Re: [PATCH v8 4/5] IMA: Add support to limit measuring keys

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On 11/20/2019 3:19 PM, Mimi Zohar wrote:

Hi Mimi,

The above can be used to correlate the key measurement IMA entry,
ima-sig and ima-modsig entries using the same key.

True, but associating the public key measurement with the file
signature requires information from the certificate (e.g. issuer,
serial number, and/or subject, subject keyid).

For a regression test, it would be nice if the key measurement,
itself, contained everything needed in order to validate the file
signatures in the measurement list.

I am just trying to understand your asks - Please clarify:

1, My change includes only the public key and not the entire certificate information in the measured buffer.

Should I update this current patch set to measure the entire cert. Or, can that be done as a separate patch set?

2, Should a regression test be part of this patch set for the key measurement changes to be accepted?

thanks,
 -lakshmi



[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Index of Archives]     [Linux Kernel]     [Linux Kernel Hardening]     [Linux NFS]     [Linux NILFS]     [Linux USB Devel]     [Video for Linux]     [Linux Audio Users]     [Yosemite News]     [Linux SCSI]

  Powered by Linux