Re: [dm-devel] [PATCH 0/7] device mapper target measurements using IMA

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Hello Thore,
On 7/14/21 4:32 AM, Thore Sommer wrote:
Thank you for bringing IMA support to device mapper. The addition of dm-verity
to IMA is very useful for the project I'm working on where we boot
our distribution from removable USB media.
Thank you for the positive ack. Appreciate it.
One of our goals is to detect tampering of the root file system remotely.
Therefore we enabled dm-verity support but implementing remote attestation for
dm-verity from userland is not ideal which was our initial plan.
Yes, remote attestation from userland is not ideal.
This patch set enables us to leverage to already implemented IMA attestation
infrastructure by the remote attestation service that we are using (Keylime)
without trying to roll a custom solution.
I am glad that DM-IMA functionality is useful for your scenario.
We tested the initial RFC patch set and will continue testing with this one to see if it fully works in our environment and with our use case.
Thank you for testing the RFC patch set.
Please let me know if you discover any bugs in this one, or have any other feedback.

Thanks again.

Regards,
Tushar
Thore Sommer




[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Index of Archives]     [Linux Kernel]     [Linux Kernel Hardening]     [Linux NFS]     [Linux NILFS]     [Linux USB Devel]     [Video for Linux]     [Linux Audio Users]     [Yosemite News]     [Linux SCSI]

  Powered by Linux