Menu
▾
▴
Re: [Linux-ima-user] [RFC] EVM: system independent signatures, non-modifiable signatures
|
From: Dmitry K. <d.k...@sa...> - 2014-12-05 10:11:08
|
On 04/12/14 18:43, Mimi Zohar wrote: > On Thu, 2014-12-04 at 17:02 +0200, Dmitry Kasatkin wrote: >> On 04/12/14 15:52, Mimi Zohar wrote: >>> System images would now have a combination of existing "normal" and new >>> non-modifiable signatures. For the existing "normal", wouldn't the new >>> system independent signature, we discussed above, be desirable? How >>> would they be included? >> Basically approach is to have 3 types of signatures >> >> 1. Normal (sig), system dependent, which includes i_no, fsuuid. They are >> converted to HMAC. They are set during image creation.. >> >> 2. System independent signatures (si-sig). They are set at runtime from >> packages and included to the hmac calculation. >> >> 3. Normal, system dependent, but not convertible. They also include >> i_no, fsuui, etc... They are set during image creation.. >> >> >> I think there is no need for combination: normal+si-sig >> >> What do you think? > Agreed, but on flashed systems, everything is signed. Some will now > have the non-modifiable signature, but others won't. Those that have > the original "normal" signature will be converted to an HMAC. Without > storing the si-sig somewhere, it won't be available to append to the > HMAC. So, perhaps we do need the si-sig as a separate xattr after all. > > Mimi > > I do not understand you a bit. Yes some will have signatures which will be replaced with hmac, but some not... For those which replaced with hmac, signature will be gone... For those which will not be replaced by hmac, signature will stay. There is nothing to append anywhere and store anywhere... - Dmitry |
