Re: [PATCH V2 3/4] IMA: Optionally make use of filesystem-provided hashes

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Thu, Apr 4, 2019 at 3:35 PM James Bottomley
<James.Bottomley@xxxxxxxxxxxxxxxxxxxxx> wrote:
> Redundant information is always possible, but it can become
> inconsistent and, because the hashes can't be derived from each other,
> it's hard to tell if it is inconsistent without redoing the whole hash
> with each method.

Part of the problem here is that IMA is effectively used for two
related but different purposes - measurement and appraisal. You
generally want measurements to be comparable across filesystems,
whereas appraisal doesn't need to be. So if we don't have comparable
measurements, there's less benefit in performing measurement (we have
no real idea what the expected measurements would be in advance).
That's less important for appraisal, but arguably we don't care about
appraisal of stuff on fs-verity backed filesystems to begin with
because we can just attest that they're legitimate?

> I was more wondering what, if any, problems would follow if we did let
> the filesystem choose the hash method and simply used the top merkle
> hash in place of the usual IMA hash?

We could definitely just pass it through as a separate hash type, and
my initial thinking was that fs-verity might be a reasonable use case
for that, but I'm not sure that it buys us much in the IMA case.



[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Index of Archives]     [Linux Kernel]     [Linux Kernel Hardening]     [Linux NFS]     [Linux NILFS]     [Linux USB Devel]     [Video for Linux]     [Linux Audio Users]     [Yosemite News]     [Linux SCSI]

  Powered by Linux