Re: IMA metadata format to support fs-verity

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Wed, 2020-08-26 at 12:24 -0700, Eric Biggers wrote:

> fs-verity is mostly just a way of hashing a file.  Can't IMA just continue to do
> its signatures in the same way, and just swap out the traditional full file hash
> with the fs-verity file hash (when it's enabled)?

Yes, as previously discussed with you and Ted.

Mimi
> 
> fs-verity does support its own signature mechanism, because people wanted a
> simple knob to set that makes the kernel verify and enforce signatures for all
> fs-verity files.  But it's not mandatory to use that.




[Index of Archives]     [Linux Filesystem Development]     [Linux USB Development]     [Linux Media Development]     [Video for Linux]     [Linux NILFS]     [Linux Audio Users]     [Yosemite Info]     [Linux SCSI]

  Powered by Linux