Menu
▾
▴
Re: [Linux-ima-user] [RFC] EVM: system independent signatures, non-modifiable signatures
|
From: Mimi Z. <zo...@li...> - 2014-12-05 15:30:55
|
On Fri, 2014-12-05 at 12:09 +0200, Dmitry Kasatkin wrote: > On 04/12/14 18:43, Mimi Zohar wrote: > > On Thu, 2014-12-04 at 17:02 +0200, Dmitry Kasatkin wrote: > >> On 04/12/14 15:52, Mimi Zohar wrote: > >>> System images would now have a combination of existing "normal" and new > >>> non-modifiable signatures. For the existing "normal", wouldn't the new > >>> system independent signature, we discussed above, be desirable? How > >>> would they be included? > >> Basically approach is to have 3 types of signatures > >> > >> 1. Normal (sig), system dependent, which includes i_no, fsuuid. They are > >> converted to HMAC. They are set during image creation.. > >> > >> 2. System independent signatures (si-sig). They are set at runtime from > >> packages and included to the hmac calculation. > >> > >> 3. Normal, system dependent, but not convertible. They also include > >> i_no, fsuui, etc... They are set during image creation.. > >> > >> > >> I think there is no need for combination: normal+si-sig > >> > >> What do you think? > > Agreed, but on flashed systems, everything is signed. Some will now > > have the non-modifiable signature, but others won't. Those that have > > the original "normal" signature will be converted to an HMAC. Without > > storing the si-sig somewhere, it won't be available to append to the > > HMAC. So, perhaps we do need the si-sig as a separate xattr after all. > > > > Mimi > > > > > > I do not understand you a bit. > > Yes some will have signatures which will be replaced with hmac, but some > not... > > For those which replaced with hmac, signature will be gone... Right, but there might be some benefit to protect other metadata for mutable files. Mimi > For those which will not be replaced by hmac, signature will stay. > > There is nothing to append anywhere and store anywhere... > > - Dmitry |
