Menu
▾
▴
Re: [Linux-ima-user] Initramfs and IMA Appraisal
|
From: Dmitry K. <d.k...@sa...> - 2014-12-04 08:34:08
|
On 04/12/14 00:56, Mimi Zohar wrote: > On Wed, 2014-12-03 at 23:44 +0200, Dmitry Kasatkin wrote: >>>> But there may be a different solution for this. >>>> Leave security.evm with HMAC functioning as it is and add new >>> extended >>>> attribute security.evmsig >>>> which will protect attrs and xattrs additionally with signatures. >>> Let's think about this some. >> Actually new xattr type can be used which includes both hmac and >> signature to avoid using additional xattr. > > Having both the HMAC, which includes the i_ino and i_version, and a > system independent signature type (based on a subset of the HMAC fields) > in a single xattr is a performance improvement. We would still need a > new type containing just the system independent signature, which could > be included in software packages and archives. > > Mimi > Ok. My "immutable"/non-hmac-convertible signature is your term "system independent signature". Let's further use this term. Yes, system independent signatures will come from packages and archives. evm_inode_post_setxattr() hook can be changed so that setting it to xattr at runtime would append it to HMAC xattr or recalculate HMAC if we want to include signature to HMAC. In such case we do not need "system-independent-only" type. When we deal with the labeling of the file system image, we could also have normal EVM signature which include i_no, etc, like we have now, but non-replacable with hmac. - Dmitry |
