Re: [PATCH v11 0/6] KEYS: Measure keys when they are created or updated

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On 12/12/19 6:28 AM, Mimi Zohar wrote:

Hi Lakshmi,

On Wed, 2019-12-11 at 08:47 -0800, Lakshmi Ramasubramanian wrote:
Keys created or updated in the system are currently not measured.
Therefore an attestation service, for instance, would not be able to
attest whether or not the trusted keys keyring(s), for instance, contain
only known good (trusted) keys.

IMA measures system files, command line arguments passed to kexec,
boot aggregate, etc. It can be used to measure keys as well.
But there is no mechanism available in the kernel for IMA to
know when a key is created or updated.

This change aims to address measuring keys created or updated
in the system.

Thank you!  This patch set is now queued in the next-integrity-testing
branch of https://git.kernel.org/pub/scm/linux/kernel/git/zohar/linux-
integrity.git/.

Mimi


Thanks Mimi.

 -lakshmi



[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Index of Archives]     [Linux Kernel]     [Linux Kernel Hardening]     [Linux NFS]     [Linux NILFS]     [Linux USB Devel]     [Video for Linux]     [Linux Audio Users]     [Yosemite News]     [Linux SCSI]

  Powered by Linux