On Wed, Mar 6, 2024 at 6:34 PM Fan Wu <wufan@xxxxxxxxxxxxxxxxxxx> wrote: > > Overview: > --------- > > IPE is a Linux Security Module which takes a complimentary approach to > access control. Whereas existing mandatory access control mechanisms > base their decisions on labels and paths, IPE instead determines > whether or not an operation should be allowed based on immutable > security properties of the system component the operation is being > performed on. > > IPE itself does not mandate how the security property should be > evaluated, but relies on an extensible set of external property providers > to evaluate the component. IPE makes its decision based on reference > values for the selected properties, specified in the IPE policy. > > The reference values represent the value that the policy writer and the > local system administrator (based on the policy signature) trust for the > system to accomplish the desired tasks. > > One such provider is for example dm-verity, which is able to represent > the integrity property of a partition (its immutable state) with a digest. > > IPE is compiled under CONFIG_SECURITY_IPE. All of this looks reasonable to me, I see there have been some minor spelling/grammar corrections made, but nothing too serious. If we can get ACKs from the fsverity and device-mapper folks I can merge this once the upcoming merge window closes in a few weeks. -- paul-moore.com