On Thu, Oct 11, 2018 at 11:37 AM Mimi Zohar <zohar@xxxxxxxxxxxxx> wrote: > On Thu, 2018-10-11 at 11:24 -0700, Matthew Garrett wrote: > > But for a hypothetical case where the filesystem itself > > verifies the signature, then the filesystem would abort the > > transaction if the signature didn't match and it seems reasonable to > > avoid doing the validation twice (once up front and then again on > > every read) > > Right, this is a hypothetical scenario as far as I'm aware, since none > of the filesystems are currently calculating and storing the file > hash. The default should be for IMA to re-calculate the file hash. There are FUSE filesystems that do.
