[Cc'ing Roberto] Hi Matthew, On Mon, 2019-04-29 at 15:51 -0700, Matthew Garrett wrote: > Mimi, anything else I can do here? Trying to remember where we were ... The last issue, as I recall, is somehow annotating the measurement list to indicate the source of the file hash. One solution might be: Suppose instead of re-using the "d-ng" for the vfs hash, you defined a new field named d-vfs. Instead of the "ima-ng" or "d-ng|n-ng", the template name could be "d-vfs|n-ng". Intermixing of template formats is not a problem. IMA already supports multiple templates in the same list for carrying the measurement list across kexec. (There are no guarantees that the current measurement list and the kexec'ed kernel will be the same template format.) The template format is currently defined at compile time, with a run time option of changing it. The issue then becomes how to dynamically switch between template formats, based on fields. Mimi
