Hi Dmitry, On Wed, 2017-10-18 at 23:37 +0300, Dmitry Kasatkin wrote: > May be Mikhail could share GIT url to look somewhere. > To see latest bits. Please bottom post in the future. Summary: Mikhail's patches were posted earlier this year. His patches defined a portable EVM signature, which was never written out to disk, but after being verified, was written out as an HMAC. This was based on my understanding that the i_ino/uuid is required to prevent a cut & paste attack. In the recent discussions, Matthew wanted to know why the i_ino/uuid is required. After going around and around discussing it, it turns out including security.ima is equivalent to including the i_ino/uuid. The i_ino/uuid is only necessary to prevent a cut and paste attack, when security.ima is not included in the security.evm hmac/signature. We're at the point of making the portable EVM signature immutable. By immutable, we mean that it isn't re-written as an HMAC. It is based on your ima-evm-utils support. Mikhail, Matthew, did I leave anything out? Mimi
