Re: [PATCH 0/2] dm-devel:dm-crypt: infrastructure for measurement of DM target data using IMA

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 





On 2020-08-17 2:46 p.m., Mimi Zohar wrote:
On Sun, 2020-08-16 at 14:02 -0700, Tushar Sugandhi wrote:
There are several device-mapper targets which contribute to verify
the integrity of the mapped devices e.g. dm-integrity, dm-verity,
dm-crypt etc.

But they do not use the capabilities provided by kernel integrity
subsystem (IMA). For instance, the IMA capability that measures several
in-memory constructs and files to detect if they have been accidentally
or maliciously altered, both remotely and locally. IMA also has the
capability to include these measurements in the IMA measurement list and
use them to extend a TPM PCR so that it can be quoted.

"both remotely" refers to measurement and attestation, while "locally"
refers to integrity enforcement, based on hashes or signatures.  Is
this patch set adding both IMA-measurement and IMA-appraisal?

Mimi

Thanks Mimi for looking at this patch set.

I added both "remotely" and "locally" in the description, so that
people less familiar with IMA would get a general overview of whats
possible with IMA.

In this patch set we are only adding support for measurement and
attestation. In the next iteration, I will remove the references to
"local" detection.
~Tushar
<snip>

--
dm-devel mailing list
dm-devel@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/dm-devel




[Index of Archives]     [DM Crypt]     [Fedora Desktop]     [ATA RAID]     [Fedora Marketing]     [Fedora Packaging]     [Fedora SELinux]     [Yosemite Discussion]     [KDE Users]     [Fedora Docs]

  Powered by Linux