Re: [Linux-ima-user] Initramfs and IMA Appraisal

SourceForge Headquarters 1320 Columbia Street Suite 310 San Diego, CA 92101 +1 (858) 422-6466

On Mon, 2014-12-29 at 18:25 -0800, David Lang wrote: 
> On Mon, 29 Dec 2014, Mimi Zohar wrote:
> 
> > Thanks Rob for the explanation.  The problem is that ramfs does not
> > support extended attributes, while tmpfs does.  The boot loader could
> > "measure" (trusted boot) the initramfs, but as the initramfs is
> > generated on the target system, the initramfs is not signed, preventing
> > it from being appraised (secure Boot). To close the initramfs integrity
> > appraisal gap requires verifying the individual initramfs file
> > signatures, which are stored as extended attributes.
> 
> what's the point of checking the files on the filesystem against signatures 
> stored on the same filesystem? If someone could alter the file contents they can 
> alter the signatures as well.

It's all about limiting which public keys can be used to verify the file
signatures.  As of 3.17, only keys signed by a "trusted" key on the
system keyring may be added to the IMA keyring.

Mimi 