Re: [PATCH] IMA: Turn IMA_MEASURE_ASYMMETRIC_KEYS off by default

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On 1/21/2020 11:52 AM, James Bottomley wrote:

- really small devices/sensors being able to queue certificates

seems like the answer to this one would be don't queue.  I realise it's
after the submit design, but what about measuring when the key is added
if there's a policy otherwise measure the keyring when the policy is
added ... that way no queueing.

Without the "deferred key processing" changes, only keys added at runtime were measured (if policy permitted).

"deferred key processing" enabled queuing keys added early in the boot process and measured them when the policy is loaded.

We can make this (the queuing) optional through a config, but leave the runtime key measurement auto-enabled (as is the config IMA_MEASURE_ASYMMETRIC_KEYS now).

 -lakshmi




[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Index of Archives]     [Linux Kernel]     [Linux Kernel Hardening]     [Linux NFS]     [Linux NILFS]     [Linux USB Devel]     [Video for Linux]     [Linux Audio Users]     [Yosemite News]     [Linux SCSI]

  Powered by Linux