On Tue, Oct 9, 2018 at 11:04 AM Mimi Zohar <zohar@xxxxxxxxxxxxx> wrote: > > On Tue, 2018-10-09 at 10:21 -0700, Matthew Garrett wrote: > > Well, there's a performance benefit as well - reading 500MB > > executables over the network is time consuming and otherwise mostly > > unnecessary. Given two solutions that have the same properties in > > terms of which components we need to trust, why not pick the one > > that's faster? > > With the existing cover letter, the purpose of this patch set should > be to address the performance of calculating the file hash on trusted > local FUSE mounted filesystems, not remote filesystems or fs-verity > filesystems. The performance hit is more noticeable over remote filesystems, but we have large binaries that take several seconds to hash even on local filesystems. Would it be helpful to try to define the assumptions that IMA makes in terms of whether or not it produces trustworthy results? It feels like it's be easier to talk about this if we have a more formal set of conditions to take into consideration.