> > > I think it is better to set a flag, maybe a new one, directly in EVM, to notify > > > the integrity subsystem that iint->evm_status is no longer valid. > > > > > > If the EVM flag is set, IMA would reset the appraisal flags, as it uses > > > iint->evm_status for appraisal. We can consider to reset also the measure > > > flags when we have a template that includes file metadata. > > > > When would IMA read the EVM flag? Who would reset the flag? At what > > point would it be reset? Just as EVM shouldn't be resetting the IMA > > flag, IMA shouldn't be resetting the EVM flag. > > IMA would read the flag in process_measurement() and behave similarly > to when it processes IMA_CHANGE_ATTR. The flag would be reset by > evm_verify_hmac(). Sounds good. Mimi
