Support signing image layers with PKCS#7 envelope #1337
Description
Is your feature request related to a problem?
Notation currently supports signing container images at the manifest level, which adds protection at image pull time. This model can be extended to add protection at runtime by additionally signing the image layer root hashes. The kernel would then be able to verify each layer's signature to ensure no tampering happened after the image pull.
In order to achieve this, the CLI can be extended to enable the extra signing.
What solution do you propose?
A new parameter --dm-verity can be added to the notation sign command. Initially, the only signature format that will be supported is PKCS#7. Since this is the default format, no other parameters need to be added at this time. An example of the full proposed command is below.
notation sign --dm-verity --id myKeyId myregistry.azurecr.io/myapp@sha256:def456...
This new parameter will initiate the original manifest signing and additionally sign each image layer's dm-verity root hash. The signatures will be stored in an OCI artifact referrer attached to the original image manifest.
What alternatives have you considered?
None
Any additional context?
There is a proposal in review with more details here #1335