On Thu, 2019-03-14 at 14:08 -0700, Matthew Garrett wrote: > On Wed, Mar 13, 2019 at 6:08 PM Mimi Zohar <zohar@xxxxxxxxxxxxx> wrote: > > The IMA hash and EVM hmac combination is fine for offline protection. > > It's used for mutable files. For immutable files, there must be > > either an IMA or EVM signature. > > Ok. Is the correct way to handle this to check that the file has a > signature, or to extend IMA policy to allow it to provide a > requirement that EVM verify a signature rather than an HMAC and have > the arch policy set that? I'm not sure what you mean by "check that the file has a signature". EVM and IMA are separate subsystems with a defined interface for interaction between them. evm_verifyxattr() isn't, but could be called by LSMs. So evm_verifyxattr() would need to be extended to return the EVM xattr type. The IMA policy could then require a specific evmxattr type. Possible. Perhaps for now require IMA signatures and defer supporting EVM signatures? Mimi
