On Thu, Jun 6, 2019 at 3:27 PM Roberto Sassu <roberto.sassu@xxxxxxxxxx> wrote: > > Previous versions included the patch 'ima: don't ignore INTEGRITY_UNKNOWN > EVM status'. However, I realized that this patch cannot be accepted alone > because IMA-Appraisal would deny access to new files created during the > boot. The early initialization logic seems to have been changing, the original one as I have understood it: - before initialization - allow reading anything without security.ima - deny reading anything with security.ima - allow all writes - after initialization - deny reading|writing anything without security.ima - deny reading|writing anything invalid - allow everything else The logic is pretty handy as it even creates additional layer of security around the early initialization files as they become unreadable after use. Now, if we initialize the system with a random key like in your patch, this logic is to change quite drastically? It sounds to me the userland may actually break, all the userland initialization files in the existing ima configurations that do not use digsigs would become unreadable given that the random key is put in? Remember, those files can be protected via other means (most commonly signed ramdisk). -- Janne
