Re: [Linux-ima-user] Reliability of IMA/EVM against power failure

SourceForge Headquarters 1320 Columbia Street Suite 310 San Diego, CA 92101 +1 (858) 422-6466

On Thu, 2014-02-27 at 16:46 +0000, Lipinski, MarekX wrote:
> Hi,
> 
> I was wondering what are the possible problems for the IMA
> appraise/EVM-enabled system in case of sudden power failure or system
> crash.
> 
> Is it possible that we end up having a new content written to the file
> and IMA or EVM hash not correctly updated causing Permission denied
> after reboot?
> Assuming file system integrity is ok or it was fixed by the fsck.

Right, any new or modified file would need to be relabeled, if the file
wasn't closed properly.  Currently, fixing the 'security.evm' xattr
requires loading the EVM key and booting in fix mode.  This would land
up fixing all problems.  I'm thinking we probably want something in
between fixing everything to fixing specific files.

Mimi