Re: [Linux-ima-user] [RFC] EVM: system independent signatures, non-modifiable signatures

SourceForge Headquarters 1320 Columbia Street Suite 310 San Diego, CA 92101 +1 (858) 422-6466

On Thu, 2014-12-04 at 17:02 +0200, Dmitry Kasatkin wrote: 
> On 04/12/14 15:52, Mimi Zohar wrote:

> > System images would now have a combination of existing "normal" and new
> > non-modifiable signatures.  For the existing "normal", wouldn't the new
> > system independent signature, we discussed above, be desirable?  How
> > would they be included?
> 
> Basically approach is to have 3 types of signatures
> 
> 1. Normal (sig), system dependent, which includes i_no, fsuuid. They are
> converted to HMAC. They are set during image creation..
> 
> 2. System independent signatures (si-sig). They are set at runtime from
> packages and included to the hmac calculation.
> 
> 3. Normal, system dependent, but not convertible. They also include
> i_no, fsuui, etc... They are set during image creation..
> 
> 
> I think there is no need for combination: normal+si-sig
> 
> What do you think?

Agreed, but on flashed systems, everything is signed.  Some will now
have the non-modifiable signature, but others won't.  Those that have
the original "normal" signature will be converted to an HMAC.  Without
storing the si-sig somewhere, it won't be available to append to the
HMAC.  So, perhaps we do need the si-sig as a separate xattr after all.

Mimi