On Thu, Apr 4, 2019 at 7:27 PM James Bottomley <James.Bottomley@xxxxxxxxxxxxxxxxxxxxx> wrote: > > On Thu, 2019-04-04 at 18:50 -0700, Matthew Garrett wrote: > > On Thu, Apr 4, 2019 at 3:35 PM James Bottomley > > <James.Bottomley@xxxxxxxxxxxxxxxxxxxxx> wrote: > > > Redundant information is always possible, but it can become > > > inconsistent and, because the hashes can't be derived from each > > > other, it's hard to tell if it is inconsistent without redoing the > > > whole hash with each method. > > > > Part of the problem here is that IMA is effectively used for two > > related but different purposes - measurement and appraisal. You > > generally want measurements to be comparable across filesystems, > > whereas appraisal doesn't need to be. > > Sure, but I think the only requirement for measurement is knowing how > to reproduce them. As long as you know the algorithm the filesystem is > using ... i.e. it's recorded in the IMA log, you should be able to > verify them. Mm. I think this is use-case dependent, but there are certainly use cases where this would be sufficient. I think this would work on the VFS side, but we'd need to extend IMA to allow you to write a policy that specified the use of the fs-verity data on the appropriate filesystems (right now IMA uses one hash type globally) - if anyone's interested in deploying that, I'm happy to add support for it.
