Hi Petr,
On 2021-02-23 4:43 p.m., Mimi Zohar wrote:
Hi Petr,
On Tue, 2021-02-23 at 23:59 +0100, Petr Vorel wrote:
Hi!
I updated Tushar's patchset to speedup things.
Thank you. :)
Changes v2->v3
* rename function s/check_ima_ascii_log_for_policy/test_policy_measurement/
* move tst_res TPASS/TFAIL into test_policy_measurement()
* drop template=ima-buf (see Lakshmi's patch [1] and discussion about
it, it will be removed from ima_keys.sh as well)
Makes sense.
* moved ima_dm_crypt.sh specific changes to second commit
* further API and style related cleanup
Could you please check this patchset?
I reviewed the patchset.
Patch 1 looks ok. (generalize key measurement tests)
Patch 2 won't work as is, since the dm kernel code is not upstreamed
yet. (see my comments below for more context)
I'm not sure about the status of the associated IMA dm-crypt kernel
patch set. It hasn't even been reviewed, definitely not upstreamed.
I would hold off on upstreaming the associated ltp test.
That is correct.
The device mapper measurement work is being revisited - to cover aspects
like more DM targets (not just dm-crypt), better memory management, more
relevant attributes from the DM targets, other corner cases etc.
Therefore, even though the first patch of the series "generalize key
measurement tests", would be useful for other tests; I will have to
revisit the second patch, "dm-crypt measurements", to address the
DM side changes I mentioned above.
To summarize,
- you may upstream the first patch (generalizing the key
measurements). It would be useful for us while writing more tests in
this space.
- but please hold off upstreaming the second patch (dm-crypt test)
as Mimi has suggested.
Thanks,
Tushar
thanks,
Mimi