Re: [Linux-ima-user] Deadlock after enabling EVM in fix mode

SourceForge Headquarters 1320 Columbia Street Suite 310 San Diego, CA 92101 +1 (858) 422-6466

Hi Marek,

Sorry, I can't seem to reproduce this problem. I have EVM, IMA,
IMA-appraisal, and encrypted-keys enabled (builtin), but not
trusted-keys.

Assuming modprobe is signed, not hashed, have you loaded the public keys
on the _ima and _evm keyrings, before enabling EVM?  The public keys
should be included in the initramfs.  Lastly, which kernel are you
using?

thanks,

Mimi

On Mon, 2014-02-10 at 11:07 +0200, Dmitry Kasatkin wrote:
> Hi,
> 
> Thanks for great help.
> We will fix it.
> 
> - Dmitry
> 
> On 07/02/14 17:37, Lipinski, MarekX wrote:
> > I found out I had CONFIG_TRUSTED_KEYS not set (as I do not have TPM in my box). 
> > I enabled trusted keys in the configuration. Now once init is reached hmac(sha1) is already registered and EVM works fine, no deadlock anymore. 
> > I guess either EVM support should depend on TRUSTED_KEYS, or the registration of hmac(sha1) should be enforced before enabing EVM. 
> >
> > Regards, 
> > Marek