On Tue, Apr 9, 2019 at 3:33 PM Mimi Zohar <zohar@xxxxxxxxxxxxx> wrote: > > On Tue, 2019-04-09 at 15:25 +0300, Janne Karhunen wrote: > > On Tue, Apr 9, 2019 at 3:05 PM Mimi Zohar <zohar@xxxxxxxxxxxxx> wrote: > > > > > > It would take an additional integrity hook, of course. > > > > > > That's fine. > > > > Great, I will work up a proper patch and check the locking. > > Thanks! Sent for review. I have tested it with arm8l and x86_64 qemu/kvm setup with both appraisal & fix modes. Hashes seem to update correctly as the syncs are done and I can't see any obvious smoke coming out from anywhere.. As for crash testing, I will try to make many runs today. Based on my understanding it should be pretty good, certainly battery outage or just plain crash should have quite low probability to manage to tear a single inode update halfway through. Besides, if that happens the fact that IMA detects a file corruption is only a good thing. Broken files are not allowed to be read, intact files are fine.. -- Janne
