> From: Mimi Zohar [mailto:zohar@xxxxxxxxxxxxx] > Sent: Wednesday, May 12, 2021 12:12 AM > Hi Roberto, > > On Wed, 2021-05-05 at 13:33 +0200, Roberto Sassu wrote: > > With the patch to accept EVM portable signatures when the > > appraise_type=imasig requirement is specified in the policy, appraisal can > > be successfully done even if the file does not have an IMA signature. > > > > However, remote attestation would not see that a different signature type > > was used, as only IMA signatures can be included in the measurement list. > > This patch solves the issue by introducing the new template field 'evmsig' > > to show EVM portable signatures and by including its value in the existing > > field 'sig' if the IMA signature is not found. > > With this patch, instead of storing the file data signature, the file > metadata signature is stored in the IMA measurement list, as designed. > There's a minor problem. Unlike the file data signature, the > measurement list record does not contain all the information needed to > verify the file metadata signature. Ok, we could add new template fields later. Roberto HUAWEI TECHNOLOGIES Duesseldorf GmbH, HRB 56063 Managing Director: Li Peng, Li Jian, Shi Yanli > thanks, > > Mimi
