readonly squashfses and can not just be modified which adds a great
> > amount of extra security."
> >
> > Is there a Wiki or document explaining the signature private key's
> > life
> > cycle management? For example, what process happens when the key
> > expires
> > or is compromised? Who is the entity that actually *signs* the file
> > system?
>
> this is probably something the security and store teams can answer
> better than me.
>
> >
> > If you built a custom kernel and/or device drivers, how would your
> > binaries interact with this file system signature's verification? Can
> > you substitute your own software factory/store's signature?
>
> you would create a complete own image based on your own developer
> signature using a signed model assertion.
>
> https://docs.ubuntu.com/core/en/guides/build-device/image-building
>
> has details on this.
>
> >
> > If you operate your own private CA and sign some file objects within
> > the
> > snap, does that CA need to be cross-certified with the trust anchor
> > CA
> > that is vouching for the identity applying the core/kernel file
> > system
> > signature?
>
> again something the store people are better suited to answer, i dont
> exactly know how the CA store side is set up here :)
>
> ciao
> oli
More information about the Snapcraft
mailing list