Re: [PATCH V2 3/4] IMA: Optionally make use of filesystem-provided hashes

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



[Cc'ing Roberto]

Hi Matthew,

On Mon, 2019-04-29 at 15:51 -0700, Matthew Garrett wrote:
> Mimi, anything else I can do here?

Trying to remember where we were ...  The last issue, as I recall, is
somehow annotating the measurement list to indicate the source of the
file hash.

One solution might be:

Suppose instead of re-using the "d-ng" for the vfs hash, you defined a
new field named d-vfs.  Instead of the "ima-ng" or "d-ng|n-ng", the
template name could be "d-vfs|n-ng".

Intermixing of template formats is not a problem.  IMA already
supports multiple templates in the same list for carrying the
measurement list across kexec.  (There are no guarantees that the
current measurement list and the kexec'ed kernel will be the same
template format.)  The template format is currently defined at compile
time, with a run time option of changing it.

The issue then becomes how to dynamically switch between template formats, based on fields.

Mimi





[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Index of Archives]     [Linux Kernel]     [Linux Kernel Hardening]     [Linux NFS]     [Linux NILFS]     [Linux USB Devel]     [Video for Linux]     [Linux Audio Users]     [Yosemite News]     [Linux SCSI]

  Powered by Linux